On Wed 2020-10-14 19:50:54, Petr Mladek wrote:
data_realloc() returns wrong data pointer when the block is wrapped and the size is not increased. It might happen when pr_cont() wants to add only few characters and there is already a space for them because of alignment.
It might cause writing outsite the buffer. It has been detected by LTP tests with KASAN enabled:
Link: https://lore.kernel.org/r/CA+G9fYt46oC7-BKryNDaaXPJ9GztvS2cs_7GjYRjanRi4+ryC... Fixes: 4cfc7258f876a7feba673ac ("printk: ringbuffer: add finalization/extension support") Reported-by: Naresh Kamboju naresh.kamboju@linaro.org Signed-off-by: Petr Mladek pmladek@suse.com
The patch is committed into printk/linux.git, branch for-5.10-fixup.
I am going to send a pull request with it tomorrow unless something happens in the meantime.
Best Regards, Petr