[GIT PULL] printk urgent fix for 5.11-rc6

[Petr Mladek]

Linus,

please pull an urgent fixup from

  git://git.kernel.org/pub/scm/linux/kernel/git/printk/linux.git tags/printk-for-5.11-urgent-fixup

===============================

- Prevent writing the trailing '\0' past the reader buffer.

===============================

The fix of a potential buffer overflow in 5.11-rc5 introduced another one.
The trailing '\0' might be written up to the message "len" past the buffer.
Fortunately, it is not that easy to hit[*].

Most readers use 1kB buffers for a single message. Typical messages fit into
the temporary buffer with enough reserve.

Also readers do not rely on the '\0'. It is related to the previous
fix. Some readers required the space for the trailing '\0'. We decided
to write it there to avoid such regressions in the future.

The most realistic victims are message dumpers using kmsg_dump_get_buffer().
They are filling the entire buffer with as many messages as possible. They
are typically used when handling panic().

The problem has been reported twice by a test suite and a robot:
https://lore.kernel.org/r/yt9dk0s48y70.fsf@xxxxxxxxxxxxx
https://lore.kernel.org/r/000000000000bc67d205b9b8feb2@xxxxxxxxxx

[*] This is not an excuse for such a mistake. We really should have caught
    it during development,review, or testing.

----------------------------------------------------------------
John Ogness (1):
      printk: fix string termination for record_print_text()

Petr Mladek (1):
      Merge branch 'printk-rework' into for-linus

 kernel/printk/printk.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)