kmsg_dump_get_buffer() is supposed to select the youngest log messages which fit into the provided buffer. When that function determines the correct start index, by looping and calling msg_print_text() with a NULL buffer, msg_print_text() calculates a length which would allow the youngest log messages to completely fill the provided buffer.
However, when doing the actual printing, an off-by-one error in msg_print_text() leads to that function allowing the provided buffer to only be filled to (size - 1). So if the lengths of the selected youngest log messages happen to precisely fill up the provided buffer, the last log message is not included. For example, with the following two final prints: [ 6.427502] AAAAAAAAAAAAA [ 6.427769] BBBBBBBB12345 A dump of a 64-byte buffer filled by kmsg_dump_get_buffer(), before this patch: 00000000: 3c 30 3e 5b 20 20 20 20 36 2e 35 32 32 31 39 37 <0>[ 6.522197 00000010: 5d 20 41 41 41 41 41 41 41 41 41 41 41 41 41 0a ] AAAAAAAAAAAAA. 00000020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00000030: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ After this patch: 00000000: 3c 30 3e 5b 20 20 20 20 36 2e 34 32 37 35 30 32 <0>[ 6.427502 00000010: 5d 20 41 41 41 41 41 41 41 41 41 41 41 41 41 0a ] AAAAAAAAAAAAA. 00000020: 3c 30 3e 5b 20 20 20 20 36 2e 34 32 37 37 36 39 <0>[ 6.427769 00000030: 5d 20 42 42 42 42 42 42 42 42 31 32 33 34 35 0a ] BBBBBBBB12345. Note that this bug only affects the kmsg dump code. msg_print_text() is also used from the syslog code and console_unlock() but this bug does trigger there since the buffers used there are never filled up completely (since they are only used to print individual lines, and their size is always LOG_LINE_MAX + PREFIX_MAX, and PREFIX_MAX has a value which is larger than the largest possible prefix). Signed-off-by: Vincent Whitchurch <vincent.whitchu...@axis.com> --- I posted this patch two years ago and received no replies. This problem is still present in mainline. https://lore.kernel.org/patchwork/patch/781106/ kernel/printk/printk.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/printk/printk.c b/kernel/printk/printk.c index 1888f6a3b694..7679d779d5cc 100644 --- a/kernel/printk/printk.c +++ b/kernel/printk/printk.c @@ -1318,7 +1318,7 @@ static size_t msg_print_text(const struct printk_log *msg, bool syslog, } if (buf) { - if (prefix_len + text_len + 1 >= size - len) + if (prefix_len + text_len + 1 > size - len) break; memcpy(buf + len, prefix, prefix_len); -- 2.20.0
