Received: by 2002:ac0:98c7:0:0:0:0:0 with SMTP id g7-v6csp1485381imd; Thu, 1 Nov 2018 16:52:51 -0700 (PDT) X-Google-Smtp-Source: AJdET5cDkXLQ45wv78uzp8wcfEy1XScq8SPeXUCZgA1QLqr2m788QnxYwHvj1HSaZpTVKMgWSxsX X-Received: by 2002:a17:902:50ec:: with SMTP id c41-v6mr9328428plj.176.1541116370984; Thu, 01 Nov 2018 16:52:50 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1541116370; cv=none; d=google.com; s=arc-20160816; b=WupJflhjr92H8GM98AtjJ4oBkToj41pevrxAgdhkP9XyGNRWdIjURL/se+3gpbzgjw KweGRS6FNRxhnurJ/jaGm56Ui5uzljZkmOagX5U8ze89T/eF2LBDAr0fanunoFrTRQmG 8567IdVz6njF2TmPRTxt6xr6yYo3w0CfPuSMv93a79mLBSEwFBzt5c0fbW3IgB1Mc1Lb VKvnn2V/4s9xmkp6H30Rn9Fg6X6aoVqZfo/jHQMzSbBMQN+zfdviaLH7AzjEQ9RTPOlw lXFc+rOxed3CMR8TTwQkA4WwHDDjMvu98ZXmIrakvBrzfmZFRfsxzXDVy1hr8RoHP4NX /t2A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-signature; bh=lrjVa4iTLl9nQXBs4uXosWRG47+s0LvlTKQZsRmWgZU=; b=Dkpz0/KsPL5/vA00eUJVzBODzbHzTi+mEIEVvq6Z3jIM/gXdo9tiw+SrC86JAWaR8r egQ1YYxcJRI7u36W6AQjzMCPCEEc+Fkkc2q96kYkfCxlPBaroxEBk+0JKCeqTqvoozan BeTegJG/OouAWJY9GpkosQprLs7Pm4t4f/nF3oCSGJCSfHTO3HdpDNkzoN9yAUCaAhJ4 n+eJquvvyyJuREefLdZqFsiZ2BFXlVAPL+/E6D4IYZOd2vOqmvqlQe8rHQqQ2Me/SRk4 niUf/D9wEEEnNoO4BL/ZTrrZpb+QaRf/DgE6r1pnZWRxbFwWKBKKtZbX8+BKwZZMSyut p41g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=gvGXcWzu; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id a10-v6si23280808pll.334.2018.11.01.16.52.35; Thu, 01 Nov 2018 16:52:50 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=gvGXcWzu; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728414AbeKBI5U (ORCPT + 99 others); Fri, 2 Nov 2018 04:57:20 -0400 Received: from mail-pg1-f194.google.com ([209.85.215.194]:44555 "EHLO mail-pg1-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728327AbeKBI5T (ORCPT ); Fri, 2 Nov 2018 04:57:19 -0400 Received: by mail-pg1-f194.google.com with SMTP id w3-v6so94854pgs.11 for ; Thu, 01 Nov 2018 16:52:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=lrjVa4iTLl9nQXBs4uXosWRG47+s0LvlTKQZsRmWgZU=; b=gvGXcWzu0Wgd4cp9EC/yrHWfWiRY49LiSR1slTgY++7NUxGMyCxjgmujYMwJjHcRLd L8k9ej3LedPxqAcGRjNVeApUpreJyQWM2N0muoVg4g5hywuqpWiws44wmHSBKtVj3tjI 6KUrJzErjXgnycoOrl+KZoJd2FqlSH2SX5ahU= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=lrjVa4iTLl9nQXBs4uXosWRG47+s0LvlTKQZsRmWgZU=; b=j/ylMHBGOOUA4O1QrW+LMQ/9nzyY4cZ0LQ+PNmiUhqgOlwj6esTuvlOGURFnpacEC7 AKQY7NHWkGziu8kQH6p+JmKSITRRJZUiLOQVCmBiFgSf5snbdn+Z3WwZgK2lYxrdw6zV rZw5R3M4tFCJ/q1NsTf38OTMN+N9H+Rp55Kq5MVtyIlmUxL1/rF1nkoGQ9BKgXilLxb+ BvrOIzSWIiFdV0YwPrc3iqKnbrhhi7ThxeCVQNAjNW/4U87NAdJo7ygSMt9SbVsrpRxs s15I87xDUhAj8MgfULGY54/HrVJJ8BYV8Kn0ZyjBuWaVPnFe5aMkiIpUg+xmaoMdFf9K TTBw== X-Gm-Message-State: AGRZ1gIs2ALdvRl9cUMjueQ/RFzMF4F3stLiU7IJw4q6LTivIayclOF3 WYsHY33jNGMhNaEHTps37M7mgw== X-Received: by 2002:a63:b04f:: with SMTP id z15-v6mr8996113pgo.442.1541116332242; Thu, 01 Nov 2018 16:52:12 -0700 (PDT) Received: from www.outflux.net (173-164-112-133-Oregon.hfc.comcastbusiness.net. [173.164.112.133]) by smtp.gmail.com with ESMTPSA id t4-v6sm36305861pfb.44.2018.11.01.16.52.06 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Thu, 01 Nov 2018 16:52:08 -0700 (PDT) From: Kees Cook To: linux-kernel@vger.kernel.org Cc: Kees Cook , Joel Fernandes , Anton Vorontsov , Colin Cross , Tony Luck Subject: [PATCH 8/8] pstore/ram: Correctly calculate usable PRZ bytes Date: Thu, 1 Nov 2018 16:52:00 -0700 Message-Id: <20181101235200.28584-9-keescook@chromium.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181101235200.28584-1-keescook@chromium.org> References: <20181101235200.28584-1-keescook@chromium.org> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org The actual number of bytes stored in a PRZ is smaller than the bytes requested by platform data, since there is a header on each PRZ. Additionally, if ECC is enabled, there are trailing bytes used as well. Normally this mismatch doesn't matter since PRZs are circular buffers and the leading "overflow" bytes are just thrown away. However, in the case of a compressed record, this rather badly corrupts the results. This corruption was visible with "ramoops.mem_size=204800 ramoops.ecc=1". Any stored crashes would not be uncompressable (producing a pstorefs "dmesg-*.enc.z" file), and triggering errors at boot: [ 2.790759] pstore: crypto_comp_decompress failed, ret = -22! Reported-by: Joel Fernandes Fixes: b0aad7a99c1d ("pstore: Add compression support to pstore") Signed-off-by: Kees Cook --- fs/pstore/ram.c | 15 ++++++--------- include/linux/pstore.h | 5 ++++- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/fs/pstore/ram.c b/fs/pstore/ram.c index 25bede911809..10ac4d23c423 100644 --- a/fs/pstore/ram.c +++ b/fs/pstore/ram.c @@ -814,17 +814,14 @@ static int ramoops_probe(struct platform_device *pdev) cxt->pstore.data = cxt; /* - * Console can handle any buffer size, so prefer LOG_LINE_MAX. If we - * have to handle dumps, we must have at least record_size buffer. And - * for ftrace, bufsize is irrelevant (if bufsize is 0, buf will be - * ZERO_SIZE_PTR). + * Since bufsize is only used for dmesg crash dumps, it + * must match the size of the dprz record (after PRZ header + * and ECC bytes have been accounted for). */ - if (cxt->console_size) - cxt->pstore.bufsize = 1024; /* LOG_LINE_MAX */ - cxt->pstore.bufsize = max(cxt->record_size, cxt->pstore.bufsize); - cxt->pstore.buf = kmalloc(cxt->pstore.bufsize, GFP_KERNEL); + cxt->pstore.bufsize = cxt->dprzs[0]->buffer_size; + cxt->pstore.buf = kzalloc(cxt->pstore.bufsize, GFP_KERNEL); if (!cxt->pstore.buf) { - pr_err("cannot allocate pstore buffer\n"); + pr_err("cannot allocate pstore crash dump buffer\n"); err = -ENOMEM; goto fail_clear; } diff --git a/include/linux/pstore.h b/include/linux/pstore.h index 3549f2ba865c..f46e5df76b58 100644 --- a/include/linux/pstore.h +++ b/include/linux/pstore.h @@ -90,7 +90,10 @@ struct pstore_record { * * @buf_lock: spinlock to serialize access to @buf * @buf: preallocated crash dump buffer - * @bufsize: size of @buf available for crash dump writes + * @bufsize: size of @buf available for crash dump bytes (must match + * smallest number of bytes available for writing to a + * backend entry, since compressed bytes don't take kindly + * to being truncated) * * @read_mutex: serializes @open, @read, @close, and @erase callbacks * @flags: bitfield of frontends the backend can accept writes for -- 2.17.1