Received: by 2002:ac0:98c7:0:0:0:0:0 with SMTP id g7-v6csp2525837imd; Fri, 2 Nov 2018 13:01:00 -0700 (PDT) X-Google-Smtp-Source: AJdET5f4HecYz/AE1jIeeaMNn1HG6qxMblyAVme5xUrTiArGauFmmEdaCXxtO6g5hHGJDyU3/j8X X-Received: by 2002:a17:902:28a2:: with SMTP id f31-v6mr13034050plb.312.1541188860191; Fri, 02 Nov 2018 13:01:00 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1541188860; cv=none; d=google.com; s=arc-20160816; b=FIet4kR4NeYZshaRvaJStnDiZadf2EjC6HVhJY5ynrXfAD4o248U+yNDTxvaVlr+Wm OhqMCB86ykas44WheR4H5zXcx1u4xs73mpXGdoLMcuyg3BBfM/6pZHu+w5T+BjOwZmr2 bILl66ISqvXPRPmxH/nDDcVLayKqUJ5E5Dy79TeKrWL/LvqSC1UNHBEB0C1p1HewGE5Q HuqNeWS+ncPPYnUsBJrWd08q/eBiw10qegBMHNY9SxiOKGhTRIMyhoejoGmJotcIxTw/ djGONfRc0RtgDSKuXogNnllinDXI0nybQDnVewkbJWRip2cX4hnSRGM4ndo8CgtEHjCn HJMQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature; bh=l+lwlO8qAj1L+ygNyyf/Hxrs8p5HctdKaRew6DaO3r8=; b=GJx0LA3yKFx7P74apGNgk0GMJ77Ch82Dg9elWm7Rd1a9cjJSjCDswnZeLzkUkmjLQE ubdUCVKkfiZAgLS5EpDAD0h7muWSKtekqoEZm5a8q3JkGOurCBGr5q/Tw782hKor3c4e /zAjgIsWgu45OjmuxM0IUmDKo36cNpRD8C42Y1tsU43SyVqNwBLkVV5paK/3p4LIikBc a1QQcr3MSvRjNc9RuSYqN7aO4I2WYFHMs91KAHTGEDNVCsuBSitu4m/iQuON9ZvFphut qyUIMKiOm2EvBUrCksZwwKqlNx6MtXycfZloJ/xgz5t1O9NfgJfmKNSSzmJlpyghIhmQ 5qfg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b="ZbuKd/Vq"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id s132-v6si36024198pgs.492.2018.11.02.13.00.45; Fri, 02 Nov 2018 13:01:00 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b="ZbuKd/Vq"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727747AbeKCFIo (ORCPT + 99 others); Sat, 3 Nov 2018 01:08:44 -0400 Received: from mail-yb1-f194.google.com ([209.85.219.194]:43790 "EHLO mail-yb1-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726081AbeKCFIo (ORCPT ); Sat, 3 Nov 2018 01:08:44 -0400 Received: by mail-yb1-f194.google.com with SMTP id g75-v6so1261216yba.10 for ; Fri, 02 Nov 2018 13:00:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=l+lwlO8qAj1L+ygNyyf/Hxrs8p5HctdKaRew6DaO3r8=; b=ZbuKd/VqClYh4i0wY0Lein4Qes8KWRODNEEBfrCiu8qKEiWcm9MkupwDbzJTm3Zgna rKbdgfsKrpMc0ske7FT8kND8B02OxDNkxY3NiZmIuTm/2+3zJ3/GNSBL1lwyU3Fk+pyP KKnLc7ZXc7DilWg/WQ/qoZUJYxkLI4iBLq0p4= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=l+lwlO8qAj1L+ygNyyf/Hxrs8p5HctdKaRew6DaO3r8=; b=aQfrFAm32I9vd3x2JpWrIZoqp3+wNjdaa3lH1FskxUHKPtXGsTPt3k59EmqEA6Ax3x C7ZgCFJ3v3bbQPvbUtbIKeo8TTAMtjxOp4jKBR0FHg5yOhuJU1zZcHWPoJ2KVVTIni0Z rokIszh7Kueru8F6r3oozySKlrly7gn03jQNn+dkl0N79ZD1eFym8ZYqTW0hDMMCpUlG tuNuCtAYJoAtJIYxmaJjjltH70dbk1rbaj74qR8IOwBlqgxN0OQu9yAvDs17eumoRtd5 z7C0eDt9bRO6RuWz6aofErA5FdHCgjxE6Oz0mx58yUGrp2FFPgDUrP70YoQRqwxJO8IV lffQ== X-Gm-Message-State: AGRZ1gL1XHjhO20xshpxlq5A1z0cgl6011mh+BnySlXGB2ty7MmRl05p RnfUX5BJ3mHH9LP+n/7wMEptwESUIO8= X-Received: by 2002:a25:eb11:: with SMTP id d17-v6mr13101994ybs.338.1541188811876; Fri, 02 Nov 2018 13:00:11 -0700 (PDT) Received: from mail-yw1-f51.google.com (mail-yw1-f51.google.com. [209.85.161.51]) by smtp.gmail.com with ESMTPSA id f68-v6sm8915260ywh.60.2018.11.02.13.00.10 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 02 Nov 2018 13:00:10 -0700 (PDT) Received: by mail-yw1-f51.google.com with SMTP id j75-v6so1227719ywj.10 for ; Fri, 02 Nov 2018 13:00:10 -0700 (PDT) X-Received: by 2002:a81:813:: with SMTP id 19-v6mr13176409ywi.168.1541188809749; Fri, 02 Nov 2018 13:00:09 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a25:3990:0:0:0:0:0 with HTTP; Fri, 2 Nov 2018 13:00:08 -0700 (PDT) In-Reply-To: <20181102180111.GA14942@google.com> References: <20181101235200.28584-1-keescook@chromium.org> <20181101235200.28584-9-keescook@chromium.org> <20181102180111.GA14942@google.com> From: Kees Cook Date: Fri, 2 Nov 2018 13:00:08 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH 8/8] pstore/ram: Correctly calculate usable PRZ bytes To: Joel Fernandes Cc: LKML , Anton Vorontsov , Colin Cross , Tony Luck Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Nov 2, 2018 at 11:01 AM, Joel Fernandes wrote: > On Thu, Nov 01, 2018 at 04:52:00PM -0700, Kees Cook wrote: >> The actual number of bytes stored in a PRZ is smaller than the >> bytes requested by platform data, since there is a header on each >> PRZ. Additionally, if ECC is enabled, there are trailing bytes used >> as well. Normally this mismatch doesn't matter since PRZs are circular >> buffers and the leading "overflow" bytes are just thrown away. However, in >> the case of a compressed record, this rather badly corrupts the results. > > Actually this would also mean some data loss for non-compressed records were > also there before, but is now fixed? No, it's what I mentioned in the commit log: only the "tail" of any data was getting stored, which is consistent with the configuration given. The main problem is that ECC bytes weren't part of the calculation the ram backend provided to pstore for pstore to pick the correct amount of bytes to compress. >> This corruption was visible with "ramoops.mem_size=204800 ramoops.ecc=1". >> Any stored crashes would not be uncompressable (producing a pstorefs >> "dmesg-*.enc.z" file), and triggering errors at boot: >> >> [ 2.790759] pstore: crypto_comp_decompress failed, ret = -22! >> >> Reported-by: Joel Fernandes >> Fixes: b0aad7a99c1d ("pstore: Add compression support to pstore") >> Signed-off-by: Kees Cook > > Thanks! > Reviewed-by: Joel Fernandes (Google) Thanks! > Also should this be fixed for other backends or are those good? AFAIR, I saw > this for EFI too. It seemed like the other backends were doing it correctly (e.g. erst removes the header from calculation, etc). I did see that EFI allocates more memory than needed? efi_pstore_info.buf = kmalloc(4096, GFP_KERNEL); if (!efi_pstore_info.buf) return -ENOMEM; efi_pstore_info.bufsize = 1024; efi_pstore_write() does: ret = efivar_entry_set_safe(efi_name, vendor, PSTORE_EFI_ATTRIBUTES, !pstore_cannot_block_path(record->reason), record->size, record->psi->buf); and efivar_entry_set_safe() says: * Returns 0 on success, -ENOSPC if the firmware does not have enough * space for set_variable() to succeed, or a converted EFI status code * if set_variable() fails. So I don't see how this could get truncated. (I'm not saying it didn't... just that I can't see it in an obvious place.) -Kees -- Kees Cook