Received: by 2002:a05:6358:1087:b0:cb:c9d3:cd90 with SMTP id j7csp965433rwi; Fri, 14 Oct 2022 10:53:18 -0700 (PDT) X-Google-Smtp-Source: AMsMyM42DUNEPZ+4gG9WqOeWZEcCAXk/YpJfKN/f2+KD234mfmTLseOtn9UqQ4Wh//H/9PEkv3Ad X-Received: by 2002:a05:6402:34cb:b0:45d:197e:718c with SMTP id w11-20020a05640234cb00b0045d197e718cmr4098332edc.365.1665769998306; Fri, 14 Oct 2022 10:53:18 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1665769998; cv=none; d=google.com; s=arc-20160816; b=aLOMHpHESEcNP9hbS66jrWQ47DwpSBP7LCJ8p0IOzwUNnyUQUxDfkvoQ50H4woMRFf 5VA24bDfgDW75LfzTXu/1Bn+UrAFum0ENbpwWouf5cdaRJNkLDIoeA6jJQKx7K4tcBUm kHLQ5gZstkB0H/jps7URO8KmbRja9mQ6ztafLDJrz0wx64E9hnA5MDZCMOvt0d/DWxPE ac73cdaQPY2eo3+aosPBF62e+MVuZzKA3KiSYpyv+H++Nkc9Sy5wUzyqQjoFXRxfIH6d 6rI2PuiNtTuEXkpBGRPiHZVUTThmHvN0Qts6vn5JZRHAmIf/7vzor6Ck5cLeXogC3qzB wl6Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=2SZjirI6vVJY9sKNEfqT5Dc0rwPH+nmIM479xThjSRE=; b=Qr3sc0YQ7Q2rSq1St0u9kb/JgcKibkHLmw4x9id5ed/bPrT+Wm4gEcmErY4bLT68uX PGyhFbtWvv2ySbAELcZLknmnQn7/ALJP/67Nfm1CUMx+P6XCHTIq0BKd7HQ3F2hXcRWO LjGudJ8RDFUIEJn97DbUiQVwn2mQKnudcyZ/RCiNVGnSeNNcqHlUzqqWuQKpz10LT+Cu HnTbWDni5k6XfckPnrj7+W3a4aatqLIkB+YrAwV5CFP+lrU8eKn2hQGjYpJLlVotZJ0v eNJTN8yScxvgQ+ZcJw89rW5kCG0aBcnfpIguOklXCBQ/ko9HxVzqs7UZLAkNj5pJzuja OKEg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=lBJRxtkC; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id g21-20020a50d0d5000000b0045cfca7e0b3si2539344edf.533.2022.10.14.10.52.52; Fri, 14 Oct 2022 10:53:18 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=lBJRxtkC; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229888AbiJNRnM (ORCPT + 99 others); Fri, 14 Oct 2022 13:43:12 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37518 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230100AbiJNRmh (ORCPT ); Fri, 14 Oct 2022 13:42:37 -0400 Received: from mail-pl1-x62f.google.com (mail-pl1-x62f.google.com [IPv6:2607:f8b0:4864:20::62f]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id AD40A1D29BE for ; Fri, 14 Oct 2022 10:42:36 -0700 (PDT) Received: by mail-pl1-x62f.google.com with SMTP id 10so5453265pli.0 for ; Fri, 14 Oct 2022 10:42:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=2SZjirI6vVJY9sKNEfqT5Dc0rwPH+nmIM479xThjSRE=; b=lBJRxtkCK/EuZxHO3XQKMCpV1v5nQdz3iTgQtPakGL9M7lePJjXkwG8KHaYd4yyBFX ztK1TvSXjGjkRFE17jiS17eYmRAaLKVuGWMpGDh24rhbXTHRzKDBHuutPaG0VGUkJSzY Ui/RBTeBQApRjnUnrFQcwA6UrqPl15Du3+dBI= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=2SZjirI6vVJY9sKNEfqT5Dc0rwPH+nmIM479xThjSRE=; b=qahkfeaKZrbBuucBVd5vNLLQ8whqY1OlqRjyDF+MZjSN8rKj+rDdz1erEYTIiXIUeh 4XtbP7SVruNRsSbC1o7y4ASCSc5jUpDoRSTSczF1GTRjDv4mtYpeivHnAyZmg048Jqvr H3PcbLB3TD5WT5YszQtF/2v77FEd0JU/wKDmsffZye+9Lxvy5dM5ObA1MPZfi3Bl2bab X/pWBwQXJOnNU2iqs0S+L+PPoi6s0cUkHCDQtv2FqbB2IlzCvfa+FVvGDBh6cUboCZlO e/ZJUT+7Qj7wvCrB/a0LP3oaTr4F/qCzxEJLngaB1hxW/ZoZAn9SIjfVwAy5gfK9C0vk B5zw== X-Gm-Message-State: ACrzQf3fg/DRvDtAfS59atAXj7W5hBMpTlol45qLfcmDwCpZrdQQYzwc l7rJQlDnE8mReth4GiXfZVubxg== X-Received: by 2002:a17:90b:4a8f:b0:20d:2f93:3bb with SMTP id lp15-20020a17090b4a8f00b0020d2f9303bbmr18537027pjb.149.1665769356136; Fri, 14 Oct 2022 10:42:36 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id r24-20020aa79638000000b00562eff85594sm2055790pfg.121.2022.10.14.10.42.35 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 14 Oct 2022 10:42:35 -0700 (PDT) Date: Fri, 14 Oct 2022 10:42:34 -0700 From: Kees Cook To: "Guilherme G. Piccoli" Cc: linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-efi@vger.kernel.org, kernel-dev@igalia.com, kernel@gpiccoli.net, anton@enomsg.org, ccross@android.com, tony.luck@intel.com, ardb@kernel.org Subject: Re: [PATCH V2 3/3] efi: pstore: Add module parameter for setting the record size Message-ID: <202210141042.E4689636@keescook> References: <20221013210648.137452-1-gpiccoli@igalia.com> <20221013210648.137452-4-gpiccoli@igalia.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20221013210648.137452-4-gpiccoli@igalia.com> X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Oct 13, 2022 at 06:06:48PM -0300, Guilherme G. Piccoli wrote: > By default, the efi-pstore backend hardcode the UEFI variable size > as 1024 bytes. The historical reasons for that were discussed by > Ard in threads [0][1]: > > "there is some cargo cult from prehistoric EFI times going > on here, it seems. Or maybe just misinterpretation of the maximum > size for the variable *name* vs the variable itself.". > > "OVMF has > OvmfPkg/OvmfPkgX64.dsc: > gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize|0x2000 > OvmfPkg/OvmfPkgX64.dsc: > gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize|0x8400 > > where the first one is without secure boot and the second with secure > boot. Interestingly, the default is > > gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize|0x400 > > so this is probably where this 1k number comes from." > > With that, and since there is not such a limit in the UEFI spec, we > have the confidence to hereby add a module parameter to enable advanced > users to change the UEFI record size for efi-pstore data collection, > this way allowing a much easier reading of the collected log, which is > not scattered anymore among many small files. > > Through empirical analysis we observed that extreme low values (like 8 > bytes) could eventually cause writing issues, so given that and the OVMF > default discussed, we limited the minimum value to 1024 bytes, which also > is still the default. > > [0] https://lore.kernel.org/lkml/CAMj1kXF4UyRMh2Y_KakeNBHvkHhTtavASTAxXinDO1rhPe_wYg@mail.gmail.com/ > [1] https://lore.kernel.org/lkml/CAMj1kXFy-2KddGu+dgebAdU9v2sindxVoiHLWuVhqYw+R=kqng@mail.gmail.com/ > > Cc: Ard Biesheuvel > Signed-off-by: Guilherme G. Piccoli With the var length change recommended by Ard, yeah, looks good to me. :) Thanks! -Kees -- Kees Cook