Received: by 2002:a05:6358:c692:b0:131:369:b2a3 with SMTP id fe18csp5295990rwb;
        Mon, 31 Jul 2023 23:26:55 -0700 (PDT)
X-Google-Smtp-Source: APBJJlE7EwwlRXVjeNgOhLMqYqbqql6r4Zf7blQ+xfR5skwUn1oSVJ94MsA+IiHxuwZeYxJsy0lq
X-Received: by 2002:a17:906:57:b0:99b:d1d8:d74d with SMTP id 23-20020a170906005700b0099bd1d8d74dmr1674775ejg.45.1690871215308;
        Mon, 31 Jul 2023 23:26:55 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1690871215; cv=none;
        d=google.com; s=arc-20160816;
        b=Q5Ht/xSLUGqZpykfTJPZq1MKvd21jstUeArl3/zFEqTAB5nYeGtS24nQOTzl++iWoc
         RsJCKstgC+yIQmYHMxY0d12EbhkjgGvF/7hWeQ0sQduftH176R4EFZG/lR1ebAGGBzbh
         A2b8t6j0ZkbEEVwnkbyk9aPpDBuJaiLHHSviAobSEN93OyzIFAcfRVWc73r3LjuCPxQE
         971BGhj7nFsj6/n+dqcY42MW6gewJn8sLX0ljTvCCw7qtZCSe4fVmBNykZDa4yi7va0A
         qadsHK6uc7T4atJgMqdHGkzc41HSploUBzwkMoAVL9pMzHFReUEHho5hK+a6jTdM6OMU
         Zfsw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :message-id:date:subject:cc:to:from;
        bh=akzuG+fnQZgI9FaY+imUKKv9A7bYudH4FOhSf+Hzhck=;
        fh=cBOtcNbGwGC2F4naKrX9GjpJjITiWHtcmGcV6C0M4S0=;
        b=e89QivgGZ2BXZDk+o9YYpTKTxmFpqaKxNldu49lE5vqmT1H4wdrsn2NVN8v/A4FHAB
         1LnvTVprrrJX6Km4s0+3Rnmuspmp39w1B22krpkkDzZb3CXhWIchngJqh1dJsWJkZ6VL
         usDxmy2Fgs4rhGY1ayXCw0sfm9g9hAPDJ128ntlTtPFF+YjPve5ij0CCXwFX26sG6dIS
         sMqgkQHbVugP11ebwhE21qE63/AoVwHfmqWCeTRWJwynoMSotFL64X0ewocHR8kqAyqa
         Sws0zhE+Tg6JVB0m4iaQGUUGcO8ttpvbq5okraTvbw2atFLdWm+WiMVOCkfdMY/glskJ
         wz0w==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id ga6-20020a170906b84600b0099bcd1f229asi5891521ejb.370.2023.07.31.23.26.31;
        Mon, 31 Jul 2023 23:26:55 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S231284AbjHAGFh (ORCPT <rfc822;antony.sucheston@gmail.com>
        + 99 others); Tue, 1 Aug 2023 02:05:37 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59630 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S231213AbjHAGFf (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 1 Aug 2023 02:05:35 -0400
Received: from SHSQR01.spreadtrum.com (unknown [222.66.158.135])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 46842127;
        Mon, 31 Jul 2023 23:05:32 -0700 (PDT)
Received: from dlp.unisoc.com ([10.29.3.86])
        by SHSQR01.spreadtrum.com with ESMTP id 37164afZ001233;
        Tue, 1 Aug 2023 14:04:36 +0800 (+08)
        (envelope-from Yunlong.Xing@unisoc.com)
Received: from SHDLP.spreadtrum.com (bjmbx02.spreadtrum.com [10.0.64.8])
        by dlp.unisoc.com (SkyGuard) with ESMTPS id 4RFPfR6L1pz2K1r9S;
        Tue,  1 Aug 2023 14:02:55 +0800 (CST)
Received: from tj10379pcu.spreadtrum.com (10.5.32.15) by
 BJMBX02.spreadtrum.com (10.0.64.8) with Microsoft SMTP Server (TLS) id
 15.0.1497.23; Tue, 1 Aug 2023 14:04:33 +0800
From:   Yunlong Xing <yunlong.xing@unisoc.com>
To:     <keescook@chromium.org>, <tony.luck@intel.com>,
        <gpiccoli@igalia.com>, <joel@joelfernandes.org>,
        <enlin.mu@unisoc.com>
CC:     <linux-hardening@vger.kernel.org>, <linux-kernel@vger.kernel.org>,
        <enlinmu@gmail.com>, <yunlong.xing23@gmail.com>
Subject: [PATCH 1/1] pstore/ram: Check member of buffers during the initialization phase of the pstore
Date:   Tue, 1 Aug 2023 14:04:32 +0800
Message-ID: <20230801060432.1307717-1-yunlong.xing@unisoc.com>
X-Mailer: git-send-email 2.25.1
MIME-Version: 1.0
Content-Transfer-Encoding: 7BIT
Content-Type:   text/plain; charset=US-ASCII
X-Originating-IP: [10.5.32.15]
X-ClientProxiedBy: SHCAS03.spreadtrum.com (10.0.1.207) To
 BJMBX02.spreadtrum.com (10.0.64.8)
X-MAIL: SHSQR01.spreadtrum.com 37164afZ001233
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,
        RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE
        autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Enlin Mu <enlin.mu@unisoc.com>

The commit 30696378f68a("pstore/ram: Do not treat empty buffers as valid")
would introduce the following issue:

When finding the buffer_size is zero, it would return directly.However, at
the same time, if the buffer's start is a illegal value, the others would
panic if access the buffer.

To avoid these happenning, check if the members are legal during the
initialization phase of the pstore.

Fixes: 30696378f68a ("pstore/ram: Do not treat empty buffers as valid")
Cc: stable@vger.kernel.org
Signed-off-by: Enlin Mu <enlin.mu@unisoc.com>
---
 fs/pstore/ram_core.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs/pstore/ram_core.c b/fs/pstore/ram_core.c
index 85aaf0fc6d7d..eb6df190d752 100644
--- a/fs/pstore/ram_core.c
+++ b/fs/pstore/ram_core.c
@@ -519,7 +519,7 @@ static int persistent_ram_post_init(struct persistent_ram_zone *prz, u32 sig,
 	sig ^= PERSISTENT_RAM_SIG;
 
 	if (prz->buffer->sig == sig) {
-		if (buffer_size(prz) == 0) {
+		if (buffer_size(prz) == 0 && buffer_start(prz) == 0) {
 			pr_debug("found existing empty buffer\n");
 			return 0;
 		}
-- 
2.25.1