From: Kees Cook <keescook@chromium.org>
To: Yunlong Xing <yunlong.xing@unisoc.com>
Cc: tony.luck@intel.com, gpiccoli@igalia.com, joel@joelfernandes.org,
enlin.mu@unisoc.com, linux-hardening@vger.kernel.org,
linux-kernel@vger.kernel.org, enlinmu@gmail.com,
yunlong.xing23@gmail.com
Subject: Re: [PATCH 1/1] pstore/ram: Check member of buffers during the initialization phase of the pstore
Date: Fri, 4 Aug 2023 01:10:21 -0700 [thread overview]
Message-ID: <202308040103.1514A8C3CB@keescook> (raw)
In-Reply-To: <20230801060432.1307717-1-yunlong.xing@unisoc.com>
On Tue, Aug 01, 2023 at 02:04:32PM +0800, Yunlong Xing wrote:
> From: Enlin Mu <enlin.mu@unisoc.com>
>
> The commit 30696378f68a("pstore/ram: Do not treat empty buffers as valid")
> would introduce the following issue:
>
> When finding the buffer_size is zero, it would return directly.However, at
> the same time, if the buffer's start is a illegal value, the others would
> panic if access the buffer.
Which "others" do you mean?
> To avoid these happenning, check if the members are legal during the
> initialization phase of the pstore.
>
> Fixes: 30696378f68a ("pstore/ram: Do not treat empty buffers as valid")
> Cc: stable@vger.kernel.org
> Signed-off-by: Enlin Mu <enlin.mu@unisoc.com>
> ---
> fs/pstore/ram_core.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/fs/pstore/ram_core.c b/fs/pstore/ram_core.c
> index 85aaf0fc6d7d..eb6df190d752 100644
> --- a/fs/pstore/ram_core.c
> +++ b/fs/pstore/ram_core.c
> @@ -519,7 +519,7 @@ static int persistent_ram_post_init(struct persistent_ram_zone *prz, u32 sig,
> sig ^= PERSISTENT_RAM_SIG;
>
> if (prz->buffer->sig == sig) {
> - if (buffer_size(prz) == 0) {
> + if (buffer_size(prz) == 0 && buffer_start(prz) == 0) {
> pr_debug("found existing empty buffer\n");
> return 0;
> }
And in the case of "buffer_size(prz) == 0" but "buffer_start(prz) != 0",
this will be caught by:
if (buffer_size(prz) > prz->buffer_size ||
buffer_start(prz) > buffer_size(prz)) {
pr_info("found existing invalid buffer, size %zu, start %zu\n",
buffer_size(prz), buffer_start(prz));
zap = true;
}
i.e. it will be detected and zapped back to a sane state.
That sounds correct to me, though I wonder if reporting it as an
"invalid buffer" is inaccurate? Perhaps we should have a separate case:
if (buffer_size(prz) == 0) {
if (buffer_start(prz) == 0)
pr_debug("found existing empty buffer\n");
else {
pr_debug("found existing empty buffer with non-zero start\n");
zap = true;
}
} else if ...
What do you think?
--
Kees Cook
next prev parent reply other threads:[~2023-08-04 8:10 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-08-01 6:04 [PATCH 1/1] pstore/ram: Check member of buffers during the initialization phase of the pstore Yunlong Xing
2023-08-02 15:46 ` Guilherme G. Piccoli
2023-08-03 10:43 ` yunlong xing
2023-08-04 8:10 ` Kees Cook [this message]
2023-08-04 8:59 ` yunlong xing
2023-08-04 16:53 ` Kees Cook
2023-08-07 1:33 ` yunlong xing
2023-08-04 17:04 ` Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202308040103.1514A8C3CB@keescook \
--to=keescook@chromium.org \
--cc=enlin.mu@unisoc.com \
--cc=enlinmu@gmail.com \
--cc=gpiccoli@igalia.com \
--cc=joel@joelfernandes.org \
--cc=linux-hardening@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=tony.luck@intel.com \
--cc=yunlong.xing23@gmail.com \
--cc=yunlong.xing@unisoc.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.