[PATCH v1 1/1] pstore/ram: Fix crash when setting number of cpus to an odd number

[PATCH v1 1/1] pstore/ram: Fix crash when setting number of cpus to an odd number

[Weichen Chen]

When the number of cpu cores is adjusted to 7 or other odd numbers,
the zone size will become an odd number.
The address of the zone will become:
    addr of zone0 = BASE
    addr of zone1 = BASE + zone_size
    addr of zone2 = BASE + zone_size*2
    ...
The address of zone1/3/5/7 will be mapped to non-alignment va.
Eventually crashes will occur when accessing these va.

So, use ALIGN_DOWN() to make sure the zone size is even
to avoid this bug.

Signed-off-by: Weichen Chen <weichen.chen@mediatek.com>
---
 fs/pstore/ram.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/fs/pstore/ram.c b/fs/pstore/ram.c
index ade66dbe5f39..fc57ac97e506 100644
--- a/fs/pstore/ram.c
+++ b/fs/pstore/ram.c
@@ -528,6 +528,7 @@ static int ramoops_init_przs(const char *name,
 	}
 
 	zone_sz = mem_sz / *cnt;
+	zone_sz = ALIGN_DOWN(zone_sz, 2);
 	if (!zone_sz) {
 		dev_err(dev, "%s zone size == 0\n", name);
 		goto fail;
-- 
2.18.0

Re: [PATCH v1 1/1] pstore/ram: Fix crash when setting number of cpus to an odd number

[Guilherme G. Piccoli]

On 23/02/2023 23:36, Weichen Chen wrote:
> When the number of cpu cores is adjusted to 7 or other odd numbers,
> the zone size will become an odd number.
> The address of the zone will become:
>     addr of zone0 = BASE
>     addr of zone1 = BASE + zone_size
>     addr of zone2 = BASE + zone_size*2
>     ...
> The address of zone1/3/5/7 will be mapped to non-alignment va.
> Eventually crashes will occur when accessing these va.
> 
> So, use ALIGN_DOWN() to make sure the zone size is even
> to avoid this bug.
> 
> Signed-off-by: Weichen Chen <weichen.chen@mediatek.com>
> ---
>  fs/pstore/ram.c | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/fs/pstore/ram.c b/fs/pstore/ram.c
> index ade66dbe5f39..fc57ac97e506 100644
> --- a/fs/pstore/ram.c
> +++ b/fs/pstore/ram.c
> @@ -528,6 +528,7 @@ static int ramoops_init_przs(const char *name,
>  	}
>  
>  	zone_sz = mem_sz / *cnt;
> +	zone_sz = ALIGN_DOWN(zone_sz, 2);
>  	if (!zone_sz) {
>  		dev_err(dev, "%s zone size == 0\n", name);
>  		goto fail;

Thanks for resending! Feel free to add my:

Tested-by: Guilherme G. Piccoli <gpiccoli@igalia.com>

Cheers,


Guilherme

Re: [PATCH v1 1/1] pstore/ram: Fix crash when setting number of cpus to an odd number

[Matthias Brugger]

On 24/02/2023 05:00, Guilherme G. Piccoli wrote:
> On 23/02/2023 23:36, Weichen Chen wrote:
>> When the number of cpu cores is adjusted to 7 or other odd numbers,
>> the zone size will become an odd number.
>> The address of the zone will become:
>>      addr of zone0 = BASE
>>      addr of zone1 = BASE + zone_size
>>      addr of zone2 = BASE + zone_size*2
>>      ...
>> The address of zone1/3/5/7 will be mapped to non-alignment va.
>> Eventually crashes will occur when accessing these va.
>>
>> So, use ALIGN_DOWN() to make sure the zone size is even
>> to avoid this bug.
>>
>> Signed-off-by: Weichen Chen <weichen.chen@mediatek.com>
>> ---
>>   fs/pstore/ram.c | 1 +
>>   1 file changed, 1 insertion(+)
>>
>> diff --git a/fs/pstore/ram.c b/fs/pstore/ram.c
>> index ade66dbe5f39..fc57ac97e506 100644
>> --- a/fs/pstore/ram.c
>> +++ b/fs/pstore/ram.c
>> @@ -528,6 +528,7 @@ static int ramoops_init_przs(const char *name,
>>   	}
>>   
>>   	zone_sz = mem_sz / *cnt;
>> +	zone_sz = ALIGN_DOWN(zone_sz, 2);
>>   	if (!zone_sz) {
>>   		dev_err(dev, "%s zone size == 0\n", name);
>>   		goto fail;
> 
> Thanks for resending! Feel free to add my:
> 
> Tested-by: Guilherme G. Piccoli <gpiccoli@igalia.com>
> 

Reviewed-by: Matthias Brugger <matthias.bgg@gmail.com>

I gave that yesterday, but Weichen Chen seems to have forgotten about it.

Regards,
Matthias

Re: [PATCH v1 1/1] pstore/ram: Fix crash when setting number of cpus to an odd number

[Miko Larsson]

On Fri, 2023-02-24 at 10:36 +0800, Weichen Chen wrote:
> When the number of cpu cores is adjusted to 7 or other odd numbers,
> the zone size will become an odd number.
> The address of the zone will become:
>     addr of zone0 = BASE
>     addr of zone1 = BASE + zone_size
>     addr of zone2 = BASE + zone_size*2
>     ...
> The address of zone1/3/5/7 will be mapped to non-alignment va.
> Eventually crashes will occur when accessing these va.
> 
> So, use ALIGN_DOWN() to make sure the zone size is even
> to avoid this bug.
> 
> Signed-off-by: Weichen Chen <weichen.chen@mediatek.com>
> ---
>  fs/pstore/ram.c | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/fs/pstore/ram.c b/fs/pstore/ram.c
> index ade66dbe5f39..fc57ac97e506 100644
> --- a/fs/pstore/ram.c
> +++ b/fs/pstore/ram.c
> @@ -528,6 +528,7 @@ static int ramoops_init_przs(const char *name,
>         }
>  
>         zone_sz = mem_sz / *cnt;
> +       zone_sz = ALIGN_DOWN(zone_sz, 2);
>         if (!zone_sz) {
>                 dev_err(dev, "%s zone size == 0\n", name);
>                 goto fail;

Might want to Cc this to the stable mailing list.
-- 
~miko

Re: [PATCH v1 1/1] pstore/ram: Fix crash when setting number of cpus to an odd number

[Kees Cook]

On Fri, 24 Feb 2023 10:36:32 +0800, Weichen Chen wrote:
> When the number of cpu cores is adjusted to 7 or other odd numbers,
> the zone size will become an odd number.
> The address of the zone will become:
>     addr of zone0 = BASE
>     addr of zone1 = BASE + zone_size
>     addr of zone2 = BASE + zone_size*2
>     ...
> The address of zone1/3/5/7 will be mapped to non-alignment va.
> Eventually crashes will occur when accessing these va.
> 
> [...]

Applied to for-next/pstore, thanks!

[1/1] pstore/ram: Fix crash when setting number of cpus to an odd number
      https://git.kernel.org/kees/c/1d49dee6b691

Take care,

-- 
Kees Cook