* [PATCH v2] pstore/ram: Validate ECC parameters against Reed-Solomon constraint
@ 2025-06-23 6:28 Naoya Tezuka
2025-06-23 6:51 ` Tzung-Bi Shih
0 siblings, 1 reply; 2+ messages in thread
From: Naoya Tezuka @ 2025-06-23 6:28 UTC (permalink / raw)
To: Kees Cook, Tony Luck, Guilherme G . Piccoli
Cc: Tzung-Bi Shih, linux-hardening, linux-kernel, Naoya Tezuka
The Reed-Solomon library enforces the constraint `n <= 2^m - 1` via a
BUG_ON() [1], where `n` is `block_size + ecc_size` and `m` is `symsize`
for the pstore RAM backend. A driver providing invalid parameters can
trigger this, leading to a kernel panic. For more details on the theory
behind, see [2].
This issue was discovered during developing chromeos_pstore driver.
Link: https://lore.kernel.org/lkml/20250610050458.4014083-1-naoyatezuka@chromium.org/
Add a check to validate this constraint before initializing Reed-Solomon
codec. On failure, return -EINVAL to prevent the panic.
[1] https://elixir.bootlin.com/linux/v6.15/source/lib/reed_solomon/decode_rs.c#L43
[2] https://www.cs.cmu.edu/~guyb/realworld/reedsolomon/reed_solomon_codes.html
Signed-off-by: Naoya Tezuka <naoyatezuka@chromium.org>
---
fs/pstore/ram_core.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/fs/pstore/ram_core.c b/fs/pstore/ram_core.c
index f1848cdd6d34..c7a2ff9c5a6c 100644
--- a/fs/pstore/ram_core.c
+++ b/fs/pstore/ram_core.c
@@ -212,6 +212,14 @@ static int persistent_ram_init_ecc(struct persistent_ram_zone *prz,
return -EINVAL;
}
+ if (prz->ecc_info.block_size + prz->ecc_info.ecc_size >
+ (1 << prz->ecc_info.symsize) - 1) {
+ pr_err("%s: invalid ecc parameters (block_size = %d, ecc_size = %d, symsize = %d\n",
+ __func__, prz->ecc_info.block_size,
+ prz->ecc_info.ecc_size, prz->ecc_info.symsize);
+ return -EINVAL;
+ }
+
prz->buffer_size -= ecc_total;
prz->par_buffer = buffer->data + prz->buffer_size;
prz->par_header = prz->par_buffer +
--
2.50.0.rc2.701.gf1e915cc24-goog
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH v2] pstore/ram: Validate ECC parameters against Reed-Solomon constraint
2025-06-23 6:28 [PATCH v2] pstore/ram: Validate ECC parameters against Reed-Solomon constraint Naoya Tezuka
@ 2025-06-23 6:51 ` Tzung-Bi Shih
0 siblings, 0 replies; 2+ messages in thread
From: Tzung-Bi Shih @ 2025-06-23 6:51 UTC (permalink / raw)
To: Naoya Tezuka
Cc: Kees Cook, Tony Luck, Guilherme G . Piccoli, linux-hardening,
linux-kernel
On Mon, Jun 23, 2025 at 03:28:27PM +0900, Naoya Tezuka wrote:
> The Reed-Solomon library enforces the constraint `n <= 2^m - 1` via a
> BUG_ON() [1], where `n` is `block_size + ecc_size` and `m` is `symsize`
> for the pstore RAM backend. A driver providing invalid parameters can
> trigger this, leading to a kernel panic. For more details on the theory
> behind, see [2].
>
> This issue was discovered during developing chromeos_pstore driver.
> Link: https://lore.kernel.org/lkml/20250610050458.4014083-1-naoyatezuka@chromium.org/
I'd prefer to unify it by using a [3] or at least move the tag to the end of
commit message.
> Add a check to validate this constraint before initializing Reed-Solomon
> codec. On failure, return -EINVAL to prevent the panic.
>
> [1] https://elixir.bootlin.com/linux/v6.15/source/lib/reed_solomon/decode_rs.c#L43
> [2] https://www.cs.cmu.edu/~guyb/realworld/reedsolomon/reed_solomon_codes.html
>
> Signed-off-by: Naoya Tezuka <naoyatezuka@chromium.org>
It should preserve my R-b tag as v2 doesn't change too much. Anyway,
Reviewed-by: Tzung-Bi Shih <tzungbi@kernel.org>
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2025-06-23 6:51 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-06-23 6:28 [PATCH v2] pstore/ram: Validate ECC parameters against Reed-Solomon constraint Naoya Tezuka
2025-06-23 6:51 ` Tzung-Bi Shih
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).