| Message ID | 202308281119.10472FC7@keescook |
|---|---|
| State | New |
| Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a59:a7d1:0:b0:3f2:4152:657d with SMTP id p17csp3560423vqm;
Mon, 28 Aug 2023 13:20:18 -0700 (PDT)
X-Google-Smtp-Source:
AGHT+IEob/GxZCzVtA3z1RYQx0yRy0jCCA494JYzl4IrtE/mw5Dp8o8nuXvLhPW8411PekzGW57s
X-Received: by 2002:a17:906:6b92:b0:969:93f2:259a with SMTP id
l18-20020a1709066b9200b0096993f2259amr19310045ejr.73.1693254018306;
Mon, 28 Aug 2023 13:20:18 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1693254018; cv=none;
d=google.com; s=arc-20160816;
b=RKVzh2sHvPBRyihPuQWcqDeWDKXfQ6XKOrZ5OX2J0PIfWeSElHSKsI9ZaTvRPFao43
KtlXqDK99sfjNwnpwO73bYko6BUcs7JSrEMqsRatrKpIARnpqyGTDOg2H+wHCHIVWrzR
wyYmv7jZ7159mDm7exkYL9GqBgp2j9pTUc9Zr/dALsNChitft4n99+N8fsqJRvMOL7+y
HMt5a6uddp8+bdMmMQ+L+UYmzrv+2UXnW2Dr7L01lndyhgLHLRr5fDMOwSbILAkwMNko
ushxn0BTPHCeAyw3gsuiq+qIZTI4t1rf+jt1o6PIyMf3pmTrazjSIwTFx3yYwk9ntR6O
NQ9Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=list-id:precedence:content-disposition:mime-version:message-id
:subject:cc:to:from:date:dkim-signature;
bh=bZXa7XMWyu/hYIBm2X6ctJQB4UDw267+zV3IMjTUdDQ=;
fh=6lKOtN6ECf5O1DsjBr8NmQh+wZinNn2YPdN2u5CpsSc=;
b=W0JNUYy8OiH4XpxohcCy66He3RhM71bYETVHHkEgy8DXpM+zhCduP2w2uaN+ChhrDW
lgQgyXDnYCCnXRLh3wgvISQ0eeYkuQ0KXoyFgkxw3tpQnO+Z+fmdJZQqVaP50GVM8/VK
cvSuGPvdnkM0leB8/85cHdetNKUZaZ5f94oD9fQhoRzcyF9ZFrqB7PtF1v3ewEBHTMmQ
S7+P+Z3YYnPNnFsJzuGP3yDqQqX0f1J6w+k0A3qlphZu4Un/iDVRAiCKgt75p9o8YPy0
0FpxRH4UnkHBUwxtKUPfxGr6GffZJYEnt2WPUN7tjC4/PP3mpkoEzD/ZEWC9e2kaAFg4
quHQ==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@chromium.org header.s=google header.b=n6wmzo4Z;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
by mx.google.com with ESMTP id
i5-20020a1709064ec500b009a1bbce4ea5si4646329ejv.484.2023.08.28.13.19.38;
Mon, 28 Aug 2023 13:20:18 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
dkim=pass header.i=@chromium.org header.s=google header.b=n6wmzo4Z;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S233004AbjH1SVa (ORCPT <rfc822;kiss.andras.p@gmail.com>
+ 99 others); Mon, 28 Aug 2023 14:21:30 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37286 "EHLO
lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S233065AbjH1SV1 (ORCPT
<rfc822;linux-kernel@vger.kernel.org>);
Mon, 28 Aug 2023 14:21:27 -0400
Received: from mail-oi1-x231.google.com (mail-oi1-x231.google.com
[IPv6:2607:f8b0:4864:20::231])
by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9993313D
for <linux-kernel@vger.kernel.org>;
Mon, 28 Aug 2023 11:21:25 -0700 (PDT)
Received: by mail-oi1-x231.google.com with SMTP id
5614622812f47-3a7781225b4so2502687b6e.3
for <linux-kernel@vger.kernel.org>;
Mon, 28 Aug 2023 11:21:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=chromium.org; s=google; t=1693246885; x=1693851685;
h=content-disposition:mime-version:message-id:subject:cc:to:from:date
:from:to:cc:subject:date:message-id:reply-to;
bh=bZXa7XMWyu/hYIBm2X6ctJQB4UDw267+zV3IMjTUdDQ=;
b=n6wmzo4ZACJ3/chjKv3pQN7YiUU761F5DeaLzrEsavmgdv+ZDGcGP7A+kV0frRBlgA
np1YSSCm21Yi5tbwi9i2d1Zm6IkPcbFue8984dSTscHFK9wbUve3cSVermHjPFsTePL0
WWUP/jWDdT5BGfqFOoKrxGv0m0tzEnNqtjoRU=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20221208; t=1693246885; x=1693851685;
h=content-disposition:mime-version:message-id:subject:cc:to:from:date
:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
bh=bZXa7XMWyu/hYIBm2X6ctJQB4UDw267+zV3IMjTUdDQ=;
b=iBkYCokQqsumZwBQjVjYrbqRZA930lhA1kyoyBOx5ipvIke6GSZ2YdxlxO59AFDRyn
ydupoG3Pe0mX0d50uI0/DbYa0lINipczU6GtbdYJg6pKdmovGSVWn+Tc5UGkuE1fziYJ
UCkf4MhDd09o4lPh2xi5OIMKyRoOTMe+9UUraWkWf4tkSdZxn8RXTNixmq1v2OpFBv4z
rvNjA9qQ0fxfGA5ooTaytLNK0wA7osINzAnU2AKQgWlVZNa15uae7dmWAXEgP9nCavRq
TN4r2l1LtEfR5P5d16iRLIiNhJaUSDBIM6Vsfi4/7zlaPZM7S9Afe3kHEbbGQ1pUCibK
ihcw==
X-Gm-Message-State: AOJu0Yxbb+HLgGNrD9tdvt0mfdszcaLz9e0eNqbgNA/kqQ0jczUQCfG7
XHU8BuSnpFZbQNfaKYnfa1YUIQ==
X-Received: by 2002:a05:6808:df4:b0:3a7:2f1d:ea4e with SMTP id
g52-20020a0568080df400b003a72f1dea4emr10248780oic.41.1693246884957;
Mon, 28 Aug 2023 11:21:24 -0700 (PDT)
Received: from www.outflux.net (198-0-35-241-static.hfc.comcastbusiness.net.
[198.0.35.241])
by smtp.gmail.com with ESMTPSA id
i4-20020a63b304000000b0054fe7736ac1sm6995941pgf.76.2023.08.28.11.21.24
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Mon, 28 Aug 2023 11:21:24 -0700 (PDT)
Date: Mon, 28 Aug 2023 11:21:23 -0700
From: Kees Cook <keescook@chromium.org>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: linux-kernel@vger.kernel.org, Ard Biesheuvel <ardb@kernel.org>,
Enlin Mu <enlin.mu@unisoc.com>,
Eric Biggers <ebiggers@google.com>,
"Guilherme G. Piccoli" <gpiccoli@igalia.com>,
Kees Cook <keescook@chromium.org>,
"Matthew Wilcox (Oracle)" <willy@infradead.org>,
Yunlong Xing <yunlong.xing@unisoc.com>,
Yuxiao Zhang <yuxiaozhang@google.com>
Subject: [GIT PULL] pstore updates for v6.6-rc1
Message-ID: <202308281119.10472FC7@keescook>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,
RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_PASS autolearn=ham
autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: INBOX
X-GMAIL-THRID: 1775505525733848087
X-GMAIL-MSGID: 1775505525733848087
|
| Series |
[GIT,PULL] pstore updates for v6.6-rc1
|
|
Pull-request
https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git tags/pstore-v6.6-rc1Message
Kees Cook
Aug. 28, 2023, 6:21 p.m. UTC
Hi Linus,
Please pull these pstore updates for v6.6-rc1. This contains a fair bit
of code _removal_ which is always nice. Changes have been in -next for
most of the development cycle.
Thanks!
-Kees
The following changes since commit fdf0eaf11452d72945af31804e2a1048ee1b574c:
Linux 6.5-rc2 (2023-07-16 15:10:37 -0700)
are available in the Git repository at:
https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git tags/pstore-v6.6-rc1
for you to fetch changes up to af58740d8b06a6a97b7594235a1be11bd6aa37fa:
pstore: Fix kernel-doc warning (2023-08-18 13:27:28 -0700)
----------------------------------------------------------------
pstore updates for v6.6-rc1
- Greatly simplify compression support (Ard Biesheuvel).
- Avoid crashes for corrupted offsets when prz size is 0 (Enlin Mu).
- Expand range of usable record sizes (Yuxiao Zhang).
- Fix kernel-doc warning (Matthew Wilcox).
----------------------------------------------------------------
Ard Biesheuvel (2):
pstore: Remove worst-case compression size logic
pstore: Replace crypto API compression with zlib_deflate library calls
Enlin Mu (1):
pstore/ram: Check start of empty przs during init
Matthew Wilcox (Oracle) (1):
pstore: Fix kernel-doc warning
Yuxiao Zhang (1):
pstore: Support record sizes larger than kmalloc() limit
fs/pstore/Kconfig | 100 ++-------------
fs/pstore/inode.c | 2 +-
fs/pstore/platform.c | 353 +++++++++++++++++----------------------------------
fs/pstore/ram.c | 11 +-
fs/pstore/ram_core.c | 17 ++-
5 files changed, 137 insertions(+), 346 deletions(-)
Comments
On Wed, 30 Aug 2023 at 08:05, Eric Biggers <ebiggers@kernel.org> wrote: > > Hi, > > On Tue, Aug 29, 2023 at 11:43:37PM +0200, Ard Biesheuvel wrote: > > On Tue, 29 Aug 2023 at 20:04, Linus Torvalds > > <torvalds@linux-foundation.org> wrote: > > > > > > On Tue, 29 Aug 2023 at 10:29, Ard Biesheuvel <ardb@kernel.org> wrote: > > > > > > > > This is an oversight on my part. The diff below plugs this into the pstore code > > > > > > Hmm. My reaction is that you should also add the comment about the > > > "Work around a bug in zlib" issue, because this code makes no sense > > > otherwise. > > > > > > > Naturally. But pasting the comment into the email body seemed unnecessary. > > > > > Of course, potentially even better would be to actually move this fix > > > into our copy of zlib. Does the bug / misfeature still exist in > > > upstream zlib? > > > > > > > I have no idea. You are the one sitting on the only [potential] > > reproducer I am aware of, and there is nothing in the git (or prior) > > history that sheds any light on this. Could you copy one of those EFI > > variables to a file and share it so I can try and reproduce this? > > > > > Also, grepping around a bit, I note that btrfs, for example, just does > > > that Z_SYNC_FLUSH, and then checks for Z_OK. None of this Z_STREAM_END > > > stuff. > > > > > > Similarly, going off to the debian code search, I find other code that > > > just accepts either Z_OK or Z_STREAM_END. > > > > > > So what's so magical about how pstore uses zlib? This is just very odd. > > > > > > > AIUI, zlib can be used in raw mode and with a header/footer. Passing > > the wbits parameter as a negative number (!) will switch into raw > > mode. > > > > The btrfs and jffs2 occurrences both default to positive wbits, and > > switch to negative in a very specific case that involves zlib > > internals that I don't understand. crypto/deflate.c implements both > > modes, and pstore always used the raw one in all cases. > > > > The workaround in crypto/deflate.c is documented as being specific to > > the raw mode, which is why it makes sense to at least verify whether > > the same workaround that pstore-deflate was using when doing raw zlib > > through the crypto API is still needed now that it calls zlib > > directly. > > I get the "pstore: zlib_inflate() failed, ret = -5!" messages on my system too, > so I looked into it. What's happening is that the pstore records are coming > from the efi_pstore backend, which has pstore_info::bufsize of 1024 bytes, but > they decompress to more than 1024 bytes. Since pstore now sizes the buffer for > decompressed data to only pstore_info::bufsize, lib/zlib_inflate correctly > returns Z_BUF_ERROR. (BTW, I write "lib/zlib_inflate", not "zlib", since it was > forked from the real zlib 25 years ago. Regardless, the problem isn't there.) > > I think we partially misinterpreted the functions like zbufsize_deflate() that > Ard's patches removed. They seemed to be used only for getting the worst case > compressed size for an uncompressed size of pstore_info::bufsize. Actually, > they were used both for that, *and* for getting the uncompressed size to try to > compress into pstore_info::bufsize. (Which is very weird, as these are two very > different concepts.) > Agreed. The whole point of that worst-case logic is that a given buffer may expand due to compression overhead, so the input should be consumed in chunks of a fixed size N, with the buffer space sized according to worst-case-comp-size(N) (although storing the buffer compressed in that case is also pointless, as we have already established). The existing code seems to do the opposite: it consumes the input in chunks of worst-case-comp-size(N) in order to store it into a buffer of size N. This happens to work because this code only ever operates on ASCII text but it makes no sense whatsoever. Another reason to get rid of this stuff - it is seriously broken. > So I think first we need to decide whether pstore should try to use compression > to fit more than pstore_info::bufsize of data in each pstore record, as opposed > to just shrinking the size of the record actually written. If yes, then this > really needs some more thought than the previous code which seemed to do this by > accident. If no, then the new approach is fine. > Given that only deflate is left now, we can easily bring that back, although I question the utility. However, deflate being the default, this is going to affect many people and so I think bringing it back makes sense on that basis alone, but only on the decompress side. > BTW, what happens if someone was using a non-DEFLATE algorithm and then upgrades > their kernel? Decompression can fail for that too. So maybe pstore just needs > to consider that decompression of pstore records written by an older kernel can > fail -- either due to the algorithm changing or due to the uncompressed size > being too large for the new code -- and silence the error messages accordingly? > How "persistent" do these persistent store records really have to be? This was mentioned in the cover letter: pstore is a last-resort diagnostic facility, and given how pointless all this configurability was, I seriously doubt that the removal of all those algorithms is going to have an impact. In any case, I'll rate limit the error so it doesn't clutter up the logs.