[PATCH for-4.10] pstore: don't OOPS when there are no ftrace zones

[PATCH for-4.10] pstore: don't OOPS when there are no ftrace zones

[Brian Norris]

We'll OOPS in ramoops_get_next_prz() if the platform didn't ask for any
ftrace zones (i.e., cxt->fprzs will be NULL). Let's just skip this
entire FTRACE section if there's no 'fprzs'.

Regression seen on a coreboot/depthcharge-based Chromebook.

Fixes: 2fbea82bbb89 ("pstore: Merge per-CPU ftrace records into one")
Cc: Joel Fernandes <joelaf@google.com>
Cc: Kees Cook <keescook@chromium.org>
Signed-off-by: Brian Norris <briannorris@chromium.org>
---
Sorry for the late notice, but I just booted 4.10 on a Chromebook. This also
may not be the "perfect" fix, but it's what I scrounged up in 5 minutes today.

 fs/pstore/ram.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs/pstore/ram.c b/fs/pstore/ram.c
index 27c059e1760a..1d887efaaf71 100644
--- a/fs/pstore/ram.c
+++ b/fs/pstore/ram.c
@@ -280,7 +280,7 @@ static ssize_t ramoops_pstore_read(u64 *id, enum pstore_type_id *type,
 					   1, id, type, PSTORE_TYPE_PMSG, 0);
 
 	/* ftrace is last since it may want to dynamically allocate memory. */
-	if (!prz_ok(prz)) {
+	if (!prz_ok(prz) && cxt->fprzs) {
 		if (!(cxt->flags & RAMOOPS_FLAG_FTRACE_PER_CPU)) {
 			prz = ramoops_get_next_prz(cxt->fprzs,
 					&cxt->ftrace_read_cnt, 1, id, type,
-- 
2.11.0.483.g087da7b7c-goog

Re: [PATCH for-4.10] pstore: don't OOPS when there are no ftrace zones

[Kees Cook]

On Wed, Feb 8, 2017 at 10:44 PM, Brian Norris <briannorris@chromium.org> wrote:
> We'll OOPS in ramoops_get_next_prz() if the platform didn't ask for any
> ftrace zones (i.e., cxt->fprzs will be NULL). Let's just skip this
> entire FTRACE section if there's no 'fprzs'.
>
> Regression seen on a coreboot/depthcharge-based Chromebook.
>
> Fixes: 2fbea82bbb89 ("pstore: Merge per-CPU ftrace records into one")
> Cc: Joel Fernandes <joelaf@google.com>
> Cc: Kees Cook <keescook@chromium.org>
> Signed-off-by: Brian Norris <briannorris@chromium.org>
> ---
> Sorry for the late notice, but I just booted 4.10 on a Chromebook. This also
> may not be the "perfect" fix, but it's what I scrounged up in 5 minutes today.

Eek! Thank you for catching this. I'll send to Linus for -rc8 (or
final?). If it's too late we'll get it in via -stable.

Thanks!

-Kees

>
>  fs/pstore/ram.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/fs/pstore/ram.c b/fs/pstore/ram.c
> index 27c059e1760a..1d887efaaf71 100644
> --- a/fs/pstore/ram.c
> +++ b/fs/pstore/ram.c
> @@ -280,7 +280,7 @@ static ssize_t ramoops_pstore_read(u64 *id, enum pstore_type_id *type,
>                                            1, id, type, PSTORE_TYPE_PMSG, 0);
>
>         /* ftrace is last since it may want to dynamically allocate memory. */
> -       if (!prz_ok(prz)) {
> +       if (!prz_ok(prz) && cxt->fprzs) {
>                 if (!(cxt->flags & RAMOOPS_FLAG_FTRACE_PER_CPU)) {
>                         prz = ramoops_get_next_prz(cxt->fprzs,
>                                         &cxt->ftrace_read_cnt, 1, id, type,
> --
> 2.11.0.483.g087da7b7c-goog
>



-- 
Kees Cook
Pixel Security

[PATCH] pstore: unconditionally initialize spinlock and flags

[Brian Norris]

We check to see if a buffer is already sane-looking, and if it's sane,
we don't wipe it. But that's not an excuse to avoid initializing our
spinlocks or setting our flags. Without this, we might see spinlock
debugging messages like this at boot:

[    0.760836] persistent_ram: found existing buffer, size 29988, start 29988
[    0.765112] persistent_ram: found existing buffer, size 30105, start 30105
[    0.769435] persistent_ram: found existing buffer, size 118542, start 118542
[    0.785960] persistent_ram: found existing buffer, size 0, start 0
[    0.786098] persistent_ram: found existing buffer, size 0, start 0
[    0.786131] pstore: using zlib compression
[    0.790716] BUG: spinlock bad magic on CPU#0, swapper/0/1
[    0.790729]  lock: 0xffffffc0d1ca9bb0, .magic: 00000000, .owner: <none>/-1, .owner_cpu: 0
[    0.790742] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 4.10.0-rc2+ #913
[    0.790747] Hardware name: Google Kevin (DT)
[    0.790750] Call trace:
[    0.790768] [<ffffff900808ae88>] dump_backtrace+0x0/0x2bc
[    0.790780] [<ffffff900808b164>] show_stack+0x20/0x28
[    0.790794] [<ffffff9008460ee0>] dump_stack+0xa4/0xcc
[    0.790809] [<ffffff9008113cfc>] spin_dump+0xe0/0xf0
[    0.790821] [<ffffff9008113d3c>] spin_bug+0x30/0x3c
[    0.790834] [<ffffff9008113e28>] do_raw_spin_lock+0x50/0x1b8
[    0.790846] [<ffffff9008a2d2ec>] _raw_spin_lock_irqsave+0x54/0x6c
[    0.790862] [<ffffff90083ac3b4>] buffer_size_add+0x48/0xcc
[    0.790875] [<ffffff90083acb34>] persistent_ram_write+0x60/0x11c
[    0.790888] [<ffffff90083aab1c>] ramoops_pstore_write_buf+0xd4/0x2a4
[    0.790900] [<ffffff90083a9d3c>] pstore_console_write+0xf0/0x134
[    0.790912] [<ffffff900811c304>] console_unlock+0x48c/0x5e8
[    0.790923] [<ffffff900811da18>] register_console+0x3b0/0x4d4
[    0.790935] [<ffffff90083aa7d0>] pstore_register+0x1a8/0x234
[    0.790947] [<ffffff90083ac250>] ramoops_probe+0x6b8/0x7d4
[    0.790961] [<ffffff90085ca548>] platform_drv_probe+0x7c/0xd0
[    0.790972] [<ffffff90085c76ac>] driver_probe_device+0x1b4/0x3bc
[    0.790982] [<ffffff90085c7ac8>] __device_attach_driver+0xc8/0xf4
[    0.790996] [<ffffff90085c4bfc>] bus_for_each_drv+0xb4/0xe4
[    0.791006] [<ffffff90085c7414>] __device_attach+0xd0/0x158
[    0.791016] [<ffffff90085c7b18>] device_initial_probe+0x24/0x30
[    0.791026] [<ffffff90085c648c>] bus_probe_device+0x50/0xe4
[    0.791038] [<ffffff90085c35b8>] device_add+0x3a4/0x76c
[    0.791051] [<ffffff90087d0e84>] of_device_add+0x74/0x84
[    0.791062] [<ffffff90087d19b8>] of_platform_device_create_pdata+0xc0/0x100
[    0.791073] [<ffffff90087d1a2c>] of_platform_device_create+0x34/0x40
[    0.791086] [<ffffff900903c910>] of_platform_default_populate_init+0x58/0x78
[    0.791097] [<ffffff90080831fc>] do_one_initcall+0x88/0x160
[    0.791109] [<ffffff90090010ac>] kernel_init_freeable+0x264/0x31c
[    0.791123] [<ffffff9008a25bd0>] kernel_init+0x18/0x11c
[    0.791133] [<ffffff9008082ec0>] ret_from_fork+0x10/0x50
[    0.793717] console [pstore-1] enabled
[    0.797845] pstore: Registered ramoops as persistent store backend
[    0.804647] ramoops: attached 0x100000@0xf7edc000, ecc: 0/0

Fixes: 663deb47880f ("pstore: Allow prz to control need for locking")
Fixes: 109704492ef6 ("pstore: Make spinlock per zone instead of global")
Signed-off-by: Brian Norris <briannorris@chromium.org>
---
> > Sorry for the late notice, but I just booted 4.10 on a Chromebook. This also
> > may not be the "perfect" fix, but it's what I scrounged up in 5 minutes today.
> 
> Eek! Thank you for catching this. I'll send to Linus for -rc8 (or
> final?). If it's too late we'll get it in via -stable.

Sorry, there's one more regression... This might be relatively harmless,
since a 0-initialized spinlock is probably OK?


 fs/pstore/ram_core.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/fs/pstore/ram_core.c b/fs/pstore/ram_core.c
index a857338b7dab..db5a32e5080e 100644
--- a/fs/pstore/ram_core.c
+++ b/fs/pstore/ram_core.c
@@ -478,6 +478,9 @@ static int persistent_ram_post_init(struct persistent_ram_zone *prz, u32 sig,
 
 	sig ^= PERSISTENT_RAM_SIG;
 
+	prz->buffer_lock = __RAW_SPIN_LOCK_UNLOCKED(buffer_lock);
+	prz->flags = flags;
+
 	if (prz->buffer->sig == sig) {
 		if (buffer_size(prz) > prz->buffer_size ||
 		    buffer_start(prz) > buffer_size(prz))
@@ -496,8 +499,6 @@ static int persistent_ram_post_init(struct persistent_ram_zone *prz, u32 sig,
 
 	prz->buffer->sig = sig;
 	persistent_ram_zap(prz);
-	prz->buffer_lock = __RAW_SPIN_LOCK_UNLOCKED(buffer_lock);
-	prz->flags = flags;
 
 	return 0;
 }
-- 
2.11.0.483

Re: [PATCH] pstore: unconditionally initialize spinlock and flags

[Kees Cook]

On Thu, Feb 9, 2017 at 3:04 PM, Brian Norris <briannorris@chromium.org> wrote:
> We check to see if a buffer is already sane-looking, and if it's sane,
> we don't wipe it. But that's not an excuse to avoid initializing our
> spinlocks or setting our flags. Without this, we might see spinlock
> debugging messages like this at boot:

Aaaand, now I've added CONFIG_DEBUG_SPINLOCK to all my test builds...
:P Thanks for catching this!

> [    0.760836] persistent_ram: found existing buffer, size 29988, start 29988
> [    0.765112] persistent_ram: found existing buffer, size 30105, start 30105
> [    0.769435] persistent_ram: found existing buffer, size 118542, start 118542
> [    0.785960] persistent_ram: found existing buffer, size 0, start 0
> [    0.786098] persistent_ram: found existing buffer, size 0, start 0
> [    0.786131] pstore: using zlib compression
> [    0.790716] BUG: spinlock bad magic on CPU#0, swapper/0/1
> [    0.790729]  lock: 0xffffffc0d1ca9bb0, .magic: 00000000, .owner: <none>/-1, .owner_cpu: 0
> [    0.790742] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 4.10.0-rc2+ #913
> [    0.790747] Hardware name: Google Kevin (DT)
> [    0.790750] Call trace:
> [    0.790768] [<ffffff900808ae88>] dump_backtrace+0x0/0x2bc
> [    0.790780] [<ffffff900808b164>] show_stack+0x20/0x28
> [    0.790794] [<ffffff9008460ee0>] dump_stack+0xa4/0xcc
> [    0.790809] [<ffffff9008113cfc>] spin_dump+0xe0/0xf0
> [    0.790821] [<ffffff9008113d3c>] spin_bug+0x30/0x3c
> [    0.790834] [<ffffff9008113e28>] do_raw_spin_lock+0x50/0x1b8
> [    0.790846] [<ffffff9008a2d2ec>] _raw_spin_lock_irqsave+0x54/0x6c
> [    0.790862] [<ffffff90083ac3b4>] buffer_size_add+0x48/0xcc
> [    0.790875] [<ffffff90083acb34>] persistent_ram_write+0x60/0x11c
> [    0.790888] [<ffffff90083aab1c>] ramoops_pstore_write_buf+0xd4/0x2a4
> [    0.790900] [<ffffff90083a9d3c>] pstore_console_write+0xf0/0x134
> [    0.790912] [<ffffff900811c304>] console_unlock+0x48c/0x5e8
> [    0.790923] [<ffffff900811da18>] register_console+0x3b0/0x4d4
> [    0.790935] [<ffffff90083aa7d0>] pstore_register+0x1a8/0x234
> [    0.790947] [<ffffff90083ac250>] ramoops_probe+0x6b8/0x7d4
> [    0.790961] [<ffffff90085ca548>] platform_drv_probe+0x7c/0xd0
> [    0.790972] [<ffffff90085c76ac>] driver_probe_device+0x1b4/0x3bc
> [    0.790982] [<ffffff90085c7ac8>] __device_attach_driver+0xc8/0xf4
> [    0.790996] [<ffffff90085c4bfc>] bus_for_each_drv+0xb4/0xe4
> [    0.791006] [<ffffff90085c7414>] __device_attach+0xd0/0x158
> [    0.791016] [<ffffff90085c7b18>] device_initial_probe+0x24/0x30
> [    0.791026] [<ffffff90085c648c>] bus_probe_device+0x50/0xe4
> [    0.791038] [<ffffff90085c35b8>] device_add+0x3a4/0x76c
> [    0.791051] [<ffffff90087d0e84>] of_device_add+0x74/0x84
> [    0.791062] [<ffffff90087d19b8>] of_platform_device_create_pdata+0xc0/0x100
> [    0.791073] [<ffffff90087d1a2c>] of_platform_device_create+0x34/0x40
> [    0.791086] [<ffffff900903c910>] of_platform_default_populate_init+0x58/0x78
> [    0.791097] [<ffffff90080831fc>] do_one_initcall+0x88/0x160
> [    0.791109] [<ffffff90090010ac>] kernel_init_freeable+0x264/0x31c
> [    0.791123] [<ffffff9008a25bd0>] kernel_init+0x18/0x11c
> [    0.791133] [<ffffff9008082ec0>] ret_from_fork+0x10/0x50
> [    0.793717] console [pstore-1] enabled
> [    0.797845] pstore: Registered ramoops as persistent store backend
> [    0.804647] ramoops: attached 0x100000@0xf7edc000, ecc: 0/0
>
> Fixes: 663deb47880f ("pstore: Allow prz to control need for locking")
> Fixes: 109704492ef6 ("pstore: Make spinlock per zone instead of global")
> Signed-off-by: Brian Norris <briannorris@chromium.org>
> ---
>> > Sorry for the late notice, but I just booted 4.10 on a Chromebook. This also
>> > may not be the "perfect" fix, but it's what I scrounged up in 5 minutes today.
>>
>> Eek! Thank you for catching this. I'll send to Linus for -rc8 (or
>> final?). If it's too late we'll get it in via -stable.
>
> Sorry, there's one more regression... This might be relatively harmless,
> since a 0-initialized spinlock is probably OK?

Yeah, I checked that at least x86 and ARM's unlocked spinlock
initializer is 0, so this is fix isn't critical, but it may cause
issues with the flags setting. I've rearranged the solution a bit, and
I'll get it into my -next tree. Thanks again!

-Kees

-- 
Kees Cook
Pixel Security