This is a note to let you know that I've just added the patch titled
pstore: Correctly initialize spinlock and flags
to the 4.4-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
pstore-correctly-initialize-spinlock-and-flags.patch
and it can be found in the queue-4.4 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
>From 76d5692a58031696e282384cbd893832bc92bd76 Mon Sep 17 00:00:00 2001
From: Kees Cook <keescook@xxxxxxxxxxxx>
Date: Thu, 9 Feb 2017 15:43:44 -0800
Subject: pstore: Correctly initialize spinlock and flags
From: Kees Cook <keescook@xxxxxxxxxxxx>
commit 76d5692a58031696e282384cbd893832bc92bd76 upstream.
The ram backend wasn't always initializing its spinlock correctly. Since
it was coming from kzalloc memory, though, it was harmless on
architectures that initialize unlocked spinlocks to 0 (at least x86 and
ARM). This also fixes a possibly ignored flag setting too.
When running under CONFIG_DEBUG_SPINLOCK, the following Oops was visible:
[ 0.760836] persistent_ram: found existing buffer, size 29988, start 29988
[ 0.765112] persistent_ram: found existing buffer, size 30105, start 30105
[ 0.769435] persistent_ram: found existing buffer, size 118542, start 118542
[ 0.785960] persistent_ram: found existing buffer, size 0, start 0
[ 0.786098] persistent_ram: found existing buffer, size 0, start 0
[ 0.786131] pstore: using zlib compression
[ 0.790716] BUG: spinlock bad magic on CPU#0, swapper/0/1
[ 0.790729] lock: 0xffffffc0d1ca9bb0, .magic: 00000000, .owner: <none>/-1, .owner_cpu: 0
[ 0.790742] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 4.10.0-rc2+ #913
[ 0.790747] Hardware name: Google Kevin (DT)
[ 0.790750] Call trace:
[ 0.790768] [<ffffff900808ae88>] dump_backtrace+0x0/0x2bc
[ 0.790780] [<ffffff900808b164>] show_stack+0x20/0x28
[ 0.790794] [<ffffff9008460ee0>] dump_stack+0xa4/0xcc
[ 0.790809] [<ffffff9008113cfc>] spin_dump+0xe0/0xf0
[ 0.790821] [<ffffff9008113d3c>] spin_bug+0x30/0x3c
[ 0.790834] [<ffffff9008113e28>] do_raw_spin_lock+0x50/0x1b8
[ 0.790846] [<ffffff9008a2d2ec>] _raw_spin_lock_irqsave+0x54/0x6c
[ 0.790862] [<ffffff90083ac3b4>] buffer_size_add+0x48/0xcc
[ 0.790875] [<ffffff90083acb34>] persistent_ram_write+0x60/0x11c
[ 0.790888] [<ffffff90083aab1c>] ramoops_pstore_write_buf+0xd4/0x2a4
[ 0.790900] [<ffffff90083a9d3c>] pstore_console_write+0xf0/0x134
[ 0.790912] [<ffffff900811c304>] console_unlock+0x48c/0x5e8
[ 0.790923] [<ffffff900811da18>] register_console+0x3b0/0x4d4
[ 0.790935] [<ffffff90083aa7d0>] pstore_register+0x1a8/0x234
[ 0.790947] [<ffffff90083ac250>] ramoops_probe+0x6b8/0x7d4
[ 0.790961] [<ffffff90085ca548>] platform_drv_probe+0x7c/0xd0
[ 0.790972] [<ffffff90085c76ac>] driver_probe_device+0x1b4/0x3bc
[ 0.790982] [<ffffff90085c7ac8>] __device_attach_driver+0xc8/0xf4
[ 0.790996] [<ffffff90085c4bfc>] bus_for_each_drv+0xb4/0xe4
[ 0.791006] [<ffffff90085c7414>] __device_attach+0xd0/0x158
[ 0.791016] [<ffffff90085c7b18>] device_initial_probe+0x24/0x30
[ 0.791026] [<ffffff90085c648c>] bus_probe_device+0x50/0xe4
[ 0.791038] [<ffffff90085c35b8>] device_add+0x3a4/0x76c
[ 0.791051] [<ffffff90087d0e84>] of_device_add+0x74/0x84
[ 0.791062] [<ffffff90087d19b8>] of_platform_device_create_pdata+0xc0/0x100
[ 0.791073] [<ffffff90087d1a2c>] of_platform_device_create+0x34/0x40
[ 0.791086] [<ffffff900903c910>] of_platform_default_populate_init+0x58/0x78
[ 0.791097] [<ffffff90080831fc>] do_one_initcall+0x88/0x160
[ 0.791109] [<ffffff90090010ac>] kernel_init_freeable+0x264/0x31c
[ 0.791123] [<ffffff9008a25bd0>] kernel_init+0x18/0x11c
[ 0.791133] [<ffffff9008082ec0>] ret_from_fork+0x10/0x50
[ 0.793717] console [pstore-1] enabled
[ 0.797845] pstore: Registered ramoops as persistent store backend
[ 0.804647] ramoops: attached 0x100000@0xf7edc000, ecc: 0/0
Fixes: 663deb47880f ("pstore: Allow prz to control need for locking")
Fixes: 109704492ef6 ("pstore: Make spinlock per zone instead of global")
Reported-by: Brian Norris <briannorris@xxxxxxxxxxxx>
Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
fs/pstore/ram_core.c | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
--- a/fs/pstore/ram_core.c
+++ b/fs/pstore/ram_core.c
@@ -424,8 +424,7 @@ static int persistent_ram_buffer_map(phy
}
static int persistent_ram_post_init(struct persistent_ram_zone *prz, u32 sig,
- struct persistent_ram_ecc_info *ecc_info,
- unsigned long flags)
+ struct persistent_ram_ecc_info *ecc_info)
{
int ret;
@@ -451,10 +450,9 @@ static int persistent_ram_post_init(stru
prz->buffer->sig);
}
+ /* Rewind missing or invalid memory area. */
prz->buffer->sig = sig;
persistent_ram_zap(prz);
- prz->buffer_lock = __RAW_SPIN_LOCK_UNLOCKED(buffer_lock);
- prz->flags = flags;
return 0;
}
@@ -490,11 +488,15 @@ struct persistent_ram_zone *persistent_r
goto err;
}
+ /* Initialize general buffer state. */
+ prz->buffer_lock = __RAW_SPIN_LOCK_UNLOCKED(buffer_lock);
+ prz->flags = flags;
+
ret = persistent_ram_buffer_map(start, size, prz, memtype);
if (ret)
goto err;
- ret = persistent_ram_post_init(prz, sig, ecc_info, flags);
+ ret = persistent_ram_post_init(prz, sig, ecc_info);
if (ret)
goto err;
Patches currently in stable-queue which might be from keescook@xxxxxxxxxxxx are
queue-4.4/pstore-make-spinlock-per-zone-instead-of-global.patch
queue-4.4/pstore-correctly-initialize-spinlock-and-flags.patch
queue-4.4/pstore-allow-prz-to-control-need-for-locking.patch
queue-4.4/isdn-i4l-fix-buffer-overflow.patch
queue-4.4/pstore-use-dynamic-spinlock-initializer.patch