On Wed, Dec 05, 2018 at 02:57:08PM -0800, Kees Cook wrote:
On Wed, Dec 5, 2018 at 1:41 AM Sasha Levin <sashal@xxxxxxxxxx> wrote:
From: Kees Cook <keescook@xxxxxxxxxxxx>
[ Upstream commit 89d328f637b9904b6d4c9af73c8a608b8dd4d6f8 ]
The actual number of bytes stored in a PRZ is smaller than the
bytes requested by platform data, since there is a header on each
PRZ. Additionally, if ECC is enabled, there are trailing bytes used
as well. Normally this mismatch doesn't matter since PRZs are circular
buffers and the leading "overflow" bytes are just thrown away. However, in
the case of a compressed record, this rather badly corrupts the results.
This corruption was visible with "ramoops.mem_size=204800 ramoops.ecc=1".
Any stored crashes would not be uncompressable (producing a pstorefs
"dmesg-*.enc.z" file), and triggering errors at boot:
[ 2.790759] pstore: crypto_comp_decompress failed, ret = -22!
Backporting this depends on commit 70ad35db3321 ("pstore: Convert console
write to use ->write_buf")
Please note the above. If this gets backported, this one is needed too.
Okay, I've added 70ad35db3321 for 4.9, 4.4, and 3.18.
--
Thanks,
Sasha