On Wed, Dec 05, 2018 at 02:57:08PM -0800, Kees Cook wrote:
On Wed, Dec 5, 2018 at 1:41 AM Sasha Levin sashal@kernel.org wrote:
From: Kees Cook keescook@chromium.org
[ Upstream commit 89d328f637b9904b6d4c9af73c8a608b8dd4d6f8 ]
The actual number of bytes stored in a PRZ is smaller than the bytes requested by platform data, since there is a header on each PRZ. Additionally, if ECC is enabled, there are trailing bytes used as well. Normally this mismatch doesn't matter since PRZs are circular buffers and the leading "overflow" bytes are just thrown away. However, in the case of a compressed record, this rather badly corrupts the results.
This corruption was visible with "ramoops.mem_size=204800 ramoops.ecc=1". Any stored crashes would not be uncompressable (producing a pstorefs "dmesg-*.enc.z" file), and triggering errors at boot:
[ 2.790759] pstore: crypto_comp_decompress failed, ret = -22!
Backporting this depends on commit 70ad35db3321 ("pstore: Convert console write to use ->write_buf")
Please note the above. If this gets backported, this one is needed too.
Okay, I've added 70ad35db3321 for 4.9, 4.4, and 3.18.
-- Thanks, Sasha