| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 6 May 2020 09:42:15 -0400
From: Pavel Tatashin <pasha.tatashin@...een.com>
To: Kees Cook <keescook@...omium.org>
Cc: James Morris <jmorris@...ei.org>, Sasha Levin <sashal@...nel.org>,
LKML <linux-kernel@...r.kernel.org>,
Petr Mladek <pmladek@...e.com>,
Sergey Senozhatsky <sergey.senozhatsky@...il.com>,
Steven Rostedt <rostedt@...dmis.org>, anton@...msg.org,
ccross@...roid.com, Tony Luck <tony.luck@...el.com>,
robh+dt@...nel.org, devicetree@...r.kernel.org
Subject: Re: [PATCH v2 3/5] pstore/ram: in ramoops_platform_data convert
dump_oops to max_reason
> > Remove filtering logic from ramoops_pstore_write(), as that is not needed
> > anymore, only dmesges specified by max_reason are passed to
> > ramoops_pstore_write(). Also, because of this, we can remove
> > cxt->dump_oops.
>
> This is all looking good. I think I'd like to see patch 3 and 4 merged,
> though. I'd like to make the dump_oops/max_reason conversion in one
> patch. Noted below...
Sure, I can do it.
>
> >
> > Signed-off-by: Pavel Tatashin <pasha.tatashin@...een.com>
> > ---
> > Documentation/admin-guide/ramoops.rst | 11 ++++++----
> > drivers/platform/chrome/chromeos_pstore.c | 2 +-
> > fs/pstore/ram.c | 26 +++++++----------------
> > include/linux/pstore_ram.h | 2 +-
> > 4 files changed, 17 insertions(+), 24 deletions(-)
> >
> > diff --git a/Documentation/admin-guide/ramoops.rst b/Documentation/admin-guide/ramoops.rst
> > index 6dbcc5481000..a296e1aa1617 100644
> > --- a/Documentation/admin-guide/ramoops.rst
> > +++ b/Documentation/admin-guide/ramoops.rst
> > @@ -32,11 +32,14 @@ memory to be mapped strongly ordered, and atomic operations on strongly ordered
> > memory are implementation defined, and won't work on many ARMs such as omaps.
> >
> > The memory area is divided into ``record_size`` chunks (also rounded down to
> > -power of two) and each oops/panic writes a ``record_size`` chunk of
> > +power of two) and each kmesg dump writes a ``record_size`` chunk of
> > information.
> >
> > -Dumping both oopses and panics can be done by setting 1 in the ``dump_oops``
> > -variable while setting 0 in that variable dumps only the panics.
> > +Dumping reasons can be set via max_reason value, as defined in
> > +include/linux/kmsg_dump.h: kmsg_dump_reason. For example, to
> > +dump for both oopses and panics reasons, max_reason should be set to 2
> > +(KMSG_DUMP_OOPS), to dump panics only max_reason should be set to 1
> > +(KMSG_DUMP_PANIC).
> >
> > The module uses a counter to record multiple dumps but the counter gets reset
> > on restart (i.e. new dumps after the restart will overwrite old ones).
> > @@ -90,7 +93,7 @@ Setting the ramoops parameters can be done in several different manners:
> > .mem_address = <...>,
> > .mem_type = <...>,
> > .record_size = <...>,
> > - .dump_oops = <...>,
> > + .max_reason = <...>,
> > .ecc = <...>,
> > };
>
> Good, yes, dump_oops should be removed from the platform data structure
> since that's an entirely internal API.
>
> >
> > diff --git a/drivers/platform/chrome/chromeos_pstore.c b/drivers/platform/chrome/chromeos_pstore.c
> > index d13770785fb5..fa51153688b4 100644
> > --- a/drivers/platform/chrome/chromeos_pstore.c
> > +++ b/drivers/platform/chrome/chromeos_pstore.c
> > @@ -57,7 +57,7 @@ static struct ramoops_platform_data chromeos_ramoops_data = {
> > .record_size = 0x40000,
> > .console_size = 0x20000,
> > .ftrace_size = 0x20000,
> > - .dump_oops = 1,
> > + .max_reason = KMSG_DUMP_OOPS,
> > };
> >
> > static struct platform_device chromeos_ramoops = {
> > diff --git a/fs/pstore/ram.c b/fs/pstore/ram.c
> > index 795622190c01..223581aeea96 100644
> > --- a/fs/pstore/ram.c
> > +++ b/fs/pstore/ram.c
> > @@ -81,7 +81,6 @@ struct ramoops_context {
> > size_t console_size;
> > size_t ftrace_size;
> > size_t pmsg_size;
> > - int dump_oops;
> > u32 flags;
> > struct persistent_ram_ecc_info ecc_info;
> > unsigned int max_dump_cnt;
> > @@ -381,18 +380,6 @@ static int notrace ramoops_pstore_write(struct pstore_record *record)
> > if (record->type != PSTORE_TYPE_DMESG)
> > return -EINVAL;
> >
> > - /*
> > - * Out of the various dmesg dump types, ramoops is currently designed
> > - * to only store crash logs, rather than storing general kernel logs.
> > - */
> > - if (record->reason != KMSG_DUMP_OOPS &&
> > - record->reason != KMSG_DUMP_PANIC)
> > - return -EINVAL;
> > -
> > - /* Skip Oopes when configured to do so. */
> > - if (record->reason == KMSG_DUMP_OOPS && !cxt->dump_oops)
> > - return -EINVAL;
> > -
> > /*
> > * Explicitly only take the first part of any new crash.
> > * If our buffer is larger than kmsg_bytes, this can never happen,
> > @@ -687,7 +674,7 @@ static int ramoops_parse_dt(struct platform_device *pdev,
> > pdata->mem_size = resource_size(res);
> > pdata->mem_address = res->start;
> > pdata->mem_type = of_property_read_bool(of_node, "unbuffered");
> > - pdata->dump_oops = !of_property_read_bool(of_node, "no-dump-oops");
> > + dump_oops = !of_property_read_bool(of_node, "no-dump-oops");
> :
> Is this setting the module param variable? That shouldn't happen here --
> we may fail the DT and overwrite the user-configured setting for a
> different backend. This should be a local variable and the "final"
> max_reason should be calculated in this function, I think.
Hm, interesting, not sure if this is a realistic scenario. If I
understand the code correctly, dummy is the only device that can
pick-up dump_oops parameter, and it is registered before the DT based
backend:
ramoops_init(void)
ramoops_register_dummy(); -> register dummy if mem_size is provided
platform_driver_register(&ramoops_driver); -> register DT based node.
dummy is registered only if mem_size parameter is provided. Deprecated
dump_oops if provided by the user is converted to max_reason and
discarded after that. The value of dump_oops becomes meaningless in
/sys/module/ramoops/parameters/, as it does not really carry any
information about kmsg dumps anymore. max_reason is what carries that
information.
After the dummy backend is registered, even if DT changes dump_oops,
and still fails to register, it does not matter, as the dummy will
keep operating correctly with the set max_reason.
>
> >
> > #define parse_size(name, field) { \
> > ret = ramoops_parse_dt_size(pdev, name, &value); \
> > @@ -785,7 +772,6 @@ static int ramoops_probe(struct platform_device *pdev)
> > cxt->console_size = pdata->console_size;
> > cxt->ftrace_size = pdata->ftrace_size;
> > cxt->pmsg_size = pdata->pmsg_size;
> > - cxt->dump_oops = pdata->dump_oops;
> > cxt->flags = pdata->flags;
> > cxt->ecc_info = pdata->ecc_info;
> >
> > @@ -828,8 +814,14 @@ static int ramoops_probe(struct platform_device *pdev)
> > * the single region size is how to check.
> > */
> > cxt->pstore.flags = 0;
> > - if (cxt->max_dump_cnt)
> > + if (cxt->max_dump_cnt) {
> > cxt->pstore.flags |= PSTORE_FLAGS_DMESG;
> > + if (pdata->max_reason <= 0) {
> > + pdata->max_reason = dump_oops ? KMSG_DUMP_OOPS :
> > + KMSG_DUMP_PANIC;
> > + }
> > + cxt->pstore.max_reason = pdata->max_reason;
> > + }
>
> I'm going to take a stab at reorganizing the DT, platform data, and
> module args to have default handling done in a way that I like. I'm
> having a hard time making specific suggestions here. :)
Sure, unfortunatly I do not think we can simply remove "no-dump-oops"
from DT, and I also looked through the kernel and did not find any DTs
that use "no-dump-oops" in the kernel.
>
> > if (cxt->console_size)
> > cxt->pstore.flags |= PSTORE_FLAGS_CONSOLE;
> > if (cxt->max_ftrace_cnt)
> > @@ -865,7 +857,6 @@ static int ramoops_probe(struct platform_device *pdev)
> > mem_size = pdata->mem_size;
> > mem_address = pdata->mem_address;
> > record_size = pdata->record_size;
> > - dump_oops = pdata->dump_oops;
> > ramoops_console_size = pdata->console_size;
> > ramoops_pmsg_size = pdata->pmsg_size;
> > ramoops_ftrace_size = pdata->ftrace_size;
> > @@ -948,7 +939,6 @@ static void __init ramoops_register_dummy(void)
> > pdata.console_size = ramoops_console_size;
> > pdata.ftrace_size = ramoops_ftrace_size;
> > pdata.pmsg_size = ramoops_pmsg_size;
> > - pdata.dump_oops = dump_oops;
> > pdata.flags = RAMOOPS_FLAG_FTRACE_PER_CPU;
> >
> > /*
> > diff --git a/include/linux/pstore_ram.h b/include/linux/pstore_ram.h
> > index 9cb9b9067298..9f16afec7290 100644
> > --- a/include/linux/pstore_ram.h
> > +++ b/include/linux/pstore_ram.h
> > @@ -133,7 +133,7 @@ struct ramoops_platform_data {
> > unsigned long console_size;
> > unsigned long ftrace_size;
> > unsigned long pmsg_size;
> > - int dump_oops;
> > + int max_reason;
> > u32 flags;
> > struct persistent_ram_ecc_info ecc_info;
> > };
> > --
> > 2.25.1
> >
>
> So, hold off on a v3, and I'll send a series tomorrow, based on what
> you've got here for v2. I like the refactoring; it's much cleaner to
> have max_reason than dump_oops! :)
Sure, I will wait for your changes.
Thank you,
Pasha
>
> --
> Kees Cook
Powered by blists - more mailing lists