lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <YqpX9npa/wR7mafR@agluck-desk3.sc.intel.com>
Date:   Wed, 15 Jun 2022 15:06:46 -0700
From:   "Luck, Tony" <tony.luck@...el.com>
To:     "Rafael J. Wysocki" <rafael@...nel.org>
Cc:     Darren Hart <darren@...amperecomputing.com>,
        LKML <linux-kernel@...r.kernel.org>,
        Linux ACPI <linux-acpi@...r.kernel.org>,
        Len Brown <lenb@...nel.org>, James Morse <james.morse@....com>,
        Borislav Petkov <bp@...en8.de>,
        Doug Rady <dcrady@...amperecomputing.com>
Subject: Re: [PATCH] ACPI/APEI: Limit printable size of BERT table data

On Wed, Mar 09, 2022 at 07:42:26PM +0100, Rafael J. Wysocki wrote:
> On Tue, Mar 8, 2022 at 7:51 PM Darren Hart

> Not that I have a particularly strong opinion here, but this looks
> reasonable to me, so I've queued it up for 5.18.
> 
> APEI reviewers, please chime in if you disagree with the above.

It looked reasonable to me when I skimmed it in March. But the
reality check now needs cashing because some validation team
here is complaining that they don't see any errors printed from
their BERT tests. :-(

So I looked again. This test inside the loop seems bogus:

	if (region_len < ACPI_BERT_PRINT_MAX_LEN) {

because "region_len" isn't updated inside the loop. If it is too big
then it will prevent Linux from printing any/all of the records in the
BERT table (and the test could have been done before the loop).

Maybe below patch is better? It avoids printing individual CPER
records that are too large (checking estatus_len instead of region_len).

I also added a limit to how many records to print (I randomly picked "5" as
the limit ... the specific failing test only want to print one).

-Tony

[I will write up a proper commit message and add a Signed-off-by if
this looks to be a reasonable direction]

diff --git a/drivers/acpi/apei/bert.c b/drivers/acpi/apei/bert.c
index 598fd19b65fa..4e894a728c02 100644
--- a/drivers/acpi/apei/bert.c
+++ b/drivers/acpi/apei/bert.c
@@ -29,6 +29,8 @@
 
 #undef pr_fmt
 #define pr_fmt(fmt) "BERT: " fmt
+
+#define ACPI_BERT_PRINT_MAX_RECORDS 5
 #define ACPI_BERT_PRINT_MAX_LEN 1024
 
 static int bert_disable;
@@ -39,6 +41,7 @@ static void __init bert_print_all(struct acpi_bert_region *region,
 	struct acpi_hest_generic_status *estatus =
 		(struct acpi_hest_generic_status *)region;
 	int remain = region_len;
+	int ncper = 0, skipped = 0;
 	u32 estatus_len;
 
 	while (remain >= sizeof(struct acpi_bert_region)) {
@@ -46,24 +49,23 @@ static void __init bert_print_all(struct acpi_bert_region *region,
 		if (remain < estatus_len) {
 			pr_err(FW_BUG "Truncated status block (length: %u).\n",
 			       estatus_len);
-			return;
+			break;
 		}
 
 		/* No more error records. */
 		if (!estatus->block_status)
-			return;
+			break;
 
 		if (cper_estatus_check(estatus)) {
 			pr_err(FW_BUG "Invalid error record.\n");
-			return;
+			break;
 		}
 
 		pr_info_once("Error records from previous boot:\n");
-		if (region_len < ACPI_BERT_PRINT_MAX_LEN)
+		if (ncper++ < ACPI_BERT_PRINT_MAX_RECORDS && estatus_len < ACPI_BERT_PRINT_MAX_LEN)
 			cper_estatus_print(KERN_INFO HW_ERR, estatus);
 		else
-			pr_info_once("Max print length exceeded, table data is available at:\n"
-				     "/sys/firmware/acpi/tables/data/BERT");
+			skipped++;
 
 		/*
 		 * Because the boot error source is "one-time polled" type,
@@ -75,6 +77,9 @@ static void __init bert_print_all(struct acpi_bert_region *region,
 		estatus = (void *)estatus + estatus_len;
 		remain -= estatus_len;
 	}
+	if (skipped)
+		pr_info("Skipped %d error records, full table data is available at:\n"
+			"/sys/firmware/acpi/tables/data/BERT", skipped);
 }
 
 static int __init setup_bert_disable(char *str)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ