Message ID | 20221013210648.137452-4-gpiccoli@igalia.com (mailing list archive) |
---|---|
State | Mainlined |
Delegated to: | Kees Cook |
Headers | show |
Series | Some pstore improvements V2 | expand |
On Thu, 13 Oct 2022 at 23:11, Guilherme G. Piccoli <gpiccoli@igalia.com> wrote: > > By default, the efi-pstore backend hardcode the UEFI variable size > as 1024 bytes. The historical reasons for that were discussed by > Ard in threads [0][1]: > > "there is some cargo cult from prehistoric EFI times going > on here, it seems. Or maybe just misinterpretation of the maximum > size for the variable *name* vs the variable itself.". > > "OVMF has > OvmfPkg/OvmfPkgX64.dsc: > gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize|0x2000 > OvmfPkg/OvmfPkgX64.dsc: > gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize|0x8400 > > where the first one is without secure boot and the second with secure > boot. Interestingly, the default is > > gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize|0x400 > > so this is probably where this 1k number comes from." > > With that, and since there is not such a limit in the UEFI spec, we > have the confidence to hereby add a module parameter to enable advanced > users to change the UEFI record size for efi-pstore data collection, > this way allowing a much easier reading of the collected log, which is > not scattered anymore among many small files. > > Through empirical analysis we observed that extreme low values (like 8 > bytes) could eventually cause writing issues, so given that and the OVMF > default discussed, we limited the minimum value to 1024 bytes, which also > is still the default. > > [0] https://lore.kernel.org/lkml/CAMj1kXF4UyRMh2Y_KakeNBHvkHhTtavASTAxXinDO1rhPe_wYg@mail.gmail.com/ > [1] https://lore.kernel.org/lkml/CAMj1kXFy-2KddGu+dgebAdU9v2sindxVoiHLWuVhqYw+R=kqng@mail.gmail.com/ > > Cc: Ard Biesheuvel <ardb@kernel.org> > Signed-off-by: Guilherme G. Piccoli <gpiccoli@igalia.com> > --- > > > V2: > - Fixed a memory corruption bug in the code (that wasn't causing > trouble before due to the fixed sized of record_size), thanks > Ard for spotting this! > > - Added Ard's archeology in the commit message plus a comment > with the reasoning behind the minimum value. > > > drivers/firmware/efi/efi-pstore.c | 23 +++++++++++++++++------ > 1 file changed, 17 insertions(+), 6 deletions(-) > > diff --git a/drivers/firmware/efi/efi-pstore.c b/drivers/firmware/efi/efi-pstore.c > index 97a9e84840a0..827e32427ddb 100644 > --- a/drivers/firmware/efi/efi-pstore.c > +++ b/drivers/firmware/efi/efi-pstore.c > @@ -10,7 +10,9 @@ MODULE_IMPORT_NS(EFIVAR); > > #define DUMP_NAME_LEN 66 > > -#define EFIVARS_DATA_SIZE_MAX 1024 > +static unsigned int record_size = 1024; > +module_param(record_size, uint, 0444); > +MODULE_PARM_DESC(record_size, "size of each pstore UEFI var (in bytes, min/default=1024)"); > > static bool efivars_pstore_disable = > IS_ENABLED(CONFIG_EFI_VARS_PSTORE_DEFAULT_DISABLE); > @@ -30,7 +32,7 @@ static int efi_pstore_open(struct pstore_info *psi) > if (err) > return err; > > - psi->data = kzalloc(EFIVARS_DATA_SIZE_MAX, GFP_KERNEL); > + psi->data = kzalloc(record_size, GFP_KERNEL); > if (!psi->data) > return -ENOMEM; > > @@ -52,7 +54,7 @@ static inline u64 generic_id(u64 timestamp, unsigned int part, int count) > static int efi_pstore_read_func(struct pstore_record *record, > efi_char16_t *varname) > { > - unsigned long wlen, size = EFIVARS_DATA_SIZE_MAX; > + unsigned long wlen, size = record_size; > char name[DUMP_NAME_LEN], data_type; > efi_status_t status; > int cnt; > @@ -133,7 +135,7 @@ static ssize_t efi_pstore_read(struct pstore_record *record) > efi_status_t status; > > for (;;) { > - varname_size = EFIVARS_DATA_SIZE_MAX; > + varname_size = record_size; > I don't think we need this - this is the size of the variable name not the variable itself. > /* > * If this is the first read() call in the pstore enumeration, > @@ -224,11 +226,20 @@ static __init int efivars_pstore_init(void) > if (efivars_pstore_disable) > return 0; > > - efi_pstore_info.buf = kmalloc(4096, GFP_KERNEL); > + /* > + * Notice that 1024 is the minimum here to prevent issues with > + * decompression algorithms that were spotted during tests; > + * even in the case of not using compression, smaller values would > + * just pollute more the pstore FS with many small collected files. > + */ > + if (record_size < 1024) > + record_size = 1024; > + > + efi_pstore_info.buf = kmalloc(record_size, GFP_KERNEL); > if (!efi_pstore_info.buf) > return -ENOMEM; > > - efi_pstore_info.bufsize = 1024; > + efi_pstore_info.bufsize = record_size; > > if (pstore_register(&efi_pstore_info)) { > kfree(efi_pstore_info.buf); > -- > 2.38.0 >
On 14/10/2022 11:46, Ard Biesheuvel wrote: > [...] >> for (;;) { >> - varname_size = EFIVARS_DATA_SIZE_MAX; >> + varname_size = record_size; >> > > I don't think we need this - this is the size of the variable name not > the variable itself. > Ugh, my bad. Do you want to stick with 1024 then? Thanks, Guilherme
On Fri, 14 Oct 2022 at 16:58, Guilherme G. Piccoli <gpiccoli@igalia.com> wrote: > > On 14/10/2022 11:46, Ard Biesheuvel wrote: > > [...] > >> for (;;) { > >> - varname_size = EFIVARS_DATA_SIZE_MAX; > >> + varname_size = record_size; > >> > > > > I don't think we need this - this is the size of the variable name not > > the variable itself. > > > > Ugh, my bad. Do you want to stick with 1024 then? Yes let's keep this at 1024
On 14/10/2022 12:00, Ard Biesheuvel wrote: > On Fri, 14 Oct 2022 at 16:58, Guilherme G. Piccoli <gpiccoli@igalia.com> wrote: >> >> On 14/10/2022 11:46, Ard Biesheuvel wrote: >>> [...] >>>> for (;;) { >>>> - varname_size = EFIVARS_DATA_SIZE_MAX; >>>> + varname_size = record_size; >>>> >>> >>> I don't think we need this - this is the size of the variable name not >>> the variable itself. >>> >> >> Ugh, my bad. Do you want to stick with 1024 then? > > Yes let's keep this at 1024 Perfect, will re-send after we have more feedback on patches 1 and 2. Thanks again, Guilherme
On Thu, Oct 13, 2022 at 06:06:48PM -0300, Guilherme G. Piccoli wrote: > By default, the efi-pstore backend hardcode the UEFI variable size > as 1024 bytes. The historical reasons for that were discussed by > Ard in threads [0][1]: > > "there is some cargo cult from prehistoric EFI times going > on here, it seems. Or maybe just misinterpretation of the maximum > size for the variable *name* vs the variable itself.". > > "OVMF has > OvmfPkg/OvmfPkgX64.dsc: > gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize|0x2000 > OvmfPkg/OvmfPkgX64.dsc: > gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize|0x8400 > > where the first one is without secure boot and the second with secure > boot. Interestingly, the default is > > gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize|0x400 > > so this is probably where this 1k number comes from." > > With that, and since there is not such a limit in the UEFI spec, we > have the confidence to hereby add a module parameter to enable advanced > users to change the UEFI record size for efi-pstore data collection, > this way allowing a much easier reading of the collected log, which is > not scattered anymore among many small files. > > Through empirical analysis we observed that extreme low values (like 8 > bytes) could eventually cause writing issues, so given that and the OVMF > default discussed, we limited the minimum value to 1024 bytes, which also > is still the default. > > [0] https://lore.kernel.org/lkml/CAMj1kXF4UyRMh2Y_KakeNBHvkHhTtavASTAxXinDO1rhPe_wYg@mail.gmail.com/ > [1] https://lore.kernel.org/lkml/CAMj1kXFy-2KddGu+dgebAdU9v2sindxVoiHLWuVhqYw+R=kqng@mail.gmail.com/ > > Cc: Ard Biesheuvel <ardb@kernel.org> > Signed-off-by: Guilherme G. Piccoli <gpiccoli@igalia.com> With the var length change recommended by Ard, yeah, looks good to me. :) Thanks! -Kees
diff --git a/drivers/firmware/efi/efi-pstore.c b/drivers/firmware/efi/efi-pstore.c index 97a9e84840a0..827e32427ddb 100644 --- a/drivers/firmware/efi/efi-pstore.c +++ b/drivers/firmware/efi/efi-pstore.c @@ -10,7 +10,9 @@ MODULE_IMPORT_NS(EFIVAR); #define DUMP_NAME_LEN 66 -#define EFIVARS_DATA_SIZE_MAX 1024 +static unsigned int record_size = 1024; +module_param(record_size, uint, 0444); +MODULE_PARM_DESC(record_size, "size of each pstore UEFI var (in bytes, min/default=1024)"); static bool efivars_pstore_disable = IS_ENABLED(CONFIG_EFI_VARS_PSTORE_DEFAULT_DISABLE); @@ -30,7 +32,7 @@ static int efi_pstore_open(struct pstore_info *psi) if (err) return err; - psi->data = kzalloc(EFIVARS_DATA_SIZE_MAX, GFP_KERNEL); + psi->data = kzalloc(record_size, GFP_KERNEL); if (!psi->data) return -ENOMEM; @@ -52,7 +54,7 @@ static inline u64 generic_id(u64 timestamp, unsigned int part, int count) static int efi_pstore_read_func(struct pstore_record *record, efi_char16_t *varname) { - unsigned long wlen, size = EFIVARS_DATA_SIZE_MAX; + unsigned long wlen, size = record_size; char name[DUMP_NAME_LEN], data_type; efi_status_t status; int cnt; @@ -133,7 +135,7 @@ static ssize_t efi_pstore_read(struct pstore_record *record) efi_status_t status; for (;;) { - varname_size = EFIVARS_DATA_SIZE_MAX; + varname_size = record_size; /* * If this is the first read() call in the pstore enumeration, @@ -224,11 +226,20 @@ static __init int efivars_pstore_init(void) if (efivars_pstore_disable) return 0; - efi_pstore_info.buf = kmalloc(4096, GFP_KERNEL); + /* + * Notice that 1024 is the minimum here to prevent issues with + * decompression algorithms that were spotted during tests; + * even in the case of not using compression, smaller values would + * just pollute more the pstore FS with many small collected files. + */ + if (record_size < 1024) + record_size = 1024; + + efi_pstore_info.buf = kmalloc(record_size, GFP_KERNEL); if (!efi_pstore_info.buf) return -ENOMEM; - efi_pstore_info.bufsize = 1024; + efi_pstore_info.bufsize = record_size; if (pstore_register(&efi_pstore_info)) { kfree(efi_pstore_info.buf);
By default, the efi-pstore backend hardcode the UEFI variable size as 1024 bytes. The historical reasons for that were discussed by Ard in threads [0][1]: "there is some cargo cult from prehistoric EFI times going on here, it seems. Or maybe just misinterpretation of the maximum size for the variable *name* vs the variable itself.". "OVMF has OvmfPkg/OvmfPkgX64.dsc: gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize|0x2000 OvmfPkg/OvmfPkgX64.dsc: gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize|0x8400 where the first one is without secure boot and the second with secure boot. Interestingly, the default is gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize|0x400 so this is probably where this 1k number comes from." With that, and since there is not such a limit in the UEFI spec, we have the confidence to hereby add a module parameter to enable advanced users to change the UEFI record size for efi-pstore data collection, this way allowing a much easier reading of the collected log, which is not scattered anymore among many small files. Through empirical analysis we observed that extreme low values (like 8 bytes) could eventually cause writing issues, so given that and the OVMF default discussed, we limited the minimum value to 1024 bytes, which also is still the default. [0] https://lore.kernel.org/lkml/CAMj1kXF4UyRMh2Y_KakeNBHvkHhTtavASTAxXinDO1rhPe_wYg@mail.gmail.com/ [1] https://lore.kernel.org/lkml/CAMj1kXFy-2KddGu+dgebAdU9v2sindxVoiHLWuVhqYw+R=kqng@mail.gmail.com/ Cc: Ard Biesheuvel <ardb@kernel.org> Signed-off-by: Guilherme G. Piccoli <gpiccoli@igalia.com> --- V2: - Fixed a memory corruption bug in the code (that wasn't causing trouble before due to the fixed sized of record_size), thanks Ard for spotting this! - Added Ard's archeology in the commit message plus a comment with the reasoning behind the minimum value. drivers/firmware/efi/efi-pstore.c | 23 +++++++++++++++++------ 1 file changed, 17 insertions(+), 6 deletions(-)