From patchwork Mon Mar  6 21:55:26 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Kees Cook <keescook@chromium.org>
X-Patchwork-Id: 9608433
Return-Path: <linux-acpi-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	9EBD0604DC for <patchwork-linux-acpi@patchwork.kernel.org>;
	Tue,  7 Mar 2017 09:41:32 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 8B8CA2849F
	for <patchwork-linux-acpi@patchwork.kernel.org>;
	Tue,  7 Mar 2017 09:41:32 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 7CCE2284D8; Tue,  7 Mar 2017 09:41:32 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-6.3 required=2.0 tests=BAYES_00,DKIM_SIGNED,
	RCVD_IN_DNSWL_HI, RCVD_IN_SORBS_SPAM,
	T_DKIM_INVALID autolearn=unavailable version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id DBE3F2849F
	for <patchwork-linux-acpi@patchwork.kernel.org>;
	Tue,  7 Mar 2017 09:41:31 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1753504AbdCGJla (ORCPT
	<rfc822;patchwork-linux-acpi@patchwork.kernel.org>);
	Tue, 7 Mar 2017 04:41:30 -0500
Received: from mail-pf0-f169.google.com ([209.85.192.169]:33969 "EHLO
	mail-pf0-f169.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1752039AbdCGJl2 (ORCPT
	<rfc822; linux-acpi@vger.kernel.org>); Tue, 7 Mar 2017 04:41:28 -0500
Received: by mail-pf0-f169.google.com with SMTP id v190so35960213pfb.1
	for <linux-acpi@vger.kernel.org>;
	Tue, 07 Mar 2017 01:41:27 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=chromium.org; s=google;
	h=from:to:cc:subject:date:message-id:in-reply-to:references;
	bh=eTNQ9hJV7HR/B5eT6f489Ldq7/nFVTcE2pBGIivXIM0=;
	b=mKY3IcM0OK1w+xJhan2AOrC1DJdcrRsQeNyCdhGWvp1th88M7P54U2b6M28u2W4iHC
	uLrN8+YP6Cfwbfi6poJj5b7Gy+8ipM9Gy8mkMjnBVsz5HSZJtbgKiLEJ2JxmKnhlAYcK
	voDrP+/j7punERMPZWYjix8q485dJquM/E7kg=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references;
	bh=eTNQ9hJV7HR/B5eT6f489Ldq7/nFVTcE2pBGIivXIM0=;
	b=DmJFnRM8xbfat2/NxhlKss0n/mLetTox2ZAVjVSO1cRcTZ/YSgEGux33peayeM8Y7X
	UEYSYWtlHynK1kpMOShso9eJn98TNyzpba+Ul/Qfp0W6qDNIU2FPgloNjv5M2XNZTJiO
	Xomc3Xagcv/HlnGTyHtSlD6V+dsyK8EjbkD0c/kQcSmm3nn7EsVg+qDXShr3Rvaa0iFK
	E1JwpRPr1SU065brmrgLoREOIMqLAOAP9qKdai0WuOY/9Xq8eKygpT9Ax4SdvPRauu1R
	O9JC7YddatkwMp8AqBPatK6/cUSt8k0ewt3AKMjI4f/k32gChghQR3rlLoglRdhFOSlp
	IYFQ==
X-Gm-Message-State: 
 AMke39lihZ6KNKgJ8DmkObpVpKrupA16svvTdSYk/ONsQYoURXjtACCPMc34Rsbr+uF9JVqh
X-Received: by 10.84.194.129 with SMTP id h1mr29796871pld.56.1488837341546;
	Mon, 06 Mar 2017 13:55:41 -0800 (PST)
Received: from www.outflux.net ([2002:ada4:7085:0:205a:2b55:4e6d:7d63])
	by smtp.gmail.com with ESMTPSA id
	h9sm41362045pfd.103.2017.03.06.13.55.38
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Mon, 06 Mar 2017 13:55:38 -0800 (PST)
From: Kees Cook <keescook@chromium.org>
To: linux-kernel@vger.kernel.org
Cc: Kees Cook <keescook@chromium.org>,
	Nobuhiro Iwamatsu <nobuhiro.iwamatsu.kw@hitachi.com>,
	Qiuxu Zhuo <qiuxu.zhuo@intel.com>,
	Ard Biesheuvel <ard.biesheuvel@linaro.org>,
	Anton Vorontsov <anton@enomsg.org>, Colin Cross <ccross@android.com>,
	Tony Luck <tony.luck@intel.com>,
	Benjamin Herrenschmidt <benh@kernel.crashing.org>,
	Paul Mackerras <paulus@samba.org>, Michael Ellerman <mpe@ellerman.id.au>,
	"Rafael J. Wysocki" <rjw@rjwysocki.net>, Len Brown <lenb@kernel.org>,
	Matt Fleming <matt@codeblueprint.co.uk>,
	Nathan Fontenot <nfont@linux.vnet.ibm.com>,
	Pan Xinhui <xinhui.pan@linux.vnet.ibm.com>,
	Daniel Axtens <dja@axtens.net>,
	Paul Gortmaker <paul.gortmaker@windriver.com>,
	Geliang Tang <geliangtang@163.com>,
	linuxppc-dev@lists.ozlabs.org, linux-acpi@vger.kernel.org,
	linux-efi@vger.kernel.org, linux-doc@vger.kernel.org
Subject: [PATCH 12/18] pstore: Pass record contents instead of copying
Date: Mon,  6 Mar 2017 13:55:26 -0800
Message-Id: <1488837332-71582-13-git-send-email-keescook@chromium.org>
X-Mailer: git-send-email 2.7.4
In-Reply-To: <1488837332-71582-1-git-send-email-keescook@chromium.org>
References: <1488837332-71582-1-git-send-email-keescook@chromium.org>
Sender: linux-acpi-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-acpi.vger.kernel.org>
X-Mailing-List: linux-acpi@vger.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

pstore_mkfile() shouldn't have to memcpy the record contents. It can use
the existing copy instead. This adjusts the allocation lifetime management
and renames the contents variable from "data" to "buf" to assist moving to
struct pstore_record in the future.

Signed-off-by: Kees Cook <keescook@chromium.org>
---
 fs/pstore/inode.c    | 22 +++++++++++++++-------
 fs/pstore/platform.c | 16 ++++++++++++----
 2 files changed, 27 insertions(+), 11 deletions(-)

diff --git a/fs/pstore/inode.c b/fs/pstore/inode.c
index a98787bab3e6..3d1f047e4f41 100644
--- a/fs/pstore/inode.c
+++ b/fs/pstore/inode.c
@@ -52,7 +52,7 @@ struct pstore_private {
 	u64	id;
 	int	count;
 	ssize_t	size;
-	char	data[];
+	char    *buf;
 };
 
 struct pstore_ftrace_seq_data {
@@ -63,6 +63,14 @@ struct pstore_ftrace_seq_data {
 
 #define REC_SIZE sizeof(struct pstore_ftrace_record)
 
+static void free_pstore_private(struct pstore_private *private)
+{
+	if (!private)
+		return;
+	kfree(private->buf);
+	kfree(private);
+}
+
 static void *pstore_ftrace_seq_start(struct seq_file *s, loff_t *pos)
 {
 	struct pstore_private *ps = s->private;
@@ -105,7 +113,7 @@ static int pstore_ftrace_seq_show(struct seq_file *s, void *v)
 {
 	struct pstore_private *ps = s->private;
 	struct pstore_ftrace_seq_data *data = v;
-	struct pstore_ftrace_record *rec = (void *)(ps->data + data->off);
+	struct pstore_ftrace_record *rec = (void *)(ps->buf + data->off);
 
 	seq_printf(s, "CPU:%d ts:%llu %08lx  %08lx  %pf <- %pF\n",
 		   pstore_ftrace_decode_cpu(rec),
@@ -143,7 +151,7 @@ static ssize_t pstore_file_read(struct file *file, char __user *userbuf,
 
 	if (ps->type == PSTORE_TYPE_FTRACE)
 		return seq_read(file, userbuf, count, ppos);
-	return simple_read_from_buffer(userbuf, count, ppos, ps->data, ps->size);
+	return simple_read_from_buffer(userbuf, count, ppos, ps->buf, ps->size);
 }
 
 static int pstore_file_open(struct inode *inode, struct file *file)
@@ -221,7 +229,7 @@ static void pstore_evict_inode(struct inode *inode)
 		spin_lock_irqsave(&allpstore_lock, flags);
 		list_del(&p->list);
 		spin_unlock_irqrestore(&allpstore_lock, flags);
-		kfree(p);
+		free_pstore_private(p);
 	}
 }
 
@@ -332,7 +340,7 @@ int pstore_mkfile(struct pstore_record *record)
 		goto fail;
 	inode->i_mode = S_IFREG | 0444;
 	inode->i_fop = &pstore_file_operations;
-	private = kmalloc(sizeof *private + size, GFP_KERNEL);
+	private = kzalloc(sizeof(*private), GFP_KERNEL);
 	if (!private)
 		goto fail_alloc;
 	private->type = record->type;
@@ -394,7 +402,7 @@ int pstore_mkfile(struct pstore_record *record)
 	if (!dentry)
 		goto fail_lockedalloc;
 
-	memcpy(private->data, record->buf, size);
+	private->buf = record->buf;
 	inode->i_size = private->size = size;
 
 	inode->i_private = private;
@@ -414,7 +422,7 @@ int pstore_mkfile(struct pstore_record *record)
 
 fail_lockedalloc:
 	inode_unlock(d_inode(root));
-	kfree(private);
+	free_pstore_private(private);
 fail_alloc:
 	iput(inode);
 
diff --git a/fs/pstore/platform.c b/fs/pstore/platform.c
index c0d401e732e6..d897e2f11b6a 100644
--- a/fs/pstore/platform.c
+++ b/fs/pstore/platform.c
@@ -828,14 +828,22 @@ void pstore_get_records(int quiet)
 	if (psi->open && psi->open(psi))
 		goto out;
 
+	/*
+	 * Backend callback read() allocates record.buf. decompress_record()
+	 * may reallocate record.buf. On success, pstore_mkfile() will keep
+	 * the record.buf, so free it only on failure.
+	 */
 	while ((record.size = psi->read(&record)) > 0) {
 		decompress_record(&record);
 		rc = pstore_mkfile(&record);
+		if (rc) {
+			/* pstore_mkfile() did not take buf, so free it. */
+			kfree(record.buf);
+			if (rc != -EEXIST || !quiet)
+				failed++;
+		}
 
-		if (rc && (rc != -EEXIST || !quiet))
-			failed++;
-
-		kfree(record.buf);
+		/* Reset for next record. */
 		memset(&record, 0, sizeof(record));
 		record.psi = psi;
 	}