pstore/ram_core: Better ECC size checking

- Instead of exploiting unsigned overflows (which doesn't work for all
  sizes), use straightforward checking for ECC total size not exceeding
  initial buffer size;

- Printing overflowed buffer_size is not informative. Instead, print
  ecc_size and buffer_size;

- No need for buffer_size argument in persistent_ram_init_ecc(),
  we can address prz->buffer_size directly.

Signed-off-by: Anton Vorontsov <anton.vorontsov@linaro.org>
Acked-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/fs/pstore/ram_core.c b/fs/pstore/ram_core.c
index f62ebf2dfed730860ed4826bace0887b464da13d..a5a7b13d358c9abef22490e19e722ffc19d6105c 100644 (file)
--- a/fs/pstore/ram_core.c
+++ b/fs/pstore/ram_core.c
@@ -171,12 +171,12 @@ static void persistent_ram_ecc_old(struct persistent_ram_zone *prz)
        }
 }
 
-static int persistent_ram_init_ecc(struct persistent_ram_zone *prz,
-       size_t buffer_size)
+static int persistent_ram_init_ecc(struct persistent_ram_zone *prz)
 {
        int numerr;
        struct persistent_ram_buffer *buffer = prz->buffer;
        int ecc_blocks;
+       size_t ecc_total;
 
        if (!prz->ecc)
                return 0;
@@ -187,14 +187,14 @@ static int persistent_ram_init_ecc(struct persistent_ram_zone *prz,
        prz->ecc_poly = 0x11d;
 
        ecc_blocks = DIV_ROUND_UP(prz->buffer_size, prz->ecc_block_size);
-       prz->buffer_size -= (ecc_blocks + 1) * prz->ecc_size;
-
-       if (prz->buffer_size > buffer_size) {
-               pr_err("persistent_ram: invalid size %zu, non-ecc datasize %zu\n",
-                      buffer_size, prz->buffer_size);
+       ecc_total = (ecc_blocks + 1) * prz->ecc_size;
+       if (ecc_total >= prz->buffer_size) {
+               pr_err("%s: invalid ecc_size %u (total %zu, buffer size %zu)\n",
+                      __func__, prz->ecc_size, ecc_total, prz->buffer_size);
                return -EINVAL;
        }
 
+       prz->buffer_size -= ecc_total;
        prz->par_buffer = buffer->data + prz->buffer_size;
        prz->par_header = prz->par_buffer + ecc_blocks * prz->ecc_size;
 
@@ -397,7 +397,7 @@ static int __devinit persistent_ram_post_init(struct persistent_ram_zone *prz,
 
        prz->ecc = ecc;
 
-       ret = persistent_ram_init_ecc(prz, prz->buffer_size);
+       ret = persistent_ram_init_ecc(prz);
        if (ret)
                return ret;