EDAC/ghes: Set the DIMM label unconditionally (!1212) · Merge requests · Red Hat / centos-stream / src / kernel / centos-stream-9

Aristeu Rozanski requested to merge arozansk/centos-stream-9:arozansk-2109713 into main Aug 02, 2022

Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2109713
Tested: sanity

commit 5e2805d5379619c4a2e3ae4994e73b36439f4bad
Author: Toshi Kani toshi.kani@hpe.com
Date: Thu Jul 21 12:05:03 2022 -0600

EDAC/ghes: Set the DIMM label unconditionally  

The commit  

  cb51a371d08e ("EDAC/ghes: Setup DIMM label from DMI and use it in error reports")  

enforced that both the bank and device strings passed to  
dimm_setup_label() are not NULL.  

However, there are BIOSes, for example on a  

  HPE ProLiant DL360 Gen10/ProLiant DL360 Gen10, BIOS U32 03/15/2019  

which don't populate both strings:  

  Handle 0x0020, DMI type 17, 84 bytes  
  Memory Device  
          Array Handle: 0x0013  
          Error Information Handle: Not Provided  
          Total Width: 72 bits  
          Data Width: 64 bits  
          Size: 32 GB  
          Form Factor: DIMM  
          Set: None  
          Locator: PROC 1 DIMM 1        <===== device  
          Bank Locator: Not Specified   <===== bank  

This results in a buffer overflow because ghes_edac_register() calls  
strlen() on an uninitialized label, which had non-zero values left over  
from krealloc_array():  

  detected buffer overflow in __fortify_strlen  
   ------------[ cut here ]------------  
   kernel BUG at lib/string_helpers.c:983!  
   invalid opcode: 0000 [#1] PREEMPT SMP NOPTI  
   CPU: 1 PID: 1 Comm: swapper/0 Tainted: G          I       5.18.6-200.fc36.x86_64 #1  
   Hardware name: HPE ProLiant DL360 Gen10/ProLiant DL360 Gen10, BIOS U32 03/15/2019  
   RIP: 0010:fortify_panic  
   ...  
   Call Trace:  
    <TASK>  
    ghes_edac_register.cold  
    ghes_probe  
    platform_probe  
    really_probe  
    __driver_probe_device  
    driver_probe_device  
    __driver_attach  
    ? __device_attach_driver  
    bus_for_each_dev  
    bus_add_driver  
    driver_register  
    acpi_ghes_init  
    acpi_init  
    ? acpi_sleep_proc_init  
    do_one_initcall  

The label contains garbage because the commit in Fixes reallocs the  
DIMMs array while scanning the system but doesn't clear the newly  
allocated memory.  

Change dimm_setup_label() to always initialize the label to fix the  
issue. Set it to the empty string in case BIOS does not provide both  
bank and device so that ghes_edac_register() can keep the default label  
given by edac_mc_alloc_dimms().  

  [ bp: Rewrite commit message. ]  

Fixes: b9cae27728d1f ("EDAC/ghes: Scan the system once on driver init")  
Co-developed-by: Robert Richter <rric@kernel.org>  
Signed-off-by: Robert Richter <rric@kernel.org>  
Signed-off-by: Toshi Kani <toshi.kani@hpe.com>  
Signed-off-by: Borislav Petkov <bp@suse.de>  
Tested-by: Robert Elliott <elliott@hpe.com>  
Cc: <stable@vger.kernel.org>  
Link: https://lore.kernel.org/r/20220719220124.760359-1-toshi.kani@hpe.com

Signed-off-by: Aristeu Rozanski arozansk@redhat.com

EDAC/ghes: Set the DIMM label unconditionally

Merge request reports