| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 5 Aug 2014 13:55:48 +0100
From: Matt Fleming <matt@...sole-pimps.org>
To: Bruno Prémont <bonbons@...ux-vserver.org>
Cc: P J P <ppandit@...hat.com>,
Andrew Morton <akpm@...ux-foundation.org>,
linux-kernel@...r.kernel.org, linux-efi@...r.kernel.org,
"H. Peter Anvin" <hpa@...or.com>
Subject: Re: 3.12 to 3.13 boot regression bisected - still applies to 3.16
On Tue, 05 Aug, at 02:11:42PM, Bruno Prémont wrote:
>
> arch/x86/boot/compressed/head_64.S
> 341 /*
> 342 * Copy the compressed kernel to the end of our buffer
> 343 * where decompression in place becomes safe.
> 344 */
> 345 pushq %rsi
> 346 leaq (_bss-8)(%rip), %rsi
> 347 leaq (_bss-8)(%rbx), %rdi
> 348 movq $_bss /* - $startup_32 */, %rcx
> 349 shrq $3, %rcx
> 350 std
>
> code gets up to here
>
> 351 rep movsq
>
> this location is never reached but instead system reboots
>
> 352 cld
> 353 popq %rsi
> 354
> 355 /*
> 356 * Jump to the relocated address.
> 357 */
Excellent. Thanks for doing this, it's all starting to make sense now.
I suspect if you enable CONFIG_RELOCATABLE things will work just fine.
I've actually got a patch to force that option if CONFIG_EFI_STUB is
enabled to mitigate this exact problem. Could you try it out (see
below)?
Without CONFIG_RELOCATABLE the early boot code will try and decompress
the kernel image to LOAD_PHYSICAL_ADDR. That may have worked in the days
of BIOS, when it was reasonable to assume that nothing important would
be sitting in the 0x10000000 region, but that's just not so for UEFI.
For UEFI we need to request memory from the firmware and not stray
outside the bounds of those allocations. Otherwise there's the potential
that we'll trash bits of the firmware's code/data.
---
>From b9ffb908e18b11be1d89e4c39bee5d4671d3fa6f Mon Sep 17 00:00:00 2001
From: Matt Fleming <matt.fleming@...el.com>
Date: Fri, 11 Jul 2014 08:45:25 +0100
Subject: [PATCH] x86/efi: Enforce CONFIG_RELOCATABLE for EFI boot stub
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Without CONFIG_RELOCATABLE the early boot code will decompress the
kernel to LOAD_PHYSICAL_ADDR. While this may have been fine in the BIOS
days, that isn't going to fly with UEFI since parts of the firmware
code/data may be located at LOAD_PHYSICAL_ADDR.
Straying outside of the bounds of the regions we've explicitly requested
from the firmware will cause all sorts of trouble. Bruno reports that
his machine resets while trying to decompress the kernel image.
We already go to great pains to ensure the kernel is loaded into a
suitably aligned buffer, it's just that the address isn't necessarily
LOAD_PHYSICAL_ADDR, because we can't guarantee that address isn't in-use
by the firmware.
Explicitly enforce CONFIG_RELOCATABLE for the EFI boot stub, so that we
can load the kernel at any address with the correct alignment.
Reported-by: Bruno Prémont <bonbons@...ux-vserver.org>
Cc: H. Peter Anvin <hpa@...or.com>
Cc: <stable@...r.kernel.org>
Signed-off-by: Matt Fleming <matt.fleming@...el.com>
---
arch/x86/Kconfig | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index 801ed36c2e49..f31b8ae8c81c 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -1537,6 +1537,7 @@ config EFI
config EFI_STUB
bool "EFI stub support"
depends on EFI
+ select RELOCATABLE
---help---
This kernel feature allows a bzImage to be loaded directly
by EFI firmware without the use of a bootloader.
--
1.9.0
--
Matt Fleming, Intel Open Source Technology Center
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists