lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 26 Feb 2016 08:51:56 -0500
From:	Boris Ostrovsky <boris.ostrovsky@...cle.com>
To:	Roger Pau Monné <roger.pau@...rix.com>,
	konrad.wilk@...cle.com, david.vrabel@...rix.com
Cc:	andrew.cooper3@...rix.com, linux-kernel@...r.kernel.org,
	mcgrof@...nel.org, brgerst@...il.com,
	xen-devel@...ts.xenproject.org
Subject: Re: [Xen-devel] [PATCH v3 0/2] Clear .bss for VP guests

On 02/26/2016 05:53 AM, Roger Pau Monné wrote:
> El 25/2/16 a les 16:16, Boris Ostrovsky ha escrit:
>> PV guests need to have their .bss zeroed out since it is not guaranteed
>> to be cleared by Xen's domain builder
> I guess I'm missing something, but elf_load_image (in libelf-loader.c)
> seems to be able to clear segments (it will zero the memory between
> p_paddr + p_filesz and p_paddr + p_memsz) while loading the ELF into
> memory, so if the program headers are correctly setup the .bss should be
> zeroed out AFAICT.

Right, but I don't think this is guaranteed. It's uninitialized data so 
in principle it can be anything.

The ELF spec says "the system initializes the data with zero when the 
program begins to run" which I read as it's up to runtime and not the 
loader to do so.

And since kernel does it explicitly on baremetal path I think it's a 
good idea for PV to do the same.

-boris

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ