lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 3 Oct 2016 15:50:09 -0600
From:   Simon Glass <sjg@...omium.org>
To:     Yinghai Lu <yinghai@...nel.org>, Kees Cook <keescook@...omium.org>,
        Ingo Molnar <mingo@...nel.org>, Ingo Molnar <mingo@...hat.com>,
        Baoquan He <bhe@...hat.com>, "H. Peter Anvin" <hpa@...or.com>,
        Borislav Petkov <bp@...en8.de>,
        Vivek Goyal <vgoyal@...hat.com>,
        Andy Lutomirski <luto@...nel.org>,
        Lasse Collin <lasse.collin@...aani.org>,
        Andrew Morton <akpm@...ux-foundation.org>,
        Dave Young <dyoung@...hat.com>,
        LKML <linux-kernel@...r.kernel.org>,
        Simon Glass <sjg@...omium.org>
Subject: Re: [PATCH 2/6] x86/boot: Move compressed kernel to end of
 decompression buffer

HI Matt,

On 16 August 2016 at 20:25, Matt Mullins <mmullins@...x.us> wrote:
> On Tue, Aug 16, 2016 at 12:19:42PM -0700, Yinghai Lu wrote:
>> On Mon, Aug 15, 2016 at 9:01 PM, Matt Mullins <mmullins@...x.us> wrote:
>> >
>> > This appears to have a negative effect on booting the Intel Edison platform, as
>> > it uses u-boot as its bootloader.  u-boot does not copy the init_size parameter
>> > when booting a bzImage: it copies a fixed-size setup_header [1], and its
>> > definition of setup_header doesn't include the parameters beyond setup_data [2].
>> >
>> > With a zero value for init_size, this calculates a %rsp value of 0x101ff9600.
>> > This causes the boot process to hard-stop at the immediately-following pushq, as
>> > this platform has no usable physical addresses above 4G.
>> >
>> > What are the options for getting this type of platform to function again?  For
>> > now, kexec from a working Linux system does seem to be a work-around, but there
>> > appears to be other x86 hardware using u-boot: the chromium.org folks seem to be
>> > maintaining the u-boot x86 tree.
>> >
>> > [1] http://git.denx.de/?p=u-boot.git;a=blob;f=arch/x86/lib/zimage.c;h=1b33c771391f49ffe82864ff1582bdfd07e5e97d;hb=HEAD#l156
>> > [2] http://git.denx.de/?p=u-boot.git;a=blob;f=arch/x86/include/asm/bootparam.h;h=140095117e5a2daef0a097c55f0ed10e08acc781;hb=HEAD#l24
>>
>> Then should fix the u-boot about header_size assumption.
>
> I was hoping to avoid that, since the Edison's u-boot is 10,000-line patch atop
> the upstream -- I don't trust myself to build and flash one quite yet.

It would be good to upstream that!

>
> If this turned out to affect Chromebooks, I'd spend more effort pushing for
> a kernel fix, but it seems that ChromeOS has a different kernel load procedure
> and doesn't use "zboot".  For now, I'll probably just keep a local patch that
> hard-codes a value large enough to decompress and launch the kernel.
>
> I may turn that local patch into something gated by a Kconfig eventually, in
> hopes that users of the other x86 u-boot platforms will see it in a "make
> oldconfig" run.

Well, I think this patch is useful. But also, let's fix U-Boot.

Regards,
Simon

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ