lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20070208113706.GB14039@in.ibm.com>
Date:	Thu, 8 Feb 2007 17:07:06 +0530
From:	Vivek Goyal <vgoyal@...ibm.com>
To:	Etienne Lorrain <etienne_lorrain@...oo.fr>
Cc:	"H. Peter Anvin" <hpa@...or.com>, linux-kernel@...r.kernel.org,
	"Eric W. Biederman" <ebiederm@...ssion.com>
Subject: Re: Re : [PATCH] Compressed ia32 ELF file generation for loading by Gujin 1/3

On Thu, Feb 08, 2007 at 09:48:31AM +0000, Etienne Lorrain wrote:
> Vivek Goyal wrote:
> > > Etienne Lorrain wrote:
> > >  Yes, any PT_LOAD below 64 Kbytes can only be real mode, and real-mode
> > > cannot be loaded higher, and cannot be bigger than 640 Kbytes, anything
> > > different (like with virtual address at 0xC0000000) is Linux protected mode.
> > > Considering the linker used it is always the 4th program header, before there
> > > were only 3 program header,third one stay the NOTE one.
> >
> > Well this is all a lot of speculation. This is not standard way of retrieving
> > information from ELF. Number of program headers finally created keep on
> > changing. Previously it was left to the linker and now people have changed
> > it to 3 by specifically using PHDR directive.
> 
>   Well, the standard way is:
> 1 - the code program header, to be write protected if possible
> 2 - the (initialised) data program header, to be able to restart the program by just reload/re-entry,
>     and after that (memsiz - filesz) of BSS
>  Anything after is non standard. The number of program header is written in the ELF header,
> but anything over 2 probably need a special loader for the extra treatment.
>  That isn't usual to have something near zero, because it is better not to map
> any memory there to catch null pointer dereference (in virtual memory system).
> 

May be that's the ideal scenario. But if you leave it to linker to decide the
number of progaram headers to linker then linker sometimes optimizes and
creates more program headers if it finds empty space between various sections.
Sometime one or two page space gets created between sections because of
alignment restrictions. So effectively, number of program headers were not
fixed, till recently.

>  I assume you care about this ELF header because you are also a user of
> the ELF file vmlinux, aren't you?
>   

Yes I am. I use kexec boot loader which has capability to load ELF kernel
images (vmlinux). That's why I am concerned about linking real mode code
in vmlinux as for kdump case I shall have to be aware that kernel vmlinux
might contain a special PT_LOAD type program header which will contain
real mode code and it does not have to be loaded. Then I will run into
guessing business which one is that real mode PT_LOAD  program header and
my assumption might very well break in next few kernel release.
 

> > >  Just I did not completely understand why you need relocation (and the announce
> > > was when I was in holidays far away). I know a simple kernel is needed to do
> > > some debugging when the main kernel has crashed, this kernel is better loaded
> > > at for instance 16 Mbytes. You probably do not want the same kernel as the main
> > > one because it may crash the same way, and you start a loop - and even then
> > > if you have exactly the same kernel it is easier to use the same write-protected
> > > block of memory with different data sections.
> > >  But I probably do not understand the problem so do not know what to write.
> > 
> > As long as one can make sure that test kernel boots (commonly the case with
> > distros), same kernel can be used as capture kernel too. So the idea here
> > is to be able to use same kernel binary as production kernel and capture
> > kernel hence distros don't have to ship an additional kernel binary compiled
> > for a different physical addr just for dump capturing purposes.
> 
>  And you do not want to write protect the kernel code (if the CPU write protection
> is not working, the hardware is not working so debug will be difficult, and a simple
> CRC32 can tell kernel memory failure) and use twice the same code memory
> (with different data area or saving kernel data elsewhere before reload).
>  Is that related to module loading or instruction set detection/patch or multiprocessor?
> 

If I understand it right, you seem to be suggesting that I don't have to 
reload the kernel text and I can only reload the data for second kernel?

We run the whole of the kernel from a mutually execlusive location from
first kernel to mitigate the concerns that first kernel's ongoing DMA might
corrupt second kernel. That's why first kernel's text can't be reused.
Secondly, it gives flexibility to user that either he can choose to use 
the production kernel as capture kernel or an entirely different custom
kernel can be used as capture kernel.
 
> > Currently relocation information is extracted from vmlinux and packed in
> > final bzImage after some processing. After execution of real mode code
> > and once the image is decompressed, all the relocations are performed and
> > then control is transferred to kernel.
> 
>   So here you are not really using the initial ELF program header of vmlinux,
> but more the section header and my PT_LOAD section bother you, I better
> understand. You cannot really claim you are only doing standard/usual
> ELF treatment.
> 

Kexec as a boot loader allows to load both ELF vmlinux file or bzImage.
Hence for kdump, a user got the flexibility to either use vmlinux or 
bzImage for dump captruing purposes. Hence I am concerned about both. 

If real mode code is linked with vmlinux, then kdump will be broken.

bzImage is relocatable. If a new kernel image format is introduced
(compressed ELF), then I will prefer it to be a relocatable one
(if possible).

Thanks
Vivek
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ