| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 04 May 2007 12:48:08 -0600
From: ebiederm@...ssion.com (Eric W. Biederman)
To: Jeremy Fitzhardinge <jeremy@...p.org>
Cc: "H. Peter Anvin" <hpa@...or.com>,
Rusty Russell <rusty@...tcorp.com.au>, Andi Kleen <ak@...e.de>,
Chris Wright <chrisw@...s-sol.org>,
Zachary Amsden <zach@...are.com>,
Andrew Morton <akpm@...ux-foundation.org>,
Linus Torvalds <torvalds@...ux-foundation.org>,
lkml - Kernel Mailing List <linux-kernel@...r.kernel.org>
Subject: Re: [RFC PATCH 3/3] boot bzImages under paravirt
Jeremy Fitzhardinge <jeremy@...p.org> writes:
> Eric W. Biederman wrote:
>>> Gujin seems to have a near-zero user community, so if they have to rev
>>> their code it wouldn't be a big deal (the author keeps trying to push
>>> some crack-smoking "Gujin native" patches into the kernel, too),
>>> breaking ELILO would hurt anyone using Intel Macs.
>>>
>>
>> I'm thinking we just make the code start.
>> startup_32:
>> movl %cs, %eax
>> testl $3, %eax
>> jnz 1f
>>
>
> I'm not really happy about using this as a way to distinguish paravirt
> from non-paravirt in general. At some point we're going to be running
> paravirt kernels in ring0 within a VT/SVM container - but they'll still
> be completely paravirtualized kernels.
That wasn't paravirt detection that was do I have permissions to load
the gdt.
Basically we have two choices. Either unconditionally demand
that %cs %ds %es and %ss are loaded, and so we remove all descriptor
loading.
Or we can do:
startup_32:
movl %cs, %eax
testl $3, %eax
jnz 1f
movl $(__BOOT_DS),%eax
movl %eax,%ds
movl %eax,%es
movl %eax,%fs
movl %eax,%gs
movl %eax,%ss
1:
Which only demands that the segments be loaded when we aren't in ring0.
At least historically that is safe for the linux kernel but really weird.
Since there is only one fringe bootloader that cares I'm thinking just
removing all segment loading and assume we have the equivalent of
BOOT_DS in the segments probably makes the most sense.
I'm thinking that our next protocol version probably needs to be 3.0
given the significance of the change, and the fact we are breaking
in a very small ways backwards compatibility.
> I think a better approach is to just do it purely based on the boot
> params platform field. Ie, something along the lines of:
>
> if (boot_params.version < new_enough)
> goto native_boot;
> else {
> for (int i = 0; i < nplatforms; i++)
> if (boot_params.platform == platforms[i].id)
> goto *platforms[i].startup
> panic();
> }
I think it is much better to test the boot_params.platform field where
we care. If the platform is a native x86 subarch we don't need
a magic startup function. If the platform is Xen or lguest
we can at best copy our boot parameters and jump to their custom
startup routines.
Eric
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists