lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <m1odl0pgrb.fsf@ebiederm.dsl.xmission.com>
Date:	Fri, 04 May 2007 12:48:08 -0600
From:	ebiederm@...ssion.com (Eric W. Biederman)
To:	Jeremy Fitzhardinge <jeremy@...p.org>
Cc:	"H. Peter Anvin" <hpa@...or.com>,
	Rusty Russell <rusty@...tcorp.com.au>, Andi Kleen <ak@...e.de>,
	Chris Wright <chrisw@...s-sol.org>,
	Zachary Amsden <zach@...are.com>,
	Andrew Morton <akpm@...ux-foundation.org>,
	Linus Torvalds <torvalds@...ux-foundation.org>,
	lkml - Kernel Mailing List <linux-kernel@...r.kernel.org>
Subject: Re: [RFC PATCH 3/3] boot bzImages under paravirt

Jeremy Fitzhardinge <jeremy@...p.org> writes:

> Eric W. Biederman wrote:
>>> Gujin seems to have a near-zero user community, so if they have to rev
>>> their code it wouldn't be a big deal (the author keeps trying to push
>>> some crack-smoking "Gujin native" patches into the kernel, too), 
>>> breaking ELILO would hurt anyone using Intel Macs.
>>>     
>>
>> I'm thinking we just make the code start.
>> startup_32:
>> 	movl	%cs, %eax
>>         testl   $3, %eax
>>         jnz     1f
>>   
>
> I'm not really happy about using this as a way to distinguish paravirt
> from non-paravirt in general.  At some point we're going to be running
> paravirt kernels in ring0 within a VT/SVM container - but they'll still
> be completely paravirtualized kernels.

That wasn't paravirt detection that was do I have permissions to load
the gdt.

Basically we have two choices.   Either unconditionally demand
that %cs %ds %es and %ss are loaded, and so we remove all descriptor
loading.

Or we can do:
startup_32:
	movl	%cs, %eax
	testl	$3, %eax
        jnz     1f

	movl $(__BOOT_DS),%eax
	movl %eax,%ds
	movl %eax,%es
	movl %eax,%fs
	movl %eax,%gs
	movl %eax,%ss

1:

Which only demands that the segments be loaded when we aren't in ring0.
At least historically that is safe for the linux kernel but really weird.

Since there is only one fringe bootloader that cares I'm thinking just
removing all segment loading and assume we have the equivalent of
BOOT_DS in the segments probably makes the most sense.

I'm thinking that our next protocol version probably needs to be 3.0
given the significance of the change, and the fact we are breaking
in a very small ways backwards compatibility.

> I think a better approach is to just do it purely based on the boot
> params platform field.  Ie, something along the lines of:
>
> 	if (boot_params.version < new_enough)
> 		goto native_boot;
> 	else {
> 		for (int i = 0; i < nplatforms; i++)
> 			if (boot_params.platform == platforms[i].id)
> 				goto *platforms[i].startup
> 		panic();
> 	}

I think it is much better to test the boot_params.platform field where
we care.  If the platform is a native x86 subarch we don't need
a magic startup function.  If the platform is Xen or lguest
we can at best copy our boot parameters and jump to their custom
startup routines.

Eric
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ