lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20160816040147.GA4492@hydra.tuxags.com>
Date:	Mon, 15 Aug 2016 21:01:48 -0700
From:	Matt Mullins <mmullins@...x.us>
To:	Kees Cook <keescook@...omium.org>
Cc:	Ingo Molnar <mingo@...nel.org>, Yinghai Lu <yinghai@...nel.org>,
	Ingo Molnar <mingo@...hat.com>, Baoquan He <bhe@...hat.com>,
	"H. Peter Anvin" <hpa@...or.com>, Borislav Petkov <bp@...en8.de>,
	Vivek Goyal <vgoyal@...hat.com>,
	Andy Lutomirski <luto@...nel.org>, lasse.collin@...aani.org,
	Andrew Morton <akpm@...ux-foundation.org>,
	Dave Young <dyoung@...hat.com>,
	LKML <linux-kernel@...r.kernel.org>,
	Simon Glass <sjg@...omium.org>
Subject: Re: [PATCH 2/6] x86/boot: Move compressed kernel to end of
 decompression buffer

[added Simon Glass to CC in case there's some input from u-boot]

On Thu, Apr 28, 2016 at 05:09:04PM -0700, Kees Cook wrote:
> From: Yinghai Lu <yinghai@...nel.org>
> 
> This patch adds BP_init_size (which is the INIT_SIZE as passed in from
> the boot_params) into asm-offsets.c to make it visible to the assembly
> code. Then when moving the ZO, it calculates the starting position of
> the copied ZO (via BP_init_size and the ZO run size) so that the VO__end
> will be at the end of the decompression buffer. To make the position
> calculation safe, the end of ZO is page aligned (and a comment is added
> to the existing VO alignment for good measure).

> diff --git a/arch/x86/boot/compressed/head_64.S b/arch/x86/boot/compressed/head_64.S
> index d43c30ed89ed..09cdc0c3ee7e 100644
> --- a/arch/x86/boot/compressed/head_64.S
> +++ b/arch/x86/boot/compressed/head_64.S
> @@ -338,7 +340,9 @@ preferred_addr:
>  1:
>  
>  	/* Target address to relocate to for decompression */
> -	leaq	z_extract_offset(%rbp), %rbx
> +	movl	BP_init_size(%rsi), %ebx
> +	subl	$_end, %ebx
> +	addq	%rbp, %rbx
>  
>  	/* Set up the stack */
>  	leaq	boot_stack_end(%rbx), %rsp

This appears to have a negative effect on booting the Intel Edison platform, as
it uses u-boot as its bootloader.  u-boot does not copy the init_size parameter
when booting a bzImage: it copies a fixed-size setup_header [1], and its
definition of setup_header doesn't include the parameters beyond setup_data [2].

With a zero value for init_size, this calculates a %rsp value of 0x101ff9600.
This causes the boot process to hard-stop at the immediately-following pushq, as
this platform has no usable physical addresses above 4G.

What are the options for getting this type of platform to function again?  For
now, kexec from a working Linux system does seem to be a work-around, but there
appears to be other x86 hardware using u-boot: the chromium.org folks seem to be
maintaining the u-boot x86 tree.

[1] http://git.denx.de/?p=u-boot.git;a=blob;f=arch/x86/lib/zimage.c;h=1b33c771391f49ffe82864ff1582bdfd07e5e97d;hb=HEAD#l156
[2] http://git.denx.de/?p=u-boot.git;a=blob;f=arch/x86/include/asm/bootparam.h;h=140095117e5a2daef0a097c55f0ed10e08acc781;hb=HEAD#l24

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ