lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Thu, 20 Apr 2017 04:16:18 -0700
From:   tip-bot for Ashish Kalra <tipbot@...or.com>
To:     linux-tip-commits@...r.kernel.org
Cc:     ashish@...estacks.com, stable@...r.kernel.org,
        peterz@...radead.org, jpoimboe@...hat.com,
        linux-kernel@...r.kernel.org, brgerst@...il.com,
        tglx@...utronix.de, bp@...en8.de, luto@...nel.org, hpa@...or.com,
        dvlasenk@...hat.com, mingo@...nel.org,
        torvalds@...ux-foundation.org
Subject: [tip:x86/boot] x86/boot: Fix BSS corruption/overwrite bug in early
 x86 kernel startup

Commit-ID:  d594aa0277e541bb997aef0bc0a55172d8138340
Gitweb:     http://git.kernel.org/tip/d594aa0277e541bb997aef0bc0a55172d8138340
Author:     Ashish Kalra <ashish@...estacks.com>
AuthorDate: Wed, 19 Apr 2017 20:50:15 +0530
Committer:  Ingo Molnar <mingo@...nel.org>
CommitDate: Thu, 20 Apr 2017 10:05:23 +0200

x86/boot: Fix BSS corruption/overwrite bug in early x86 kernel startup

The minimum size for a new stack (512 bytes) setup for arch/x86/boot components
when the bootloader does not setup/provide a stack for the early boot components
is not "enough".

The setup code executing as part of early kernel startup code, uses the stack
beyond 512 bytes and accidentally overwrites and corrupts part of the BSS
section. This is exposed mostly in the early video setup code, where
it was corrupting BSS variables like force_x, force_y, which in-turn affected
kernel parameters such as screen_info (screen_info.orig_video_cols) and
later caused an exception/panic in console_init().

Most recent boot loaders setup the stack for early boot components, so this
stack overwriting into BSS section issue has not been exposed.

Signed-off-by: Ashish Kalra <ashish@...estacks.com>
Cc: <stable@...r.kernel.org>
Cc: Andy Lutomirski <luto@...nel.org>
Cc: Borislav Petkov <bp@...en8.de>
Cc: Brian Gerst <brgerst@...il.com>
Cc: Denys Vlasenko <dvlasenk@...hat.com>
Cc: H. Peter Anvin <hpa@...or.com>
Cc: Josh Poimboeuf <jpoimboe@...hat.com>
Cc: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: Peter Zijlstra <peterz@...radead.org>
Cc: Thomas Gleixner <tglx@...utronix.de>
Link: http://lkml.kernel.org/r/20170419152015.10011-1-ashishkalra@Ashishs-MacBook-Pro.local
Signed-off-by: Ingo Molnar <mingo@...nel.org>
---
 arch/x86/boot/boot.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/x86/boot/boot.h b/arch/x86/boot/boot.h
index 9b42b6d..ef5a9cc 100644
--- a/arch/x86/boot/boot.h
+++ b/arch/x86/boot/boot.h
@@ -16,7 +16,7 @@
 #ifndef BOOT_BOOT_H
 #define BOOT_BOOT_H
 
-#define STACK_SIZE	512	/* Minimum number of bytes for stack */
+#define STACK_SIZE	1024	/* Minimum number of bytes for stack */
 
 #ifndef __ASSEMBLY__

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ