lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <68e10f13-cc5d-fbde-e971-5abee5ebf09e@gmail.com>
Date:   Mon, 15 Jan 2018 18:22:30 +0100
From:   Gabriel C <nix.or.die@...il.com>
To:     Juergen Gross <jgross@...e.com>, Ingo Molnar <mingo@...nel.org>
Cc:     Borislav Petkov <bp@...en8.de>,
        Mike Galbraith <mgalbraith@...e.de>,
        LKML <linux-kernel@...r.kernel.org>,
        Thomas Gleixner <tglx@...utronix.de>,
        Peter Zijlstra <peterz@...radead.org>
Subject: Re: [x86-tip] RSDP changes converted i4790 box SMP -> UP

On 15.01.2018 18:04, Juergen Gross wrote:
> On 15/01/18 17:56, Gabriel C wrote:
>> On 15.01.2018 17:42, Juergen Gross wrote:
>>> On 15/01/18 17:29, Gabriel C wrote:
>>>> On 15.01.2018 16:40, Juergen Gross wrote:
>>>>> On 15/01/18 16:32, Ingo Molnar wrote:
>>>>>>
>>>>
>>>> Hi Juergen,
>>>>
>>>>>> * Juergen Gross <jgross@...e.com> wrote:
>>>>>>
>>>>>>> On 15/01/18 15:56, Borislav Petkov wrote:
>>>>>>>> On Mon, Jan 15, 2018 at 03:52:25PM +0100, Juergen Gross wrote:
>>>>>>>>> Ingo, with my finding that above boot failure is related to a
>>>>>>>>> bug in
>>>>>>>>> openSUSE's grub2 (I've verified it soesn't exist in upstream
>>>>>>>>> grub2),
>>>>>>>>
>>>>>>>> The box I'm seeing this on has SLES12-SP2 grub:
>>>>>>>>
>>>>>>>> Version        : 2.02~beta2-115.9.1
>>>>>>>>
>>>>>>>> Does it have the same bug?
>>>>>>>
>>>>>>> The patch introducing this problem is from 2012. So I guess: yes.
>>>>>>
>>>>>> I suspect this makes it a widespread, unintended ABI. Can we detect
>>>>>> and somehow avoid it?
>>>>>>
>>>>>> The boot protocol ABI sucks if it's fragile against such mistakes.
>>>>>
>>>>> Well, copying sizeof(setup_header) into grub2 and then coyping back
>>>>> just
>>>>> 1024 bytes is plain wrong. It is a miracle nothing broke up to now.
>>>>>
>>>>
>>>> I'm not on SUSE and hit that too on an H11DSi-NT.
>>>> See: https://marc.info/?l=linux-kernel&m=151579540320553&w=2
>>>
>>> Where does your grub come from?
>>
>> https://github.com/frugalware/frugalware-current/tree/master/source/base/grub2
>>
>>
>>
> 
> See line 409 of:
> 
> https://github.com/frugalware/frugalware-current/blob/master/source/base/grub2/0019-Add-support-for-linuxefi.patch
> 
> There you can see the memcpy with the wrong size back to the to be
> booted kernel...
> 

I see .. however Fedora have it too , Debian also..
https://src.fedoraproject.org/rpms/grub2/blob/master/f/0083-Add-support-for-linuxefi.patch#_409

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ