lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <FFF73D592F13FD46B8700F0A279B802F485BB5A3@ORSMSX114.amr.corp.intel.com>
Date:   Wed, 12 Sep 2018 17:32:43 +0000
From:   "Prakhya, Sai Praneeth" <sai.praneeth.prakhya@...el.com>
To:     Ard Biesheuvel <ard.biesheuvel@...aro.org>
CC:     linux-efi <linux-efi@...r.kernel.org>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        the arch/x86 maintainers <x86@...nel.org>,
        "Al Stone" <astone@...hat.com>, Borislav Petkov <bp@...en8.de>,
        Ingo Molnar <mingo@...nel.org>,
        Andy Lutomirski <luto@...nel.org>,
        Bhupesh Sharma <bhsharma@...hat.com>,
        Thomas Gleixner <tglx@...utronix.de>,
        Peter Zijlstra <peterz@...radead.org>
Subject: RE: [PATCH V6 0/2] Add efi page fault handler to recover from page

> > This issue was reported by Al Stone when he saw that reboot via EFI
> > hangs the machine. Upon debugging, I found that it's
> > efi_reset_system() that's touching memory regions which it shouldn't.
> > To reproduce the same behavior, I have hacked OVMF and made
> > efi_reset_system() buggy. Along with efi_reset_system(), I have also
> > modified get_next_high_mono_count() and set_virtual_address_map().
> > They illegally access both boot time and other efi regions.
> >
> > Testing the patch set:
> > ----------------------
> > 1. Download buggy firmware from here [1].
> > 2. Run a qemu instance with this buggy BIOS and boot mainline kernel.
> > Add reboot=efi to the kernel command line arguments and after the
> > kernel is up and running, type "reboot". The kernel should hang while
> rebooting.
> > 3. With the same setup, boot kernel after applying patches and the
> > reboot should work fine. Also please notice warning/error messages
> > printed by kernel.
> >
> 
> Did you test these patches with other buggy runtime services?

Yes, I did. I have modified efi runtime service GetNextHighMonotonicCount 
and made it buggy, when invoked from FWTS test suites the efi page fault 
handler works as expected (i.e. freezing efi_rts_wq and disabling efi runtime 
services forever).

Regards,
Sai

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ