| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 10 Nov 2018 08:02:45 +0100
From: Juergen Gross <jgross@...e.com>
To: "H. Peter Anvin" <hpa@...or.com>, linux-kernel@...r.kernel.org,
xen-devel@...ts.xenproject.org, x86@...nel.org,
linux-doc@...r.kernel.org
Cc: tglx@...utronix.de, mingo@...hat.com, bp@...en8.de, corbet@....net,
boris.ostrovsky@...cle.com
Subject: Re: PLEASE REVERT URGENTLY: Re: [PATCH v5 2/3] x86/boot: add acpi
rsdp address to setup_header
On 10/11/2018 07:32, H. Peter Anvin wrote:
>>
>> Unfortunately there are many major distros shipping boot loaders which
>> write crap data past the end of setup_header.
>>
>
> Yes. We know that and it is resolved by:
>
> a) the length field in setup_header;
> b) the "sentinel" field which catches legacy non-compliant bootloaders.
Doesn't help for boot loaders reading struct setup_header from the
kernel image and then writing e.g. 512 bytes back to the setup_header
location. The sentinel is cleared and the length field just isn't
taken into account. And this is what happened.
>
>>>
>>> This field thus belongs in struct boot_params, not struct setup_header.
>>
>> Okay, I can change that. Hoping that all boot loaders really write
>> zeroes to that field in case they don't know it.
>>
>
> This is what we added the sentinel field for: bootloaders which don't zero
> unknown fields (read: Grub) will trigger the sentinel, and we wipe most of
> this structure.
Unfortunately the sentinel seems to be cleared by said broken grub.
Juergen
Powered by blists - more mailing lists