lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 7 Oct 2019 09:20:05 -0400
From:   Arvind Sankar <nivedita@...m.mit.edu>
To:     Hans de Goede <hdegoede@...hat.com>
Cc:     Arvind Sankar <nivedita@...m.mit.edu>,
        linux-kernel@...r.kernel.org, Ingo Molnar <mingo@...nel.org>,
        x86@...nel.org
Subject: Re: kexec breaks with 5.4 due to memzero_explicit

On Mon, Oct 07, 2019 at 11:10:18AM +0200, Hans de Goede wrote:
> Hi,
> 
> On 07-10-2019 10:50, Hans de Goede wrote:
> > Hi,
> > 
> > On 07-10-2019 05:09, Arvind Sankar wrote:
> >> Hi, arch/x86/purgatory/purgatory.ro has an undefined symbol
> >> memzero_explicit. This has come from commit 906a4bb97f5d ("crypto:
> >> sha256 - Use get/put_unaligned_be32 to get input, memzero_explicit")
> >> according to git bisect.
> > 
> > Hmm, it (obviously) does build for me and using kexec still also works
> > for me.
> > 
> > But it seems that you are right and that this should not build, weird.
> 
> Ok, I understand now, it seems that the kernel will happily build with
> undefined symbols in the purgatory and my kexec testing did not hit
> the sha256 check path (*) so it did not crash. I can reproduce this before my patch:

Yes -- this should really be fixed. purgatory build should fail if there
are undefined symbols, in fact the Makefile apparently is trying to do
something to catch undefined references?

LDFLAGS_purgatory.ro := -e purgatory_start -r --no-undefined -nostdlib -z nodefaultlib

This doesn't seem to actually do anything though. Anyone know of a way
to force ld to error if the resulting object would have undefined
symbols?

> 
> [hans@...lem linux]$ ld arch/x86/purgatory/purgatory.ro
> ld: warning: cannot find entry symbol _start; defaulting to 0000000000401000
> ld: arch/x86/purgatory/purgatory.ro: in function `sha256_transform':
> sha256.c:(.text+0x1c0c): undefined reference to `memzero_explicit'
> 
> And I can confirm that it is gone after my patch:
> 
> [hans@...lem linux]$ ld arch/x86/purgatory/purgatory.ro
> ld: warning: cannot find entry symbol _start; defaulting to 0000000000401000
> 
> Regards,
> 
> Hans
> 
> 
> *) I tried with a Fedora signed kernel, dunno how to trigger this if that does not
> trigger it
> 

It triggers an error for me when loading the new image, i.e. when doing
# kexec -s -l new_image

Not sure what the difference is, mine is a custom configuration built
using mainline sources.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ