lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Mon, 7 Oct 2019 18:56:53 +0200
From:   Hans de Goede <hdegoede@...hat.com>
To:     Arvind Sankar <nivedita@...m.mit.edu>
Cc:     linux-kernel@...r.kernel.org, Ingo Molnar <mingo@...nel.org>,
        x86@...nel.org
Subject: Re: kexec breaks with 5.4 due to memzero_explicit

Hi,

On 07-10-2019 15:20, Arvind Sankar wrote:
> On Mon, Oct 07, 2019 at 11:10:18AM +0200, Hans de Goede wrote:
>> Hi,
>>
>> On 07-10-2019 10:50, Hans de Goede wrote:
>>> Hi,
>>>
>>> On 07-10-2019 05:09, Arvind Sankar wrote:
>>>> Hi, arch/x86/purgatory/purgatory.ro has an undefined symbol
>>>> memzero_explicit. This has come from commit 906a4bb97f5d ("crypto:
>>>> sha256 - Use get/put_unaligned_be32 to get input, memzero_explicit")
>>>> according to git bisect.
>>>
>>> Hmm, it (obviously) does build for me and using kexec still also works
>>> for me.
>>>
>>> But it seems that you are right and that this should not build, weird.
>>
>> Ok, I understand now, it seems that the kernel will happily build with
>> undefined symbols in the purgatory and my kexec testing did not hit
>> the sha256 check path (*) so it did not crash. I can reproduce this before my patch:
> 
> Yes -- this should really be fixed. purgatory build should fail if there
> are undefined symbols, in fact the Makefile apparently is trying to do
> something to catch undefined references?
> 
> LDFLAGS_purgatory.ro := -e purgatory_start -r --no-undefined -nostdlib -z nodefaultlib
> 
> This doesn't seem to actually do anything though. Anyone know of a way
> to force ld to error if the resulting object would have undefined
> symbols?

I've figured out a way to get an error for the missing symbol, I will
Cc you on the patch which I will post upstream soon.

I will also write a similar patch for s390 and post that upstream
(untested) separately.

Regards,

Hans

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ