lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAHk-=wi-s0mmLAVg-aSmNU55=cE8ES7mC=Mc3Wn62P8W9VjY-A@mail.gmail.com>
Date:   Tue, 14 Apr 2020 11:27:04 -0700
From:   Linus Torvalds <torvalds@...ux-foundation.org>
To:     Ard Biesheuvel <ardb@...nel.org>
Cc:     Jörg Otte <jrg.otte@...il.com>,
        linux-efi <linux-efi@...r.kernel.org>,
        Arvind Sankar <nivedita@...m.mit.edu>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>
Subject: Re: Kernel V5.7-rc1 doesn't boot (EFI?)

On Tue, Apr 14, 2020 at 3:50 AM Ard Biesheuvel <ardb@...nel.org> wrote:
>
> [*] GRUB on x86 turns out not to zero initialize BSS when it invokes
> the EFI stub as a PE/COFF executable

The fix seems to be to put all globals in the .data section, even if
they don't have initializers.

That seems very fragile. Very easy to forget to not declare some
static variable with __efistub_global.

Could we not make the EFI stub code zero out the BSS itself? Perhaps
setting a warning flag (for a later printout) if it wasn't already
zero, so that people could point fingers are buggy loaders..

             Linus

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ