lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Thu, 6 Aug 2020 10:45:42 +0200
From:   Norbert Lange <nolange79@...il.com>
To:     Russell King - ARM Linux admin <linux@...linux.org.uk>
Cc:     Arnd Bergmann <arnd@...db.de>,
        linux-kernel <linux-kernel@...r.kernel.org>,
        Petr Malat <oss@...at.biz>, Kees Cook <keescook@...omium.org>,
        Adam Borowski <kilobyte@...band.pl>,
        Sedat Dilek <sedat.dilek@...il.com>,
        Andrew Morton <akpm@...ux-foundation.org>,
        Nick Terrell <terrelln@...com>
Subject: Re: [PATCH] arm: Add support for ZSTD compressed kernel

Am Do., 6. Aug. 2020 um 02:30 Uhr schrieb Russell King - ARM Linux
admin <linux@...linux.org.uk>:
>
> On Thu, Aug 06, 2020 at 01:05:55AM +0200, Norbert Lange wrote:
> > diff --git a/arch/arm/boot/compressed/head.S b/arch/arm/boot/compressed/head.S
> > index 434a16982e34..1af01bfe6638 100644
> > --- a/arch/arm/boot/compressed/head.S
> > +++ b/arch/arm/boot/compressed/head.S
> > @@ -614,7 +614,11 @@ not_relocated:   mov     r0, #0
> >   */
> >               mov     r0, r4
> >               mov     r1, sp                  @ malloc space above stack
> > +#if defined(CONFIG_KERNEL_ZSTD)
> > +             add     r2, sp, #0x30000        @ Context needs ~160K
>
> That's going to mess up kexec:
>
>         /*
>          * The zImage length does not include its stack (4k) or its
>          * malloc space (64k).  Include this.
>          */
>         len += 0x11000;
>
> I guess we need to add this to the information provided to kexec.

Ouch, I guess it's rather impossible to load a new ZSTD kernel with a old
kexec version in that case.

Some ideas to fix that would be:

-   Increase the padding to "192K + 4K is enough for everyone" in kexec
-   Add the required/recommended stack+heap size to zImage so kexec can use it.
-   change boot logic to place heap before/after the *output* range.
    with the various ways of booting arm this will likely cause other
issues in some combinations.
-   try to reduce zstd context size safetly below 64K.
    I believe the entropy tables are computed once and never modified,
so those could be part of the zImage
    (at some loss of compression rate of course). Would need some host
tool to inject those.

Norbert

Powered by blists - more mailing lists