lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 01 Jun 2021 09:36:27 +0100
From:   Marc Zyngier <maz@...nel.org>
To:     Ard Biesheuvel <ardb@...nel.org>
Cc:     kexec@...ts.infradead.org,
        Linux ARM <linux-arm-kernel@...ts.infradead.org>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        Catalin Marinas <catalin.marinas@....com>,
        Will Deacon <will@...nel.org>,
        Mark Rutland <mark.rutland@....com>,
        James Morse <james.morse@....com>,
        Lorenzo Pieralisi <lorenzo.pieralisi@....com>,
        Hanjun Guo <guohanjun@...wei.com>,
        Sudeep Holla <sudeep.holla@....com>,
        Eric Biederman <ebiederm@...ssion.com>,
        Bhupesh SHARMA <bhupesh.sharma@...aro.org>,
        AKASHI Takahiro <takahiro.akashi@...aro.org>,
        Dave Young <dyoung@...hat.com>,
        Andrew Morton <akpm@...ux-foundation.org>,
        Moritz Fischer <mdf@...nel.org>,
        Android Kernel Team <kernel-team@...roid.com>,
        "# 3.4.x" <stable@...r.kernel.org>
Subject: Re: [PATCH v2 1/5] arm64: kexec_file: Forbid non-crash kernels

On Mon, 31 May 2021 20:37:49 +0100,
Ard Biesheuvel <ardb@...nel.org> wrote:
> 
> On Mon, 31 May 2021 at 11:57, Marc Zyngier <maz@...nel.org> wrote:
> >
> > It has been reported that kexec_file doesn't really work on arm64.
> > It completely ignores any of the existing reservations, which results
> > in the secondary kernel being loaded where the GICv3 LPI tables live,
> > or even corrupting the ACPI tables.
> >
> > Since only crash kernels are imune to this as they use a reserved
> > memory region, disable the non-crash kernel use case. Further
> > patches will try and restore the functionality.
> >
> > Reported-by: Moritz Fischer <mdf@...nel.org>
> > Signed-off-by: Marc Zyngier <maz@...nel.org>
> > Cc: stable@...r.kernel.org # 5.10
> 
> Acked-by: Ard Biesheuvel <ardb@...nel.org>
> 
> ... but do we really only need this in 5.10 and not earlier?

We *do* need something in earlier kernel (as mentioned in the cover
letter), but not this patch (arch_kexec_locate_mem_hole doesn't exist
there, so there is nothing to override).

I guess that completely disabling CONFIG_KEXEC_FILE on arm64 is the
way to go for 5.4 and earlier, as I don't think there is any crash
kernel support there.

Thanks,

	M.

-- 
Without deviation from the norm, progress is not possible.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ