| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 31 Dec 2022 21:13:05 -0800
From: "H. Peter Anvin" <hpa@...or.com>
To: Mika Penttilä <mika.penttila@...sol.com>,
"Jason A. Donenfeld" <Jason@...c4.com>,
Borislav Petkov <bp@...en8.de>
Cc: pbonzini@...hat.com, ebiggers@...nel.org, x86@...nel.org,
linux-kernel@...r.kernel.org, qemu-devel@...gnu.org,
ardb@...nel.org, kraxel@...hat.com, philmd@...aro.org
Subject: Re: [PATCH qemu] x86: don't let decompressed kernel image clobber
setup_data
On 12/31/22 20:55, Mika Penttilä wrote:
>>
>> If decompression does clobber the data, then we *also* need to figure
>> out why that is. There are basically three possibilities:
>>
>> 1. If physical KASLR is NOT used:
>>
>> a. The boot loader doesn't honor the kernel safe area properly;
>> b. Somewhere in the process a bug in the calculation of the
>> kernel safe area has crept in.
>>
>> 2. If physical KASLR IS used:
>>
>> The decompressor doesn't correctly keep track of nor relocate
>> all the keep-out zones before picking a target address.
>
> Seems setup_data is not included in those mem_avoid regions.
>
[facepalm]
>>
>> One is a bootloader bug, two is a kernel bugs. My guess is (2) is the
>> culprit, but (1b) should be checked, too.
>>
Correction: two are kernel bugs, i.e. (1b) and (2) are both kernel bugs.
-hpa
Powered by blists - more mailing lists