lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20230726-excavate-swoosh-424ede98f63d@spud>
Date:   Wed, 26 Jul 2023 17:33:49 +0100
From:   Conor Dooley <conor@...nel.org>
To:     Petr Tesarik <petrtesarik@...weicloud.com>
Cc:     Paul Walmsley <paul.walmsley@...ive.com>,
        Palmer Dabbelt <palmer@...belt.com>,
        Albert Ou <aou@...s.berkeley.edu>,
        Conor Dooley <conor.dooley@...rochip.com>,
        Li Huafei <lihuafei1@...wei.com>,
        Liao Chang <liaochang1@...wei.com>,
        Masahiro Yamada <masahiroy@...nel.org>,
        Kees Cook <keescook@...omium.org>,
        Andrew Morton <akpm@...ux-foundation.org>,
        Heiko Stuebner <heiko@...ech.de>,
        Ricardo Ribalda <ribalda@...omium.org>,
        Alyssa Ross <hi@...ssa.is>, Li Zhengyu <lizhengyu3@...wei.com>,
        "open list:RISC-V ARCHITECTURE" <linux-riscv@...ts.infradead.org>,
        kexec@...ts.infradead.org,
        open list <linux-kernel@...r.kernel.org>,
        Torsten Duwe <duwe@...e.de>,
        Roberto Sassu <roberto.sassu@...weicloud.com>, petr@...arici.cz
Subject: Re: [PATCH v2 2/3] riscv/purgatory: do not link with string.o and
 its dependencies

On Wed, Jul 26, 2023 at 11:54:00AM +0200, Petr Tesarik wrote:
> From: Petr Tesarik <petr.tesarik.ext@...wei.com>
> 
> Linking with this object file makes kexec_file_load(2) fail because of
> multiple unknown relocation types:
> 
> - R_RISCV_ADD16, R_RISCV_SUB16: used by alternatives in strcmp()
> - R_RISCV_GOT_HI20: used to resolve _ctype in strcasecmp()
> 
> All this hassle is needed for one single call to memcmp() from
> verify_sha256_digest() to compare 32 bytes of SHA256 checksum.
> 
> Simply replace this memcmp() call with an explicit loop over those 32 bytes
> and remove the need to link with string.o and all the other object files
> that provide undefined symbols from that object file.
> 
> Fixes: 838b3e28488f ("RISC-V: Load purgatory in kexec_file")
> Signed-off-by: Petr Tesarik <petr.tesarik.ext@...wei.com>

This version keeps the automation happy,
Acked-by: Conor Dooley <conor.dooley@...rochip.com>

Thanks,
Conor.

Download attachment "signature.asc" of type "application/pgp-signature" (229 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ