lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <d0016504-af19-eab5-8898-f51a8c8abdcd@tweek.dk>
Date:   Fri, 22 Sep 2023 13:04:26 +0200 (CEST)
From:   Martin Nybo Andersen <tweek@...ek.dk>
To:     Masahiro Yamada <masahiroy@...nel.org>
cc:     Tor Vic <torvic9@...lbox.org>,
        Nathan Chancellor <nathan@...nel.org>,
        Nick Desaulniers <ndesaulniers@...gle.com>,
        Nicolas Schier <nicolas@...sle.eu>,
        Nick Terrell <terrelln@...com>, linux-kbuild@...r.kernel.org,
        linux-kernel@...r.kernel.org,
        Lucas De Marchi <lucas.de.marchi@...il.com>
Subject: Re: [PATCH] Use CRC32 and a 1MiB dictionary for XZ compressed
 modules


On Fri, 22 Sep 2023, Masahiro Yamada wrote:

[...]

> Hello, sorry for the delay.
>
> I am OK with picking the patch to my tree.

Hi,

That sound great :)

> I think we can use --check=crc32 --lzma2=dict=1MiB
> unconditionally.
>
> (But, if the in-kernel decompressor is improved
> to understand CRC64 in the future, we can loosen
> this restriction again.)

Of course.

> Just small change requests.
>
> Please do not use the Fixes tag to point at the Debian bug tracker.
>
>
> Instead, you can do
>
> Link: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1050582
>
>   or
>
> Closes: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1050582
>
>
>
> Also, mention that this change happened in
>
> kmod commit 09c9f8c5df04 ("libkmod: Use kernel decompression when available")
>
> in the commit description might be helpful.
>
>
>
>
> I added Lukas to CC.
> He is the author of the change on kmod side.

Is this ok?

Kmod is now (since kmod commit 09c9f8c5df04 ("libkmod: Use kernel
decompression when available")) using the kernel decompressor, when
loading compressed modules.

However, the kernel XZ decompressor is XZ Embedded, which doesn't
handle CRC64 and dictionaries larger than 1MiB.

Use CRC32 and 1MiB dictionary when XZ compressing and installing
kernel modules.

Link: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1050582
Signed-off-by: Martin Nybo Andersen <tweek@...ek.dk>
---
  scripts/Makefile.modinst | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/Makefile.modinst b/scripts/Makefile.modinst
index c59cc57286ba..ffbafbd3aeea 100644
--- a/scripts/Makefile.modinst
+++ b/scripts/Makefile.modinst
@@ -144,7 +144,7 @@ endif
  quiet_cmd_gzip = GZIP    $@
        cmd_gzip = $(KGZIP) -n -f $<
  quiet_cmd_xz = XZ      $@
-      cmd_xz = $(XZ) --lzma2=dict=2MiB -f $<
+      cmd_xz = $(XZ) --check=crc32 --lzma2=dict=1MiB -f $<
  quiet_cmd_zstd = ZSTD    $@
        cmd_zstd = $(ZSTD) -T0 --rm -f -q $<
-- 
2.40.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ