lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <ZcBCiqOroolz1hoh@archie.me>
Date: Mon, 5 Feb 2024 09:06:02 +0700
From: Bagas Sanjaya <bagasdotme@...il.com>
To: Mike Beaton <mjsbeaton@...il.com>,
	Linux EFI <linux-efi@...r.kernel.org>,
	Linux Kernel Mailing List <linux-kernel@...r.kernel.org>
Cc: Ard Biesheuvel <ardb@...nel.org>, Ivan Hu <ivan.hu@...onical.com>,
	Jeremy Kerr <jk@...abs.org>, Peter Jones <pjones@...hat.com>
Subject: Re: Broken section alignment in 6.7 and 6.8rc EFI stub

On Mon, Feb 05, 2024 at 12:08:00AM +0000, Mike Beaton wrote:
> Good evening.
> 
> Linux kernels from 6.7 upwards (including 6.8rc) appear to have broken
> PE section alignment in their EFI stub.
> 
> Up to 6.6, we see monotonically increasing and contiguous VMA and LMA,
> as  expected for a well-formed PE/COFF file.
> 
> In 6.7 and 6.8 these addresses basically jump around all over the place.
> 
> At least one loader which is believed to be enforcing strong but
> reasonable rules on PE section layout refuses to load these:
> https://github.com/acidanthera/bugtracker/issues/2371#issuecomment-1925801292
> 
> objdumps of some example kernels (two good, three bad) follow:
> 
> $ objdump -h vmlinuz-5.15.0-92-generic
> 
> vmlinuz-5.15.0-92-generic:     file format pei-x86-64
> 
> Sections:
> Idx Name          Size      VMA               LMA               File off  Algn
>   0 .setup        00003bc0  0000000001000200  0000000001000200  00000200  2**4
>                   CONTENTS, ALLOC, LOAD, READONLY, CODE
>   1 .reloc        00000020  0000000001003dc0  0000000001003dc0  00003dc0  2**0
>                   CONTENTS, ALLOC, LOAD, READONLY, DATA
>   2 .compat       00000020  0000000001003de0  0000000001003de0  00003de0  2**0
>                   CONTENTS, ALLOC, LOAD, READONLY, DATA
>   3 .text         00b0f4c0  0000000001003e00  0000000001003e00  00003e00  2**4
>                   CONTENTS, ALLOC, LOAD, READONLY, CODE
> $ objdump -h vmlinuz-6.6.11-zabbly+
> 
> vmlinuz-6.6.11-zabbly+:     file format pei-x86-64
> 
> Sections:
> Idx Name          Size      VMA               LMA               File off  Algn
>   0 .setup        00003dc0  0000000001000200  0000000001000200  00000200  2**4
>                   CONTENTS, ALLOC, LOAD, READONLY, CODE
>   1 .reloc        00000020  0000000001003fc0  0000000001003fc0  00003fc0  2**0
>                   CONTENTS, ALLOC, LOAD, READONLY, DATA
>   2 .compat       00000020  0000000001003fe0  0000000001003fe0  00003fe0  2**0
>                   CONTENTS, ALLOC, LOAD, READONLY, DATA
>   3 .text         00d6e400  0000000001004000  0000000001004000  00004000  2**4
>                   CONTENTS, ALLOC, LOAD, READONLY, CODE
> $ objdump -h vmlinuz-6.7.3-3-liquorix-amd64
> 
> vmlinuz-6.7.3-3-liquorix-amd64:     file format pei-x86-64
> 
> Sections:
> Idx Name          Size      VMA               LMA               File off  Algn
>   0 .setup        00003000  0000000000001000  0000000000001000  00001000  2**2
>                   CONTENTS, ALLOC, LOAD, READONLY, DATA
>   1 .compat       00000008  0000000000c0e000  0000000000c0e000  00004000  2**2
>                   CONTENTS, ALLOC, LOAD, READONLY, DATA
>   2 .text         00baa000  0000000000005000  0000000000005000  00005000  2**4
>                   CONTENTS, ALLOC, LOAD, READONLY, CODE
>   3 .data         00001200  0000000000baf000  0000000000baf000  00baf000  2**4
>                   CONTENTS, ALLOC, LOAD, DATA
> $ objdump -h vmlinuz-6.7.3-zabbly+
> 
> vmlinuz-6.7.3-zabbly+:     file format pei-x86-64
> 
> Sections:
> Idx Name          Size      VMA               LMA               File off  Algn
>   0 .setup        00003000  0000000000001000  0000000000001000  00001000  2**2
>                   CONTENTS, ALLOC, LOAD, READONLY, DATA
>   1 .compat       00000008  0000000000df0000  0000000000df0000  00004000  2**2
>                   CONTENTS, ALLOC, LOAD, READONLY, DATA
>   2 .text         00d84000  0000000000005000  0000000000005000  00005000  2**4
>                   CONTENTS, ALLOC, LOAD, READONLY, CODE
>   3 .data         00001200  0000000000d89000  0000000000d89000  00d89000  2**4
>                   CONTENTS, ALLOC, LOAD, DATA
> $ objdump -h vmlinuz-6.8.0-0.rc3.225.vanilla.fc39.x86_64
> 
> vmlinuz-6.8.0-0.rc3.225.vanilla.fc39.x86_64:     file format pei-x86-64
> 
> Sections:
> Idx Name          Size      VMA               LMA               File off  Algn
>   0 .setup        00003000  0000000000001000  0000000000001000  00001000  2**2
>                   CONTENTS, ALLOC, LOAD, READONLY, DATA
>   1 .compat       00000008  0000000000e8b000  0000000000e8b000  00004000  2**2
>                   CONTENTS, ALLOC, LOAD, READONLY, DATA
>   2 .text         00e1f000  0000000000005000  0000000000005000  00005000  2**4
>                   CONTENTS, ALLOC, LOAD, READONLY, CODE
>   3 .data         00001200  0000000000e24000  0000000000e24000  00e24000  2**4
>                   CONTENTS, ALLOC, LOAD, DATA
> $

So v6.7 onwards misses .reloc section, right?

Confused...

-- 
An old man doll... just what I always wanted! - Clara

Download attachment "signature.asc" of type "application/pgp-signature" (229 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ