| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAMj1kXFjWBpOij5V3=-9etqTW9p8guqPDCGU3DK0Yxq6zrBiBQ@mail.gmail.com> Date: Tue, 23 Jul 2024 00:14:29 +0200 From: Ard Biesheuvel <ardb@...nel.org> To: "Shao, Marshall" <Marshall.Shao@...l.com> Cc: "linux-efi@...r.kernel.org" <linux-efi@...r.kernel.org>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, "hpa@...or.com" <hpa@...or.com>, "dave.hansen@...ux.intel.com" <dave.hansen@...ux.intel.com>, "bp@...en8.de" <bp@...en8.de>, "mingo@...hat.com" <mingo@...hat.com>, "tglx@...utronix.de" <tglx@...utronix.de>, "Mishra, Ashish" <Ashish.Mishra4@...l.com>, "Chia, Jia Yuan" <JiaYuan.Chia@...l.com>, "Dion, Christopher" <Christopher.Dion@...l.com>, "Caisse, Joe" <Joe.Caisse@...l.com>, "Mukundan, Govind" <Govind.Mukundan@...l.com> Subject: Re: [Patch] Do not clear BSS region in x86 stub On Mon, 22 Jul 2024 at 13:48, Shao, Marshall <Marshall.Shao@...l.com> wrote: > > Hi Ard, > > > Given that GRUB now supports the native EFI entrypoint properly, > > the handover protocol is essentially deprecated. > > In my case, the systemd-boot jumped into the EFI stub code via > handover protocol, this may not be an orthodox way to boot the kernel > but it performs well on the others, I have tested on at least > 6 firmware. > systemd-boot does not implement the EFI handover protocol. systemd-stub does implement it (for UKIs) but only for kernel versions v5.8 or older. The EFI handover protocol is known to be problematic as the loaders often fail to allocate memory for the entire image, and only allocate enough pages to load the bzImage itself. This means that clearing BSS will wipe unrelated memory if the region after the image happens to be used already. It also means that not clearing BSS is just a crutch, and the correct fix is to ensure that systemd-stub allocates the correct number of pages, and clears the ones that are not covered by the bzImage payload. > I understand that the handover protocol is going to be deprecated. > However, as of now, I can't guarantee which EFI loader will be > used to load my bzImage. Although it’s not very common, booting > from the handover protocol with uncleaned BSS memory is possible. > systemd-boot does not use the EFI handover protocol. Please try to determine where this confusion comes from: are you using a UKI image perhaps? > >> memset(_bss+0x10000, 0, _ebss - _bss - 0x10000) > > > So now you are applying the memset only to part of BSS, right? How > > does this help? > > This part doesn't work without increasing the BOOT_STACK_SIZE. > ... because the 0x10000 value would be incorrect otherwise? I am trying to understand *why* this particular change works around the issue. Please elaborate. My preliminary conclusion here is that your implementation of the EFI handover protocol (which I fail to understand where it comes from) is not allocating enough memory. This should be fixed on the bootloader side, as not clearing the BSS does not prevent this memory from being corrupted.
Powered by blists - more mailing lists