lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID:
 <DS7PR19MB570924EC5BB1BA3F321A65B98BA82@DS7PR19MB5709.namprd19.prod.outlook.com>
Date: Mon, 22 Jul 2024 11:45:10 +0000
From: "Shao, Marshall" <Marshall.Shao@...l.com>
To: Ard Biesheuvel <ardb@...nel.org>
CC: "linux-efi@...r.kernel.org" <linux-efi@...r.kernel.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        "hpa@...or.com" <hpa@...or.com>,
        "dave.hansen@...ux.intel.com"
	<dave.hansen@...ux.intel.com>,
        "bp@...en8.de" <bp@...en8.de>, "mingo@...hat.com" <mingo@...hat.com>,
        "tglx@...utronix.de"
	<tglx@...utronix.de>,
        "Mishra, Ashish" <Ashish.Mishra4@...l.com>,
        "Chia, Jia
 Yuan" <JiaYuan.Chia@...l.com>,
        "Dion, Christopher"
	<Christopher.Dion@...l.com>,
        "Caisse, Joe" <Joe.Caisse@...l.com>,
        "Mukundan,
 Govind" <Govind.Mukundan@...l.com>
Subject: RE: [Patch] Do not clear BSS region in x86 stub

Hi Ard,

> Given that GRUB now supports the native EFI entrypoint properly, 
> the handover protocol is essentially deprecated.

In my case, the systemd-boot jumped into the EFI stub code via
handover protocol, this may not be an orthodox way to boot the kernel
but it performs well on the others, I have tested on at least 
6 firmware.

I understand that the handover protocol is going to be deprecated.
However, as of now, I can't guarantee which EFI loader will be 
used to load my bzImage. Although it’s not very common, booting 
from the handover protocol with uncleaned BSS memory is possible.

>> memset(_bss+0x10000, 0, _ebss - _bss - 0x10000)

> So now you are applying the memset only to part of BSS, right? How
> does this help?

This part doesn't work without increasing the BOOT_STACK_SIZE.

And following content is my PE metadata, many thanks!


File: bzImage
Format: COFF-x86-64
Arch: x86_64
AddressSize: 64bit
ImageFileHeader {
  Machine: IMAGE_FILE_MACHINE_AMD64 (0x8664)
  SectionCount: 3
  TimeDateStamp: 1970-01-01 00:00:00 (0x0)
  PointerToSymbolTable: 0x0
  SymbolCount: 0
  StringTableSize: 0
  OptionalHeaderSize: 160
  Characteristics [ (0x206)
    IMAGE_FILE_DEBUG_STRIPPED (0x200)
    IMAGE_FILE_EXECUTABLE_IMAGE (0x2)
    IMAGE_FILE_LINE_NUMS_STRIPPED (0x4)
  ]
}
ImageOptionalHeader {
  Magic: 0x20B
  MajorLinkerVersion: 2
  MinorLinkerVersion: 20
  SizeOfCode: 9416704
  SizeOfInitializedData: 241664
  SizeOfUninitializedData: 0
  AddressOfEntryPoint: 0x8F8990
  BaseOfCode: 0x4000
  ImageBase: 0x0
  SectionAlignment: 4096
  FileAlignment: 512
  MajorOperatingSystemVersion: 0
  MinorOperatingSystemVersion: 0
  MajorImageVersion: 3
  MinorImageVersion: 0
  MajorSubsystemVersion: 0
  MinorSubsystemVersion: 0
  SizeOfImage: 9674752
  SizeOfHeaders: 4096
  Subsystem: IMAGE_SUBSYSTEM_EFI_APPLICATION (0xA)
  Characteristics [ (0x100)
    IMAGE_DLL_CHARACTERISTICS_NX_COMPAT (0x100)
  ]
  SizeOfStackReserve: 0
  SizeOfStackCommit: 0
  SizeOfHeapReserve: 0
  SizeOfHeapCommit: 0
  NumberOfRvaAndSize: 6
  DataDirectory {
    ExportTableRVA: 0x0
    ExportTableSize: 0x0
    ImportTableRVA: 0x0
    ImportTableSize: 0x0
    ResourceTableRVA: 0x0
    ResourceTableSize: 0x0
    ExceptionTableRVA: 0x0
    ExceptionTableSize: 0x0
    CertificateTableRVA: 0x0
    CertificateTableSize: 0x0
    BaseRelocationTableRVA: 0x0
    BaseRelocationTableSize: 0x0
  }
}
DOSHeader {
  Magic: MZ
  UsedBytesInTheLastPage: 0
  FileSizeInPages: 0
  NumberOfRelocationItems: 0
  HeaderSizeInParagraphs: 0
  MinimumExtraParagraphs: 0
  MaximumExtraParagraphs: 0
  InitialRelativeSS: 0
  InitialSP: 0
  Checksum: 0
  InitialIP: 0
  InitialRelativeCS: 0
  AddressOfRelocationTable: 0
  OverlayNumber: 0
  OEMid: 0
  OEMinfo: 0
  AddressOfNewExeHeader: 64
}
Sections [
  Section {
    Number: 1
    Name: .setup (2E 73 65 74 75 70 00 00)
    VirtualSize: 0x3000
    VirtualAddress: 0x1000
    RawDataSize: 12288
    PointerToRawData: 0x1000
    PointerToRelocations: 0x0
    PointerToLineNumbers: 0x0
    RelocationCount: 0
    LineNumberCount: 0
    Characteristics [ (0x42000040)
      IMAGE_SCN_CNT_INITIALIZED_DATA (0x40)
      IMAGE_SCN_MEM_DISCARDABLE (0x2000000)
      IMAGE_SCN_MEM_READ (0x40000000)
    ]
  }
  Section {
    Number: 2
    Name: .text (2E 74 65 78 74 00 00 00)
    VirtualSize: 0x8FB000
    VirtualAddress: 0x4000
    RawDataSize: 9416704
    PointerToRawData: 0x4000
    PointerToRelocations: 0x0
    PointerToLineNumbers: 0x0
    RelocationCount: 0
    LineNumberCount: 0
    Characteristics [ (0x60000020)
      IMAGE_SCN_CNT_CODE (0x20)
      IMAGE_SCN_MEM_EXECUTE (0x20000000)
      IMAGE_SCN_MEM_READ (0x40000000)
    ]
  }
  Section {
    Number: 3
    Name: .data (2E 64 61 74 61 00 00 00)
    VirtualSize: 0x3B000
    VirtualAddress: 0x8FF000
    RawDataSize: 1024
    PointerToRawData: 0x8FF000
    PointerToRelocations: 0x0
    PointerToLineNumbers: 0x0
    RelocationCount: 0
    LineNumberCount: 0
    Characteristics [ (0xC0000040)
      IMAGE_SCN_CNT_INITIALIZED_DATA (0x40)
      IMAGE_SCN_MEM_READ (0x40000000)
      IMAGE_SCN_MEM_WRITE (0x80000000)
    ]
  }
]
Relocations [
]
UnwindInformation [
]
Symbols [
]

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ