| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <yng55a2z25m5upehczerzhi6zawe3j4ka7amfu4vw4cu27bbg2@x2lgbuk3iqyf>
Date: Mon, 25 Aug 2025 09:18:53 +0800
From: Coiby Xu <coxu@...hat.com>
To: Breno Leitao <leitao@...ian.org>
Cc: kexec@...ts.infradead.org, Ondrej Kozina <okozina@...hat.com>,
Milan Broz <gmazyland@...il.com>, Thomas Staudt <tstaudt@...ibm.com>,
Daniel P . Berrangé <berrange@...hat.com>, Kairui Song <ryncsn@...il.com>,
Pingfan Liu <kernelfans@...il.com>, Baoquan He <bhe@...hat.com>, Dave Young <dyoung@...hat.com>,
linux-kernel@...r.kernel.org, x86@...nel.org, Dave Hansen <dave.hansen@...el.com>,
Vitaly Kuznetsov <vkuznets@...hat.com>, Arnaud Lefebvre <arnaud.lefebvre@...ver-cloud.com>,
Jan Pazdziora <jpazdziora@...hat.com>, Andrew Morton <akpm@...ux-foundation.org>,
linux-arm-kernel@...ts.infradead.org
Subject: Re: [PATCH v9 1/8] kexec_file: allow to place kexec_buf randomly
On Thu, Aug 21, 2025 at 04:15:53AM -0700, Breno Leitao wrote:
>Hello Coiby,
Hi Breno,
>
>On Fri, May 02, 2025 at 09:12:35AM +0800, Coiby Xu wrote:
>> +static inline void kexec_random_range_start(unsigned long start,
>> + unsigned long end,
>> + struct kexec_buf *kbuf,
>> + unsigned long *temp_start)
>> +{
>> + unsigned short i;
>> +
>> + if (kbuf->random) {
>> + get_random_bytes(&i, sizeof(unsigned short));
>> + *temp_start = start + (end - start) / USHRT_MAX * i;
>> + }
>> +}
>
>On arm64, I am getting the following UBSAN warning when accessing
>kbuf->random:
>
>[ 32.362428] ------------[ cut here ]------------
>[ 32.362488] UBSAN: invalid-load in ./include/linux/kexec.h:210:10
>[ 32.362649] load of value 252 is not a valid value for type '_Bool'
>
>and line 210 is your `if (kbuf->random)`.
>
>Basically kbuf was not initialized in arm hosts, and probably has
>garbage.
Thank for explaining the problem to me!
>
>I am wondering if we should have something like , while the support for arm64 is
>not done:
>
>commit 2608bd8c26b62a9a7cc50106e93d3a1ffb1e1188
>Author: Breno Leitao <leitao@...ian.org>
>Date: Thu Aug 21 04:11:21 2025 -0700
>
> Initialize the random field of kbuf to zero in the ARM64 kexec image loader
>
> Ads an explicit initialization for the random member of the kbuf
> structure within the image_load function in
> arch/arm64/kernel/kexec_image.c. Setting kbuf.random to zero ensures
> a deterministic and clean starting state for the buffer used during
> kernel image loading, avoiding this UBSAN issue later, when kbuf.random
> is read.
>
> [ 32.362488] UBSAN: invalid-load in ./include/linux/kexec.h:210:10
> [ 32.362649] load of value 252 is not a valid value for type '_Bool'
>
> Signed-off-by: Breno Leitao <leitao@...ian.org>
>
>diff --git a/arch/arm64/kernel/kexec_image.c b/arch/arm64/kernel/kexec_image.c
>index 532d72ea42ee8..287b25e674d76 100644
>--- a/arch/arm64/kernel/kexec_image.c
>+++ b/arch/arm64/kernel/kexec_image.c
>@@ -76,6 +76,7 @@ static void *image_load(struct kimage *image,
> kbuf.buf_min = 0;
> kbuf.buf_max = ULONG_MAX;
> kbuf.top_down = false;
>+ kbuf.random = 0;
>
> kbuf.buffer = kernel;
> kbuf.bufsz = kernel_len;
>
And also thanks for posing a fix! The patch LGTM. Can you add a Fixes
tag 'Fixes: bf454ec31add ("kexec_file: allow to place kexec_buf
randomly")' and then send it to kexec@...ts.infradead.org? Thanks!
--
Best regards,
Coiby
Powered by blists - more mailing lists