lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20251229081523.622515-1-harshit.m.mogalapalli@oracle.com>
Date: Mon, 29 Dec 2025 00:15:20 -0800
From: Harshit Mogalapalli <harshit.m.mogalapalli@...cle.com>
To: zohar@...ux.ibm.com
Cc: akpm@...ux-foundation.org, ardb@...nel.org, bp@...en8.de,
        dave.hansen@...ux.intel.com, graf@...zon.com,
        guoweikang.kernel@...il.com, harshit.m.mogalapalli@...cle.com,
        henry.willard@...cle.com, hpa@...or.com, jbohac@...e.cz,
        joel.granados@...nel.org, linux-kernel@...r.kernel.org,
        mingo@...hat.com, noodles@...com, paul.x.webb@...cle.com,
        rppt@...nel.org, sohil.mehta@...el.com, sourabhjain@...ux.ibm.com,
        stable@...r.kernel.org, tglx@...utronix.de, x86@...nel.org,
        yifei.l.liu@...cle.com
Subject: [PATCH v2 0/3] Address page fault in ima_restore_measurement_list()

On x86_64:
When the second-stage kernel is booted via kexec with a limiting command
line such as "mem=<size>" we observe a pafe fault that happens.

    BUG: unable to handle page fault for address: ffff97793ff47000
    RIP: ima_restore_measurement_list+0xdc/0x45a
    #PF: error_code(0x0000) – not-present page

This happens on x86_64 only, as this is already fixed in aarch64 in
commit: cbf9c4b9617b ("of: check previous kernel's ima-kexec-buffer
against memory bounds")

V1: https://lore.kernel.org/all/20251112193005.3772542-1-harshit.m.mogalapalli@oracle.com/

V1 attempted to do a similar sanity check in x86_64. Borislav suggested
to add a generic helper ima_validate_range() which could then be used
for both OF based and x86_64.

Testing information:
--------------------
On x86_64: With latest 6.19-rc2 based, we could reproduce the issue, and
patched kernel works fine. (with mem=8G on a 16G memory machine)

Thanks for the reviews on V1.

V1 -> V2: 
 - Patch 1: Add a generic helper "ima_validate_range()"
 - Patch 2: Use this new helper in drivers/of/kexec.c -> No functional
   change.
 - Patch 3: Fix the page fault by doing sanity check with
   "ima_validate_range()"

Thanks,
Harshit

Harshit Mogalapalli (3):
  ima: Add ima_validate_range() for previous kernel IMA buffer
  of/kexec: refactor ima_get_kexec_buffer() to use ima_validate_range()
  x86/kexec: Add a sanity check on previous kernel's ima kexec buffer

 arch/x86/kernel/setup.c            |  6 +++++
 drivers/of/kexec.c                 | 15 +++----------
 include/linux/ima.h                |  1 +
 security/integrity/ima/ima_kexec.c | 35 ++++++++++++++++++++++++++++++
 4 files changed, 45 insertions(+), 12 deletions(-)

-- 
2.50.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ