Re: [PATCH qemu] x86: don't let decompressed kernel image clobber setup_data
From: H. Peter Anvin
Date: Sat Dec 31 2022 - 23:34:26 EST
On 12/31/22 10:22, Jason A. Donenfeld wrote:
On Sat, Dec 31, 2022 at 03:24:32PM +0100, Borislav Petkov wrote:
On Sat, Dec 31, 2022 at 02:51:28PM +0100, Jason A. Donenfeld wrote:
That failure is unrelated to the ident mapping issue Peter and
I discussed. The original failure is described in the commit message:
decompression clobbers the data, so sd->next points to garbage.
Right
So with that understanding confirmed, I'm confused at your surprise that
hpa's unrelated fix to the different issue didn't fix this issue.
If decompression does clobber the data, then we *also* need to figure
out why that is. There are basically three possibilities:
1. If physical KASLR is NOT used:
a. The boot loader doesn't honor the kernel safe area properly;
b. Somewhere in the process a bug in the calculation of the
kernel safe area has crept in.
2. If physical KASLR IS used:
The decompressor doesn't correctly keep track of nor relocate
all the keep-out zones before picking a target address.
One is a bootloader bug, two is a kernel bug. My guess is (2) is the
culprit, but (1b) should be checked, too.
-hpa