On Fri, Dec 30, 2022 at 04:54:27PM +0100, Jason A. Donenfeld wrote: > > Right, with CONFIG_X86_VERBOSE_BOOTUP=y in a guest here, it says: > > > > early console in extract_kernel > > input_data: 0x000000000be073a8 > > input_len: 0x00000000008cfc43 > > output: 0x0000000001000000 > > output_len: 0x000000000b600a98 > > kernel_total_size: 0x000000000ac26000 > > needed_size: 0x000000000b800000 > > trampoline_32bit: 0x000000000009d000 > > > > so that's a ~9M kernel which gets decompressed at 0x1000000 and the > > output len is, what, ~180M which looks like plenty to me... > > I think you might have misunderstood the thread.
Maybe... I've been trying to make sense of all the decompression dancing we're doing and the diagrams you've drawn and there's a comment over extract_kernel() which basically says that the compressed image is at the back of the memory buffer input_data: 0x000000000be073a8 and we decompress to a smaller address output: 0x0000000001000000 And, it *looks* like setup_data is at an address somewhere >= 0x1000000 so when we start decompressing, we overwrite it. I guess extract_kernel() could also dump the setup_data addresses so that we can verify that... > First, to reproduce the bug that this patch fixes, you need a kernel with a > compressed size of around 16 megs, not 9. Not only that - you need setup_data to be placed somewhere just so that it gets overwritten during decompression. Also, see below. > Secondly, that crash is well understood and doesn't need to be reproduced; Is it? Where do you get the 0x100000 as the starting address of the kernel image? Because input_data above says that the input address is somewhere higher... Btw, here's an allyesconfig: early console in setup code No EFI environment detected. early console in extract_kernel input_data: 0x000000001bd003a8 input_len: 0x000000000cde2963 output: 0x0000000001000000 output_len: 0x0000000027849d74 kernel_total_size: 0x0000000025830000 needed_size: 0x0000000027a00000 trampoline_32bit: 0x000000000009d000 Physical KASLR using RDRAND RDTSC... Virtual KASLR using RDRAND RDTSC... That kernel has compressed size of ~205M and the output buffer is of size ~632M. > this patch fixes it. Rather, the question now is how to improve this patch > to remove the 62 meg limit. Yeah, I'm wondering what that 62M limit is too, actually. But maybe I'm misunderstanding... -- Regards/Gruss, Boris. https://people.kernel.org/tglx/notes-about-netiquette