We welcome all the patches and bug fixes from tboot community, tboot is a BSD licensed open source project, everyone can contribute to it.
All patches will be reviewed and validated before being upstreamed to tboot code tree at Sourceforge https://sourceforge.net/projects/tboot/ For this specific patch in this email thread, we did not find it in tboot code tree so far. It will be good if the patch is signed off when being submitted... Thanks, -Ning -----Original Message----- From: Brian E Luckau [mailto:bluc...@sgi.com] Sent: Monday, December 12, 2016 9:55 AM To: 'tboot-devel@lists.sourceforge.net' <tboot-devel@lists.sourceforge.net> Subject: [tboot-devel] null pointer dereference bug in tboot Linux loader In a previous thread, I was given this patch by Dr. Wettstein. I was trying to integrate it into our test build of tboot, but we like to leave a commment that shows a trail with regards to where it came from. (we want to make it clear why a patch is being done, where it came from, how official it is, etc.) I can't seem to find this in the tboot code tree. Is it there and I'm missing it? If it is not there, does the trunk need to be updated with this patch? ================================================================= "There is a null-pointer dereference bug in the tboot Linux loader which manifests itself as a system reset after the following is displayed: TBOOT: transferring control to kernel @0x100000 We picked up on this issue since our embedded systems boot without an external initramfs. The loader doesn't check the multiboot module count and as a result uses the value of an uninitialized variable to copy a random amount of material into kernel memory. Here is a patch against 1.9.4 which corrects the problem: --------------------------------------------------------------------------- diff -urNp v1.9.4/tboot-1.9.4/tboot/common/loader.c tboot-1.9.4/tboot/common/loader.c --- v1.9.4/tboot-1.9.4/tboot/common/loader.c Wed May 18 12:20:26 2016 +++ tboot-1.9.4/tboot/common/loader.c Sat Sep 3 08:45:55 2016 @@ -1272,10 +1272,19 @@ bool launch_kernel(bool is_measured_laun MB_MAGIC : MB2_LOADER_MAGIC); } else if ( kernel_type == LINUX ) { - m = get_module(g_ldr_ctx,0); - void *initrd_image = (void *)m->mod_start; - size_t initrd_size = m->mod_end - m->mod_start; + void *initrd_image; + size_t initrd_size; + if ( get_module_count(g_ldr_ctx) == 0 ) { + initrd_size = 0; + initrd_image = 0; + } + else { + m = get_module(g_ldr_ctx,0); + initrd_image = (void *)m->mod_start; + initrd_size = m->mod_end - m->mod_start; + } + expand_linux_image(kernel_image, kernel_size, initrd_image, initrd_size, &kernel_entry_point, is_measured_launch);" ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ tboot-devel mailing list tboot-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tboot-devel ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ tboot-devel mailing list tboot-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tboot-devel
