On Dec 14, 5:18pm, "Sun, Ning" wrote:
} Subject: RE: [tboot-devel] null pointer dereference bug in tboot Linux loa
Good afternoon, I hope the day is going well for everyone.
> Is this patch completely from Dr. Wettstein or you made changes as
> well? We need to have someone sign off the patch so that we can
> validate and merge it to tboot tree.
It is all from our development group, here is a patch against virgin
1.9.4 and a signoff. I was going to send it earlier this week but we
have been swamped.
---------------------------------------------------------------------------
There is a pointer dereference regression in the tboot native Linux
loader which manifests itself as a system reset after the following is
displayed on systems which are not using an initial ramdisk or
initramfs image.
TBOOT: transferring control to kernel @0x100000
The native linux loader does not check the multiboot module count when
initializing the initrd/initramfs image size and pointer value. This
causes the loader setup code to pass an invalid pointer along with an
arbitrary size count to the loader which then attempts to copy the
contents of whatever memory the pointer is referencing into the kernel
image that is being built.
The fix is straight forward. If the remaining multiboot module count
is zero the initrd image pointer and size value are explicitly set to
zero. This condition is interpreted properly by the loader as an
indication that an initrd image is not to be loaded.
Signed-off-by: Dr. Greg Wettstein <g...@enjellic.com>
diff -urNp v1.9.4/tboot-1.9.4/tboot/common/loader.c
tboot-1.9.4/tboot/common/loader.c
--- v1.9.4/tboot-1.9.4/tboot/common/loader.c Wed May 18 12:20:26 2016
+++ tboot-1.9.4/tboot/common/loader.c Sat Sep 3 08:45:55 2016
@@ -1272,10 +1272,19 @@ bool launch_kernel(bool is_measured_laun
MB_MAGIC : MB2_LOADER_MAGIC);
}
else if ( kernel_type == LINUX ) {
- m = get_module(g_ldr_ctx,0);
- void *initrd_image = (void *)m->mod_start;
- size_t initrd_size = m->mod_end - m->mod_start;
+ void *initrd_image;
+ size_t initrd_size;
+ if ( get_module_count(g_ldr_ctx) == 0 ) {
+ initrd_size = 0;
+ initrd_image = 0;
+ }
+ else {
+ m = get_module(g_ldr_ctx,0);
+ initrd_image = (void *)m->mod_start;
+ initrd_size = m->mod_end - m->mod_start;
+ }
+
expand_linux_image(kernel_image, kernel_size,
initrd_image, initrd_size,
&kernel_entry_point, is_measured_launch);
---------------------------------------------------------------------------
> Thanks,
> -ning
Have a good remainder of the day.
Greg
}-- End of excerpt from "Sun, Ning"
As always,
Dr. G.W. Wettstein, Ph.D. Enjellic Systems Development, LLC.
4206 N. 19th Ave. Specializing in information infra-structure
Fargo, ND 58102 development.
PH: 701-281-1686
FAX: 701-281-3949 EMAIL: g...@enjellic.com
------------------------------------------------------------------------------
"I created a hack to make the division come out right ... I was
relieved because I thought I was coding wrong.
Did you? It took a guy (Thomas Nicely) with a Ph.D. doing heavy
research in computational number theory to find it, yet you found it
while working on a game in QuickBasic?"
-- Slashdot
--
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
tboot-devel mailing list
tboot-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tboot-devel
