Reducing TBOOT_KERNEL_CMDLINE_SIZE to 256 bytes works. Moving KERNEL_CMDLINE_OFFSET down to accommodate 1024 bytes also works; see the patch I just posted.
The other patch I posted truncates the command line to the size of the buffer in the real-mode boot header, to eliminate the possibility of overwriting the EBCA regardless of the sizes chosen. --Ed On Wed, Dec 28, 2016 at 12:53 PM, Sun, Ning <ning....@intel.com> wrote: > Hi Ed, > > Thanks for reporting this issue, we will root cause and fix the issue as soon > as we can. > As we do not have an Intel S2600GL machine at hand, to root cause completely > your issue, can you try this by modifying the config.h file and build the > tboot.gz: > //#define TBOOT_KERNEL_CMDLINE_SIZE 0x0400 > #define TBOOT_KERNEL_CMDLINE_SIZE 0x0100 > > This modification will redefine the TBOOT_KERNEL_CMDLINE_SIZE to 256 bytes, > if this works for your Intel S2600GL system, we need to figure out a way to > move the tboot kernel command line to other address below 1M. > > Thanks, > -ning > > > -----Original Message----- > From: Ed Swierk [mailto:eswi...@skyportsystems.com] > Sent: Tuesday, December 27, 2016 8:01 PM > To: tboot-devel@lists.sourceforge.net > Subject: [tboot-devel] Real-mode Linux command line buffer overflow > > Current tboot fails to boot a Linux 4.4 kernel on an Intel S2600GL (Xeon > E5-2600 v2) system, hanging after printing "TBOOT: transfering control to > kernel @0x1000000...". > > I isolated the problem to the change "Initiaize kernel header comdline buffer > before copying kernel cmdline arguments to the buffer" > (https://sourceforge.net/p/tboot/code/ci/356ad4b1d363c70d7b25907f812bd411a28eecd3/). > This change tries to avoid leaving trailing garbage on the kernel command > line by zeroing a 1024-byte buffer. > > However, the command line buffer resides in the real-mode boot header, which > if tboot/include/linux_defns.h is to be believed, leaves only > 0x9100 - 0x9000 = 256 bytes for the command line. With this change, tboot > ends up zeroing another 768 bytes in the "Do not use. Reserved for BIOS EBDA" > region. > > Also, tboot assumes fixed boundaries for the EBDA (real_mode_base + > 0x99100 to real_mode_base + 0xa0000), while according to > https://www.kernel.org/doc/Documentation/x86/boot.txt the BIOS decides how > much space it needs and reports it via int 12h. At least tboot should fail > gracefully if the BIOS expects more space than tboot reserves. > > Finally, there doesn't appear to be any bounds checking on the kernel_cmdline > string; whatever get_cmdline() returns is blindly memcpyed into the buffer up > to the first null, possibly overwriting part of the BIOS EBDA with > user-provided data. > > I can hack around the problem on my system by changing LEGACY_REAL_START to > 0x80000, but I think a proper fix needs to address the above issues. > > --Ed > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most engaging tech > sites, SlashDot.org! http://sdm.link/slashdot > _______________________________________________ > tboot-devel mailing list > tboot-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/tboot-devel ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ tboot-devel mailing list tboot-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tboot-devel
