defs: use new kernel info structure by krystian-hebel · Pull Request #30 · TrenchBoot/landing-zone

krystian-hebel · 2020-03-30T18:59:26Z

Linux boot protocol versions 2.15+ use separate section to provide static
information about the kernel, see [1]. MLE header offset, previously found
directly in zero_page, is moved to this new structure. This patch searches
for proper address, depending on boot protocol version.

As the old way of providing MLE header offset didn't make it to upstream
kernel, it should be deprecated at some point. It is left for the time
being, as there are some other components still using it.

[1] https://01.org/linuxgraphics/gfx-docs/drm/x86/boot.html

Signed-off-by: Krystian Hebel krystian.hebel@3mdeb.com

main.c

include/boot.h

andyhhp · 2020-04-09T14:37:01Z

include/boot.h

+#define MLE_UUID1	0x74a7476f
+#define MLE_UUID2	0xa2555c0f
+#define MLE_UUID3	0x42b651cb
+typedef struct __packed mle_header {


No need for this to be packed

include/boot.h

dpsmith · 2020-04-14T18:07:09Z

By the way, I believe this address issue #41.

Linux boot protocol versions 2.15+ use separate section to provide static information about the kernel, see [1]. MLE header offset, previously found directly in zero_page, is moved to this structure. This patch searches for proper address, located in new kernel_info structure. [1] https://01.org/linuxgraphics/gfx-docs/drm/x86/boot.html Signed-off-by: Krystian Hebel <krystian.hebel@3mdeb.com>

andyhhp · 2020-04-14T20:57:06Z

main.c

+	if (bp->version             < 0x020f
+	    || ki->header          != KERNEL_INFO_HEADER
+	    || mle_header->uuid[0] != MLE_UUID0


Sadly, Clang can (and will) miscompile this (Clang devs argue that it is legal under the C spec). It can logically turn each || into | to aggressively reduce the number of jumps (/basic blocks).

The most efficient (compact) way to write this is:

if (bp->version < 0x020f || (ki = _p(bp->code32_start + bp->kern_info_offset))->header != KERNEL_INFO_HEADER || (mle_header = _p(bp->code32_start + ki->mle_header_offset))->uuid[0] != MLE_UUID0 || ...

which moves the assignment of the ki and mle_header variables until after the sequence point from the preceding || which forces the safety check to be first.

However, we should also do some sanity checks that all offsets from bp->code32_start fall within the kernel image, or a malformed kernel header can cause us to operate on junk. Perhaps we want some inline helpers such as $FOO *get_$FOO_header(...) which do all the sanity checks, so the outside logic can be:

if (bp->version < 0x020f || (ki = get_kern_info_header(bp)) != NULL || (mle_header = get_mle_header(bp, ki)) != NULL) ...

Signed-off-by: Krystian Hebel <krystian.hebel@3mdeb.com>

andyhhp · 2020-04-18T16:33:49Z

The Clang build fails reliably because it thinks mle_header is used while still uninitialised, but doesn't spot that reboot() is a terminal exit. Does an __attribute__((noreturn)) on die() help?

Signed-off-by: Krystian Hebel <krystian.hebel@3mdeb.com>

krystian-hebel requested a review from andyhhp March 30, 2020 18:59

krystian-hebel self-assigned this Mar 30, 2020

krystian-hebel force-pushed the new_kernel branch from 137d9b4 to b0519ab Compare March 31, 2020 14:20

rossphilipson reviewed Apr 6, 2020

View reviewed changes

main.c Outdated Show resolved Hide resolved

dpsmith reviewed Apr 7, 2020

View reviewed changes

main.c Show resolved Hide resolved

dpsmith reviewed Apr 7, 2020

View reviewed changes

include/boot.h Outdated Show resolved Hide resolved

krystian-hebel force-pushed the new_kernel branch 2 times, most recently from e8f8f18 to db8db97 Compare April 9, 2020 10:12

andyhhp reviewed Apr 9, 2020

View reviewed changes

include/boot.h Outdated Show resolved Hide resolved

dpsmith linked an issue Apr 14, 2020 that may be closed by this pull request

Align structures and handoff with RFC'ed SecureLaunch patchset #41

Closed

krystian-hebel force-pushed the new_kernel branch from db8db97 to 3b01316 Compare April 14, 2020 19:33

andyhhp reviewed Apr 14, 2020

View reviewed changes

main: add helper functions for sanity checks of pointers to kernel

43c39ad

Signed-off-by: Krystian Hebel <krystian.hebel@3mdeb.com>

main: make Clang not complain about uninitialized variable

79bb16f

Signed-off-by: Krystian Hebel <krystian.hebel@3mdeb.com>

andyhhp approved these changes Apr 20, 2020

View reviewed changes

dpsmith approved these changes Apr 21, 2020

View reviewed changes

dpsmith merged commit 89fc411 into TrenchBoot:master Apr 21, 2020

miczyg1 deleted the new_kernel branch April 22, 2020 09:22

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

defs: use new kernel info structure#30

defs: use new kernel info structure#30
dpsmith merged 3 commits intoTrenchBoot:masterfrom
3mdeb:new_kernel

krystian-hebel commented Mar 30, 2020

Uh oh!

Uh oh!

Uh oh!

Uh oh!

andyhhp Apr 9, 2020

Uh oh!

Uh oh!

dpsmith commented Apr 14, 2020

Uh oh!

andyhhp Apr 14, 2020 •

edited

Loading

Uh oh!

andyhhp commented Apr 18, 2020 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

Conversation

krystian-hebel commented Mar 30, 2020

Uh oh!

Uh oh!

Uh oh!

Uh oh!

andyhhp Apr 9, 2020

Choose a reason for hiding this comment

Uh oh!

Uh oh!

dpsmith commented Apr 14, 2020

Uh oh!

andyhhp Apr 14, 2020 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Uh oh!

andyhhp commented Apr 18, 2020 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

andyhhp Apr 14, 2020 •

edited

Loading

andyhhp commented Apr 18, 2020 •

edited

Loading