From: "H. Peter Anvin" <hpa@zytor.com>
To: "Jason A. Donenfeld" <Jason@zx2c4.com>
Cc: Borislav Petkov <bp@alien8.de>,
pbonzini@redhat.com, ebiggers@kernel.org, x86@kernel.org,
linux-kernel@vger.kernel.org, qemu-devel@nongnu.org,
ardb@kernel.org, kraxel@redhat.com, philmd@linaro.org
Subject: Re: [PATCH qemu] x86: don't let decompressed kernel image clobber setup_data
Date: Fri, 30 Dec 2022 17:06:55 -0800 [thread overview]
Message-ID: <46466e54-25c3-3194-8546-a57cd4a80d9d@zytor.com> (raw)
In-Reply-To: <Y69h6ur79SMhu61F@zx2c4.com>
On 12/30/22 14:10, Jason A. Donenfeld wrote:
> On Fri, Dec 30, 2022 at 01:58:39PM -0800, H. Peter Anvin wrote:
>> See the other thread fork. They have identified the problem already.
>
> Not sure I follow. Is there another thread where somebody worked out why
> this 62meg limit was happening?
>
> Note that I sent v2/v3, to fix the original problem in a different way,
> and if that looks good to the QEMU maintainers, then we can all be happy
> with that. But I *haven't* addressed and still don't fully understand
> why the 62meg limit applied to my v1 in the way it does. Did you find a
> bug there to fix? If so, please do CC me.
>
Yes, you yourself posted the problem:
> Then build qemu. Run it with `-kernel bzImage`, based on the kernel
> built with the .config I attached.
>
> You'll see that the CPU triple faults when hitting this line:
>
> sd = (struct setup_data *)boot_params->hdr.setup_data;
> while (sd) {
> unsigned long sd_addr = (unsigned long)sd;
>
> kernel_add_identity_map(sd_addr, sd_addr + sizeof(*sd) + sd->len); <----
> sd = (struct setup_data *)sd->next;
> }
>
> , because it dereferences *sd. This does not happen if the decompressed
> size of the kernel is < 62 megs.
>
> So that's the "big and pretty serious" bug that might be worthy of
> investigation.
This needs to be something like:
kernel_add_identity_map(sd_addr, sd_addr + sizeof(*sd));
kernel_add_identity_map(sd_addr + sizeof(*sd),
sd_addr + sizeof(*sd) + sd->len);
TThe 62 MB limit mentioned in boot.rst is unrelated, and only applies to
very, very old kernels that used INT 15h, AH=88h to probe memory.
-hpa
next prev parent reply other threads:[~2022-12-31 1:07 UTC|newest]
Thread overview: 46+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-12-28 14:38 [PATCH qemu] x86: don't let decompressed kernel image clobber setup_data Jason A. Donenfeld
2022-12-28 16:02 ` Philippe Mathieu-Daudé
2022-12-28 16:30 ` Jason A. Donenfeld
2022-12-28 16:57 ` Jason A. Donenfeld
2022-12-28 23:58 ` H. Peter Anvin
2022-12-29 2:13 ` H. Peter Anvin
2022-12-29 2:31 ` Jason A. Donenfeld
2022-12-29 7:28 ` Philippe Mathieu-Daudé
2022-12-29 7:30 ` H. Peter Anvin
2022-12-29 7:31 ` H. Peter Anvin
2022-12-29 12:47 ` Borislav Petkov
2022-12-30 15:54 ` Jason A. Donenfeld
2022-12-30 17:01 ` Borislav Petkov
2022-12-30 17:07 ` Jason A. Donenfeld
2022-12-30 19:54 ` Borislav Petkov
2022-12-30 21:58 ` H. Peter Anvin
2022-12-30 22:10 ` Jason A. Donenfeld
2022-12-31 1:06 ` H. Peter Anvin [this message]
2022-12-31 1:14 ` H. Peter Anvin
2022-12-31 12:55 ` Jason A. Donenfeld
2022-12-31 13:40 ` Borislav Petkov
2022-12-31 13:44 ` Jason A. Donenfeld
2022-12-31 13:48 ` Borislav Petkov
2022-12-31 13:51 ` Jason A. Donenfeld
2022-12-31 14:24 ` Borislav Petkov
2022-12-31 18:22 ` Jason A. Donenfeld
2022-12-31 19:00 ` Borislav Petkov
2023-01-01 3:21 ` H. Peter Anvin
2023-01-01 3:31 ` H. Peter Anvin
2023-01-02 6:01 ` Borislav Petkov
2023-01-02 6:17 ` Borislav Petkov
2023-01-02 9:32 ` Ard Biesheuvel
2023-01-02 13:36 ` Borislav Petkov
2023-01-02 15:03 ` Ard Biesheuvel
2023-01-02 5:50 ` Borislav Petkov
2023-01-01 4:33 ` H. Peter Anvin
2023-01-01 4:55 ` Mika Penttilä
2023-01-01 5:13 ` H. Peter Anvin
2022-12-30 15:59 ` Jason A. Donenfeld
2022-12-30 16:21 ` Jason A. Donenfeld
2022-12-30 19:13 ` H. Peter Anvin
2022-12-31 9:48 ` Borislav Petkov
2022-12-31 12:54 ` Jason A. Donenfeld
2022-12-31 13:35 ` Borislav Petkov
2022-12-31 13:42 ` Jason A. Donenfeld
2022-12-30 18:30 ` Jason A. Donenfeld
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=46466e54-25c3-3194-8546-a57cd4a80d9d@zytor.com \
--to=hpa@zytor.com \
--cc=Jason@zx2c4.com \
--cc=ardb@kernel.org \
--cc=bp@alien8.de \
--cc=ebiggers@kernel.org \
--cc=kraxel@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=pbonzini@redhat.com \
--cc=philmd@linaro.org \
--cc=qemu-devel@nongnu.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.