ACK: [focal:linux-azure-cvm][PATCH 0/1] LP:#1980023 - Properly realocate the the kernel image

Khaled Elmously khalid.elmously at canonical.com
Tue Jun 28 00:26:59 UTC 2022 

Acked-by: Khalid Elmously <khalid.elmously at canonical.com>


On 2022-06-27 20:38:36 , Marcelo Henrique Cerri wrote:
> BugLink: https://bugs.launchpad.net/bugs/1980023
> 
> [Impact]
> 
> The kernel header defines a field called init_size that specifies the
> amount of memory that the kernel requires for the in-place
> decompression, and the bootloader is expected to load the kernel into
> a buffer of this size. This doesn't happen when using the systemd EFI
> stub to load the kernel though - the kernel image is stored on disk in
> a PE section with a virtual size no larger than the compressed size,
> so it's loaded into memory by the bootloader into a buffer that's too
> small for the in-place decompression. The initrd is loaded into memory
> immediately after the kernel.
> 
> To work around this, the kernel's EFI stub allocates a new buffer of
> init_size bytes and relocates the kernel image into it (21cb9b41:
> "efi/x86: Always relocate the kernel for EFI handover entry"), but
> this code has a bug - it copies init_size bytes from the source buffer
> (ie, where the kernel image was loaded into memory by the bootloader)
> to the new buffer. This ends up reading past the end of the .linux and
> .initrd PE sections and all of the memory regions allocated by the
> bootloader, resulting in an out of bounds read and causing problem
> with Confidential VMs.
> 
> This is fixed by 688eb282: "efi/x86: Only copy the compressed kernel
> image in efi_relocate_kernel()", which needs to be backported to the
> kernel we provide for CVM. Ideally, this would have been fixed in
> systemd's EFI stub by setting the virtual size of the .linux PE
> section to init_size, which would cause the bootloader load the kernel
> into a buffer large enough, making this additional relocation
> unnecessary.
> 
> [Test Plan]
> 
> Tested by Microsoft and boot tested by me.
> 
> [Where problems could occur]
> 
> Decompression might fail if init_size is wrong causing the system to
> not boot.
> 
> ---
> Arvind Sankar (1):
>   efi/x86: Only copy the compressed kernel image in
>     efi_relocate_kernel()
> 
>  arch/x86/boot/compressed/eboot.c | 4 +++-
>  1 file changed, 3 insertions(+), 1 deletion(-)
> 
> -- 
> 2.25.1
> 
> 
> -- 
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team

More information about the kernel-team mailing list