[tboot-devel] Likely bug in move_modules() causing broken boot if MBI is below tboot's memory

Wed, 31 May 2023 01:41:10 -0700 

Hello list,

a customer is experiencing a regression using tboot in some new
hardware/boot environment. Their boot gets stuck in the call to
move_modules(), producing the following log:

    TBOOT: no LCP module found
    TBOOT: This is an ELF32 file.
    TBOOT: kernel is ELF format
    TBOOT: 0x6ff000 bytes copied from 0x101000 to 0x364f000
    TBOOT: loader context was moved from 0x100130 to 0x364e130

The next logline that should occur "move modules to high memory" never
shows up. An engineer on the customer side identified the likely cause
of this; quote:

> Looks like this is a bug in tboot... in move_modules(), it tries to copy the 
> MBI
> and any modules that are loaded below tboot to memory above tboot--but due to
> faulty logic in an if/then, it is not copying the MBI if its address is below
> tboot & below the lowest module's address.
>
> You can see that with the tboot messages:
>
> TBOOT: 0x6ff000 bytes copied from 0x101000 to 0x3586000
> TBOOT: loader context was moved from 0x100130 to 0x3585130
>
> The loader context (MBI) was not moved, so when it tries to access it at the 
> new
> location, it may see no modules, or it may get bad info, just depending on 
> what
> happens to me in that memory.
>
> The latest upstream code appears to have this bug, also.

I have attached the suggested patch to this email.

Can you please review the patch and apply it to the repository if the
analysis is correct?

Thanks

Matthias

-- 
Matthias Gerstner <matthias.gerst...@suse.de>
Security Engineer
https://www.suse.com/security
GPG Key ID: 0x14C405C971923553
 
SUSE Software Solutions Germany GmbH
HRB 36809, AG Nürnberg
Geschäftsführer: Ivo Totev, Andrew Myers, Andrew McDonald, Boudien Moerman

--- tboot/common/loader.c.orig  2023-05-31 01:49:45.935321582 -0500
+++ tboot/common/loader.c       2023-05-31 01:57:27.914405762 -0500
@@ -1099,11 +1099,17 @@ move_modules(loader_ctx *lctx)
 
     if ( below_tboot(lowest) )
         from = lowest;
-    else
-        if ( below_tboot((unsigned long)lctx->addr) )
+
+    /*
+     * if MBI is below tboot & the lowest module, make sure it gets
+     * copied, too!
+     */
+    if ( below_tboot((unsigned long)lctx->addr) && 
+        (unsigned long)lctx->addr < lowest )
             from = (unsigned long)lctx->addr;
-        else
-            return;
+
+    if (from == 0)
+           return;
 
     unsigned long highest = get_highest_mod_end(lctx);
     unsigned long to = PAGE_UP(highest);

Attachment: signature.asc
Description: PGP signature

_______________________________________________
tboot-devel mailing list
tboot-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tboot-devel














    











					Reply via email to