linux-azure-cvm: Properly reallocate the kernel image
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux-azure-cvm (Ubuntu) |
New
|
Undecided
|
Unassigned | ||
Focal |
Fix Released
|
Critical
|
Marcelo Cerri | ||
llvm-defaults (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
[Impact]
The kernel header defines a field called init_size that specifies the amount of memory that the kernel requires for the in-place decompression, and the bootloader is expected to load the kernel into a buffer of this size. This doesn't happen when using the systemd EFI stub to load the kernel though - the kernel image is stored on disk in a PE section with a virtual size no larger than the compressed size, so it's loaded into memory by the bootloader into a buffer that's too small for the in-place decompression. The initrd is loaded into memory immediately after the kernel.
To work around this, the kernel's EFI stub allocates a new buffer of init_size bytes and relocates the kernel image into it (21cb9b41: "efi/x86: Always relocate the kernel for EFI handover entry"), but this code has a bug - it copies init_size bytes from the source buffer (ie, where the kernel image was loaded into memory by the bootloader) to the new buffer. This ends up reading past the end of the .linux and .initrd PE sections and all of the memory regions allocated by the bootloader, resulting in an out of bounds read and causing problem with Confidential VMs.
This is fixed by 688eb282: "efi/x86: Only copy the compressed kernel image in efi_relocate_
[Test Plan]
Tested by Microsoft and boot tested by me.
[Where problems could occur]
Decompression might fail if init_size is wrong causing the system to not boot.
Changed in linux-azure-cvm (Ubuntu Focal): | |
assignee: | nobody → Marcelo Cerri (mhcerri) |
status: | New → In Progress |
importance: | Undecided → Critical |
Changed in linux-azure-cvm (Ubuntu Focal): | |
status: | In Progress → Fix Committed |
https:/ /lists. ubuntu. com/archives/ kernel- team/2022- June/131360. html /lists. ubuntu. com/archives/ kernel- team/2022- June/131361. html
https:/