On Thursday 06 March 2025, Ard Biesheuvel wrote: > On Thu, 6 Mar 2025 at 16:23, H. Peter Anvin <hpa@xxxxxxxxx> wrote: > > > > On March 6, 2025 6:44:11 AM PST, Ard Biesheuvel <ardb@xxxxxxxxxx> wrote: > > >On Thu, 6 Mar 2025 at 15:39, H. Peter Anvin <hpa@xxxxxxxxx> wrote: > > >> > > >> On March 6, 2025 6:36:04 AM PST, Ard Biesheuvel <ardb@xxxxxxxxxx> wrote: > > >> >(cc Peter) > > >> > > > >> > > > >> >I managed to track this down to a bug in syslinux, fixed by the hunk > > >> >below. The problem is that syslinux violates the x86 boot protocol, > > >> >which stipulates that the setup header (starting at 0x1f1 bytes into > > >> >the bzImage) must be copied into a zeroed boot_params structure, but > > >> >it also copies the preceding bytes, which could be any value, as they > > >> >overlap with the PE/COFF header or other header data. This produces a > > >> >command line pointer with garbage in the top 32 bits, resulting in an > > >> >early crash. > > >> > > ... > > >> > > >> Interesting. Embarrassing, first of all :) but also interesting, because this is exactly why we have the "sentinel" field at 0x1f0 to catch *this specific error* and work around it. > > > > > >We're crashing way earlier than the sentinel check - the bogus command > > >line pointer is dereferenced via > > > > > >startup_64() > > > configure_5level_paging() > > > cmdline_find_option_bool() > > > > > >whereas sanitize_bootparams() is only called much later, from extract_kernel(). > > > > That is a bug in the kernel then. The whole point of the sentinel check is that it needs to be done before any of the fields touched by the sentinel check are accessed. > > Indeed - I have just sent out a fix for this. > Hello Ard, thanks for the patch! It does not apply cleanly to 6.6.80 (the includes are different) so I applied it manually and it helps - the systems boots. Please allow the remark regarding the patch description that in our kernel CONFIG_X86_5LEVEL is not set. The patch helps anyway :-) Thanks again and best regards Ulrich -- |----------------------------------------------------------------------- | Ulrich Gemkow | University of Stuttgart | Institute of Communication Networks and Computer Engineering (IKR) |-----------------------------------------------------------------------
