[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Help booting a gpg encrypted loop-aes backed root partition

To: Jivko Sabev <jsabev@xxxxxxxxxx>
Subject: Re: Help booting a gpg encrypted loop-aes backed root partition
From: Jari Ruusu <jariruusu@xxxxxxxxxxxxxxxxxxxxx>
Date: Tue, 14 Aug 2007 21:25:23 +0300
Cc: linux-crypto@xxxxxxxxxxxx
List-archive: <http://mail.nl.linux.org/linux-crypto/>
List-help: <mailto:ecartis@nl.linux.org?Subject=help>
List-id: <linux-crypto.nl.linux.org>
List-owner: <mailto:ecartis-owner@nl.linux.org>
List-post: <mailto:linux-crypto@nl.linux.org>
List-software: Ecartis version 1.0.0
List-subscribe: <mailto:linux-crypto-request@nl.linux.org?Subject=subscribe>
List-unsubscribe: <mailto:linux-crypto-request@nl.linux.org?Subject=unsubscribe>
References: <39527.69.70.158.163.1186490746.squirrel@webmail.korax.net> <20070807130937.GA4781@tatooine.rebelbase.local> <1147.66.46.76.114.1186507341.squirrel@webmail.korax.net> <46B8C85A.A18ADF4@users.sourceforge.net> <58465.69.70.158.163.1186575591.squirrel@webmail.korax.net> <46B9FA3A.9E186B5E@users.sourceforge.net> <20070808200823.GC4781@tatooine.rebelbase.local> <46BA92B6.4040600@nicmus.com> <46BB5321.910C5415@users.sourceforge.net> <46BBCE3E.6020705@nicmus.com> <46BCA213.1F8E57E4@users.sourceforge.net> <46C11239.40908@nicmus.com>
Sender: linux-crypto-bounce@xxxxxxxxxxxx

Jivko Sabev wrote:
> I have performed the tests Jari requested and here are the results:

Thanks.

> The base case the started this whole thread:
> 
> gcc --version
> gcc (GCC) 4.1.2 (Ubuntu 4.1.2-0ubuntu4)

In this case, that (32bit x86 ubuntu-7.04) gcc compiles valid source code to
invalid object code.

> dietlibc version: 0.3 (from an ubuntu deb binary package)

dietlibc works as expected. No issues with it.


I tested that initrd-BAD.gz that you sent me (compiled using 32bit x86
ubuntu gcc-4.1.2) in my test box. It failed to boot on my test box, same as
your box. initrd-OK.gz that I compiled myself on my test box worked ok. More
testing/debugging follows:

Trying to manually run /linuxrc program from working initrd:

# zcat /boot/initrd-OK.gz >/tmp/foo
# mount -t minix /tmp/foo /mnt -o loop
# /mnt/linuxrc
ERROR: initrd config says USEPIVOT=1, but bootloader acts like USEPIVOT=0
# umount /mnt

Above error message is what I expected. /linuxrc code detected that it was
not running as process number 1, and terminated with an error message. The
pid needs to be 1 because later that code execve()s init process which must
run as pid 1.

Now trying to manually run /linuxrc program from your failing initrd:

# zcat /boot/initrd-BAD.gz >/tmp/foo
# mount -t minix /tmp/foo /mnt -o loop
# /mnt/linuxrc
Segmentation fault
# gdb /mnt/linuxrc
[snip]
(gdb) run
Starting program: /mnt/linuxrc
warning: shared library handler failed to enable breakpoint

Program received signal SIGSEGV, Segmentation fault.
0x08048383 in ?? ()
(gdb) disas 0x08048370 0x080483a3
Dump of assembler code from 0x8048370 to 0x80483a3:
0x8048370:      lea    0x4(%esp,1),%ecx
0x8048374:      and    $0xfffffff0,%esp
0x8048377:      pushl  0xfffffffc(%ecx)
0x804837a:      push   %ebp
0x804837b:      mov    %esp,%ebp
0x804837d:      sub    $0x5a8,%esp
0x8048383:      mov    %gs:0x14,%edx                <==== Seg fault here
0x804838a:      mov    %edx,0xfffffff0(%ebp)
0x804838d:      xor    %edx,%edx
0x804838f:      mov    %ecx,0xfffffff4(%ebp)
0x8048392:      mov    %ebx,0xfffffff8(%ebp)
0x8048395:      mov    %esi,0xfffffffc(%ebp)
0x8048398:      mov    0x4(%ecx),%eax
0x804839b:      mov    %eax,0x8049be8
0x80483a0:      call   0x8048798
End of assembler dump.
(gdb) quit
A debugging session is active.
Do you still want to close the debugger?(y or n) y
# umount /mnt

gcc compiler put that bogus "0x8048383: mov %gs:0x14,%edx" instruction
there. Instruction "0x804838d: xor %edx,%edx" is first "x=0;" assignment of
main() function.


I am going to add GCC= configuration entry to build-initrd.sh. The default
will be "gcc", same as before. I will also add a note that the default gcc
compiler on 32 bit x86 ubuntu 7.04 needs it overridden to "gcc-3.3". A patch
is included.

-- 
Jari Ruusu  1024R/3A220F51 5B 4B F9 BB D3 3F 52 E9  DB 1D EB E3 24 0E A9 DD


--- ../loop-AES-v3.2a/build-initrd.sh	2007-05-14 15:18:12.000000000 +0300
+++ build-initrd.sh	2007-08-14 21:08:27.000000000 +0300
@@ -2,7 +2,7 @@
 #
 #  build-initrd.sh
 #
-#  Written by Jari Ruusu, May 14 2007
+#  Written by Jari Ruusu, August 14 2007
 #
 #  Copyright 2001-2007 by Jari Ruusu.
 #  Redistribution of this file is permitted under the GNU Public License.
@@ -192,6 +192,11 @@
 # The dietlibc can be found at http://www.fefe.de/dietlibc/
 USEDIETLIBC=1
 
+# C compiler used to compile /linuxrc program.
+# 32bit x86 ubuntu-7.04 gcc-4.1.2 is known to miscompile /linuxrc. Affected
+# users should install gcc-3.3 package, and change this to GCC=gcc-3.3
+GCC=gcc
+
 # 1 = load extra module, 0 = don't load
 # If this is enabled, module must be manually copied to
 # /boot/modules-KERNELRELEASE/ directory under name like foomatic.o
@@ -632,9 +637,9 @@
 EOF
 
 if [ ${USEDIETLIBC} == 1 ] ; then
-    diet gcc -Wall -O2 -s -static -pipe tmp-c-$$.c -o tmp-c-$$
+    diet ${GCC} -Wall -O2 -s -static -pipe tmp-c-$$.c -o tmp-c-$$
 else
-    gcc -Wall -O2 -s -static -nostartfiles -pipe tmp-c-$$.c -o tmp-c-$$
+    ${GCC} -Wall -O2 -s -static -nostartfiles -pipe tmp-c-$$.c -o tmp-c-$$
 fi
 rm -f tmp-c-$$.[co]

-
Linux-crypto:  cryptography in and on the Linux system
Archive:       http://mail.nl.linux.org/linux-crypto/

Follow-Ups:
- Re: Help booting a gpg encrypted loop-aes backed root partition
  - From: markus reichelt

References:
- Help booting a gpg encrypted loop-aes backed root partition
  - From: Jivko Sabev
- Re: Help booting a gpg encrypted loop-aes backed root partition
  - From: markus reichelt
- Re: Help booting a gpg encrypted loop-aes backed root partition
  - From: Jivko Sabev
- Re: Help booting a gpg encrypted loop-aes backed root partition
  - From: Jari Ruusu
- Re: Help booting a gpg encrypted loop-aes backed root partition
  - From: Jivko Sabev
- Re: Help booting a gpg encrypted loop-aes backed root partition
  - From: Jari Ruusu
- Re: Help booting a gpg encrypted loop-aes backed root partition
  - From: markus reichelt
- Re: Help booting a gpg encrypted loop-aes backed root partition
  - From: Jivko Sabev
- Re: Help booting a gpg encrypted loop-aes backed root partition
  - From: Jari Ruusu
- Re: Help booting a gpg encrypted loop-aes backed root partition
  - From: Jivko Sabev
- Re: Help booting a gpg encrypted loop-aes backed root partition
  - From: Jari Ruusu
- Re: Help booting a gpg encrypted loop-aes backed root partition
  - From: Jivko Sabev

Prev by Date: Re: Help booting a gpg encrypted loop-aes backed root partition
Next by Date: Re: Help booting a gpg encrypted loop-aes backed root partition
Previous by thread: Re: Help booting a gpg encrypted loop-aes backed root partition
Next by thread: Re: Help booting a gpg encrypted loop-aes backed root partition
Index(es):
- Date
- Thread