| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 16 Jul 2007 11:02:01 +0200 (CEST)
From: Etienne Lorrain <etienne_lorrain@...oo.fr>
To: "H. Peter Anvin" <hpa@...or.com>
Cc: Chuck Ebbert <cebbert@...hat.com>, linux-kernel@...r.kernel.org,
Linus Torvalds <torvalds@...ux-foundation.org>
Subject: RE : Re: RE : Re: x86 setup code rewrite in C - revised
--- "H. Peter Anvin" <hpa@...or.com> wrote:
> >>>> - Does not save and restore %ds when printing a char on the screen (%ds is
> >>>> destroyed only when the content of the screen scroll - only for some video cards)
> >> %ds? Aren't you confusing it with the old bug which would destroy %bp?
> >> If you have any references to %ds being destroyed I would be very
> >> surprised. I can guarantee that very little if any assembly code I've
> >> ever seen that deals with INT 10h -- and I've seen a lot of it -- guards
> >> against %ds being randomly trashed.
> >>
> >> However, the trashing of %bp is a well-known bug (although only for
> >> machines older than the ones that can run Linux) -- the Interrupt List has:
> >>
> >> BUGS: some implementations (including the original IBM PC) have a bug
> >> which destroys BP
> >
> > That is on Trident cards, old card but may still be used, and BIOS may have
> > been copied to other cards.
> > Detected and documented on Gujin (boot.c and vgabios.h scroll)
>
> Are you talking about BP or DS? As I said, the BP is well-known, and
> the code accounts for it in the form of the INT10 macro.
Extract of RBIL61:
INT 10 - VIDEO - SCROLL UP WINDOW
AH = 06h
AL = number of lines by which to scroll up (00h = clear entire window)
BH = attribute used to write blank lines at bottom of window
CH,CL = row,column of window's upper left corner
DH,DL = row,column of window's lower right corner
Return: nothing
Note: affects only the currently active page (see AH=05h)
BUGS: some implementations (including the original IBM PC) have a bug which
destroys BP
the Trident TVGA8900CL (BIOS dated 1992/9/8) clears DS to 0000h when
scrolling in an SVGA mode (800x600 or higher)
Scrolling is only (and automatically) done if the cursor is at bottom right.
> >>>> Also, I do not know if "m" is right in here:
> >>>> static inline u8 rdfs8(addr_t addr)
> >>>> {
> >>>> u8 v;
> >>>> asm("movb %%fs:%1,%0" : "=r" (v) : "m" (*(u8 *)addr));
> >>>> return v;
> >>>> }
> >> The "m" is correct right there.
> >
> > strange, "g" would mean anything can go there - and this assembly instruction
> > should accept every access modes.
>
> Not with an %fs: prefix. It would also allow the compiler to do a move
> into a register "on its own", which would be disastrous, since it would
> lack the prefix. So "m" is correct.
"mov %fs:(%ebx,%eax,4),%ecx" works for me.
Etienne.
_____________________________________________________________________________
Ne gardez plus qu'une seule adresse mail ! Copiez vos mails vers Yahoo! Mail
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists