| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 5 Nov 2007 09:15:29 -0800 (PST) From: Linus Torvalds <torvalds@...ux-foundation.org> To: "H. Peter Anvin" <hpa@...or.com> cc: Linux Kernel Mailing List <linux-kernel@...r.kernel.org>, Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...hat.com>, Mikael Petterson <mikpe@...uu.se>, Eric Biederman <ebiederm@...ssion.com>, Jeremy Fitzhardinge <jeremy@...p.org> Subject: Re: [GIT PULL] x86 setup: correct booting on 486 (revised) On Sun, 4 Nov 2007, H. Peter Anvin wrote: > > H. Peter Anvin (2): > x86 setup: add a near jump to serialize %cr0 on 386/486 > x86 setup: set %ebx == %ebp == %edi == 0 on protected mode entry Ok, I'm obviously happier, but I have to admit that the original code was safer than the new code. It did both the short jump and the far jump before reloading any segments. So I suspect the new code _works_ fine, but it's simply not as fundamentally safe as the old code was. The old code did do some instructions in between the short jump and the far jump, but they were all the kind of instructions that didn't care about the PE bit: there was a _read_ of the segment descriptor value, but that's mode-independent (it's only the writes that matter), and the other instructions were bog-standard integer instructions. So I would actually prefer some additional safety, with something like the appended.. This is TOTALLY UNTESTED! I checked with objdump that the result looks roughly ok, but I didn't really think through the segment base address in that long jump thing. Do we have the difference between flat mode and the 16-bit bootup mode in some better way? Hmm? Linus -- arch/x86/boot/pmjump.S | 25 +++++++++++++++++-------- 1 files changed, 17 insertions(+), 8 deletions(-) diff --git a/arch/x86/boot/pmjump.S b/arch/x86/boot/pmjump.S index fa6bed1..587dc04 100644 --- a/arch/x86/boot/pmjump.S +++ b/arch/x86/boot/pmjump.S @@ -29,7 +29,11 @@ */ protected_mode_jump: movl %edx, %esi # Pointer to boot_params table - movl %eax, 2f # Patch ljmpl instruction + + xorl %ecx, %ecx # add data segment offset to + movw %ds, %cx # the "in_32_bit_mode" thing. + shll $4, %ecx + addl %ecx, 2f movw $__BOOT_DS, %cx xorl %ebx, %ebx # Per the 32-bit boot protocol @@ -42,15 +46,20 @@ protected_mode_jump: jmp 1f # Short jump to serialize on 386/486 1: - movw %cx, %ds - movw %cx, %es - movw %cx, %fs - movw %cx, %gs - movw %cx, %ss - # Jump to the 32-bit entrypoint .byte 0x66, 0xea # ljmpl opcode -2: .long 0 # offset +2: .long in_32_bit_mode # offset .word __BOOT_CS # segment .size protected_mode_jump, .-protected_mode_jump + + .code32 + .align 4 +in_32_bit_mode: + mov %cx, %ds + mov %cx, %es + mov %cx, %fs + mov %cx, %gs + mov %cx, %ss + jmp *%eax + .size in_32_bit_mode, .-in_32_bit_mode - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists