lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 14 Mar 2008 10:51:43 -0400
From:	Yan <rottled@...il.com>
To:	linux-kernel@...r.kernel.org
Subject: 2.6.22.6 - Discrepancy between running and on-disk kernels

Hello,

I have been trying to compare the code from the on-disk compressed kernel
that was booted and the running kernel extracted from /dev/kmem. I extracted
the kernel's code from the disk image by stripping the head.S and similar
and gunzipping it, and extracted the kernel from /dev/kmem by reading data
between _text and _etext symbol offsets.

I then ran both through a disassembler and diff'ed the outputs. Predictably,
the disassembly was similar, but not identical. Some instructions (e.g. bts)
had a 'lock' prefix, where as others had a 'nop' in its place.

There were other differences with some instructions like mfence. Everything
else matched just fine, the differences were mostly in memory-referencing
instructions.

My question is, what can be changing the kernel between being on static
storage and being loaded? Or am I just being fooled into thinking something
changed it? I'm thinking that it had something to do with mutex locking
and SMP, but I looked through boot code and tried googling and came up with
nothing. Another possibility is me interpreting non-instructions as
instructions.

Example:

The following pattern repeats a lot:

1325c1326,1327
<     1089: f0 0f b3 04 24          lock btr %eax,(%esp)
---
>     1089: 90                      nop
>     108a: 0f b3 04 24             btr    %eax,(%esp)

As well as other changes:

94383,94384c94832,94835
<    47bb3: f0 83 04 24 00          lock addl $0x0,(%esp)
<    47bb8: f0 ff 05 7c 30 80 c0    lock incl 0xc080307c
---
>    47bb3: 0f ae f0                mfence
>    47bb6: 89 f6                   mov    %esi,%esi
>    47bb8: 90                      nop
>    47bb9: ff 05 7c 30 80 c0       incl   0xc080307c


(I'm not subscribed; please cc any responses to me)

Thanks in advance,
Yan
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ