lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 30 Jun 2009 08:01:47 -0600 (Mountain Daylight Time)
From:	Marc Aurele La France <tsi@...berta.ca>
To:	hpa@...nel.org
cc:	Greg KH <greg@...ah.com>, x86@...nel.org,
	linux-kernel@...r.kernel.org, stable@...nel.org,
	"H. Peter Anvin" <hpa@...ux.intel.com>,
	Research.Support@...berta.ca
Subject: Re: [rs] Re: [stable] [PATCH] x86, setup (2.6.30-stable) fix 80x34
 and 80x60 console modes

On Mon, 29 Jun 2009, H. Peter Anvin wrote:
> Greg KH wrote:
>> On Mon, Jun 29, 2009 at 06:27:40PM -0700, H. Peter Anvin wrote:
>>> Marc Aurele La France wrote:
>>>> As coded, most INT10 calls in video-vga.c allow the compiler to assume EAX
>>>> remains unchanged across them, which is not always the case.  This
>>>> triggers an optimisation issue that causes vga_set_vertical_end() to be
>>>> called with an incorrect number of scanlines.  Fix this by beefing up the
>>>> asm constraints on these calls.

>>>> Reported-by: Marc Aurele La France <tsi@...ee86.org>
>>>> Signed-off-by: Marc Aurele La France <tsi@...ee86.org>
>>>> Acked-by: H. Peter Anvin <hpa@...or.com>

>>> Note: this is not in upstream since upstream is not affected due to the
>>> new "BIOS glovebox" subsystem.

>> So it is a ".30 only" type patch?  Any older kernel versions affected?

> Yes, all the way back to .23 or something like that.

No.  The problem can only arise in 2.6.30 and is a consequence of commit 
5f641356127712fbdce0eee120e5ce115860c17f.  It disappears with subsequent 
mainline commit cf06de7b9cdd3efee7a59dced1977b3c21d43732.

Prior to 2.6.30, vga_set_480_scanlines() was passed a byte-size value (as 
an int), which means the compiler was forced to load EAX, instead of only 
AL, even if it did assume AH still contained 0x01.  That 0x01 is what the 
last INT10 call in the vga_set_{8,14}font() functions sets AH to.

In truth, only those two INT10's need beefing up.  But I did them all for 
completeness.

Marc.

PS:   That should be "80x43", not "80x34".

+----------------------------------+----------------------------------+
|  Marc Aurele La France           |  work:   1-780-492-9310          |
|  Academic Information and        |  fax:    1-780-492-1729          |
|    Communications Technologies   |  email:  tsi@...berta.ca         |
|  352 General Services Building   +----------------------------------+
|  University of Alberta           |                                  |
|  Edmonton, Alberta               |    Standard disclaimers apply    |
|  T6G 2H1                         |                                  |
|  CANADA                          |                                  |
+----------------------------------+----------------------------------+
XFree86 developer and VP.  ATI driver and X server internals.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ