| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <44F2902B.5050304@gmail.com>
Date: Mon, 28 Aug 2006 09:41:47 +0300
From: Alon Bar-Lev <alon.barlev@...il.com>
To: unlisted-recipients:; (no To-header on input)
CC: "H. Peter Anvin" <hpa@...or.com>, Andi Kleen <ak@...e.de>,
Andrew Morton <akpm@...l.org>, linux-kernel@...r.kernel.org,
johninsd@....rr.com, Matt_Domsch@...l.com
Subject: Re: [PATCH] THE LINUX/I386 BOOT PROTOCOL - Breaking the 256 limit
(ping)
Alon Bar-Lev wrote:
> H. Peter Anvin wrote:
>> Found the references. This seems to imply that EDD overwrites the
>> area used by LILO 22.6.1. LILO 22.6.1 uses the new boot protocol,
>> with the full pointer, and seems to obey the spec as far as I can read
>> the code. I'm going to try to run it in simulation and observe the
>> failure that way.
>>
>> However, something is still seriously out of joint. The EDD data
>> actually overlays the setup code, not the bootsect code, and thus
>> there "shouldn't" be any way that this could interfere. My best guess
>> at this time is that either the EDD code or LILO uses memory it's not
>> supposed to use, and the simulation should hopefully reveal that.
>>
>> Sorry if I seem snarky on this, but if we can't get to the bottom of
>> this we can't ever fix it.
>>
>> -hpa
>>
>
> I think I've found one problem... But I it should not be the major one.
> The EDD code scans the command-line as fixed string.
> What about something like the following?
>
> Best Regards,
> Alon Bar-Lev.
>
> diff -urNp linux-2.6.18-rc4-mm2/arch/i386/boot/edd.S
> linux-2.6.18-rc4-mm2.new/arch/i386/boot/edd.S
> --- linux-2.6.18-rc4-mm2/arch/i386/boot/edd.S 2006-06-18
> 04:49:35.000000000 +0300
> +++ linux-2.6.18-rc4-mm2.new/arch/i386/boot/edd.S 2006-08-28
> 08:55:01.000000000 +0300
> @@ -29,6 +29,8 @@
> movl $(COMMAND_LINE_SIZE-7), %ecx
> # loop through kernel command line one byte at a time
> cl_loop:
> + cmpb $0,(%si)
> + jz done_cl
> cmpl $EDD_CL_EQUALS, (%si)
> jz found_edd_equals
> incl %esi
>
Better patch.
I've noticed that this code sets esi but then reference using si... So fixed to
use esi (It worked so far since we are in low area... But I think using the same
register type is cleaner...)
Best Regards,
Alon Bar-Lev.
diff -urNp linux-2.6.18-rc4-mm2/arch/i386/boot/edd.S linux-2.6.18-rc4-mm2.new/arch/i386/boot/edd.S
--- linux-2.6.18-rc4-mm2/arch/i386/boot/edd.S 2006-06-18 04:49:35.000000000 +0300
+++ linux-2.6.18-rc4-mm2.new/arch/i386/boot/edd.S 2006-08-28 09:34:39.000000000 +0300
@@ -29,7 +29,9 @@
movl $(COMMAND_LINE_SIZE-7), %ecx
# loop through kernel command line one byte at a time
cl_loop:
- cmpl $EDD_CL_EQUALS, (%si)
+ cmpb $0,(%esi)
+ jz done_cl
+ cmpl $EDD_CL_EQUALS, (%esi)
jz found_edd_equals
incl %esi
loop cl_loop
@@ -37,9 +39,9 @@ cl_loop:
found_edd_equals:
# only looking at first two characters after equals
addl $4, %esi
- cmpw $EDD_CL_OFF, (%si) # edd=of
+ cmpw $EDD_CL_OFF, (%esi) # edd=of
jz do_edd_off
- cmpw $EDD_CL_SKIP, (%si) # edd=sk
+ cmpw $EDD_CL_SKIP, (%esi) # edd=sk
jz do_edd_skipmbr
jmp done_cl
do_edd_skipmbr:
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists