lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 13 Jul 2007 09:51:56 -0700
From:	"H. Peter Anvin" <hpa@...or.com>
To:	Chuck Ebbert <cebbert@...hat.com>
CC:	Etienne Lorrain <etienne_lorrain@...oo.fr>,
	linux-kernel@...r.kernel.org,
	Linus Torvalds <torvalds@...ux-foundation.org>
Subject: Re: x86 setup code rewrite in C - revised

Chuck Ebbert wrote:
>>  Have fun, this code:
>>  - do not open the fast A20 gate before checking if the slow A20 gate is open or closed.

As does the current code; this is highly intentional behaviour since
there are machines (in particular a whole series of machines made by
Olivetti) which lock up if you do it differently.

>>  - uses in asm("") inputs which may or may not be set by the compiler in the stack,
>>    after modifying the stack pointer in the asm block: at least has_eflag()

Point.  "g" should be "ri".  I will send a patch.

>>  - The VGA recalc has the same bug as the assembly version where a VGA write protected
>>    register is written (Overflow register) without setting the enable bit (see VGA docs).

OK, that would be a bug ported directly from the assembly version.  The
fact that the bug can be seen now is part of why I did this work.
Please feel free to submit a patch.

>>  - Does not save and restore %ds when printing a char on the screen (%ds is destroyed
>>    only when the content of the screen scroll - only for some video cards)

%ds?  Aren't you confusing it with the old bug which would destroy %bp?
 If you have any references to %ds being destroyed I would be very
surprised.  I can guarantee that very little if any assembly code I've
ever seen that deals with INT 10h -- and I've seen a lot of it -- guards
against %ds being randomly trashed.

However, the trashing of %bp is a well-known bug (although only for
machines older than the ones that can run Linux) -- the Interrupt List has:

BUGS:   some implementations (including the original IBM PC) have a bug
 	which destroys BP

>>  - Has a "dn" for outl() which sliped in instead of "dN"

That's a bug, although currently nonmanifest -- there are no users of
outl() at the present.  I will send a patch.

>>  and probably few other problems - just seen those by reading the patches (the asm("")
>>  are inlined in the C code - I find it more difficult to check).
>>
>>  Also, I do not know if "m" is right in here:
>> static inline u8 rdfs8(addr_t addr)
>> {
>> 	u8 v;
>> 	asm("movb %%fs:%1,%0" : "=r" (v) : "m" (*(u8 *)addr));
>> 	return v;
>> }

The "m" is correct right there.

>>   I may repeat me, but to find these kind of problems, it is very nice to have an ELF
>>  file to do a readelf/objdump -D -m i8086 (even after final link).

There is such a file (arch/i386/boot/setup.elf) which is retained, for
exactly this reason.

	-hpa
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ