lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 1 Oct 2007 18:30:59 -0400
From:	William Cattey <wdc@....EDU>
To:	Jeremy Fitzhardinge <jeremy@...p.org>
Cc:	Andi Kleen <andi@...stfloor.org>, Chuck Anderson <cra@....EDU>,
	linux-kernel@...r.kernel.org
Subject: Re: vm86.c audit_syscall_exit() call trashes registers

Thanks very much for responding.

 From your two replies, I crafted the attached patch.
Alas, the EDID transfer comes up all zeros.
I see two possible causes of this behavior:

1. I misunderstood how you intended the file to be modified.
2. The fix for my bug is NOT in correcting the audit call, but  
instead from some other fix, perhaps from the other aspect that you  
worked on.

I know that when I surrounded the audit_syscall_exit with #if 0 I got  
correct EDID fetches, so the most likely cause is #1, that I didn't  
correctly incorporate your understanding of correct operation of the  
call to audit_syscall_exit.

Here's my patch.  Where did I screw up?


Download attachment "linux-2.6-correct-vm86-audit-foonly.patch" of type "application/octet-stream" (771 bytes)


-Bill

----

William Cattey
Linux Platform Coordinator
MIT Information Services & Technology

N42-040M, 617-253-0140, wdc@....edu
http://web.mit.edu/wdc/www/


On Sep 29, 2007, at 2:09 AM, Jeremy Fitzhardinge wrote:

> Jeremy Fitzhardinge wrote:
>> @@ -306,19 +334,18 @@ static void do_sys_vm86(struct kernel_vm
>>         tsk->thread.screen_bitmap = info->screen_bitmap;
>>         if (info->flags & VM86_SCREEN_BITMAP)
>>                 mark_screen_rdonly(tsk->mm);
>>         __asm__ __volatile__("xorl %eax,%eax; movl %eax,%fs; movl % 
>> eax,%gs\n\t");
>>
>
> Oh, this line is also clearly bogus, since it clobbers %eax without
> telling the compiler.  The minimal change would be something like:
>
> 	asm volatile("mov %0, %%fs; mov %0, %%gs" : : "r" (0));
>
>
>     J

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ