lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <alpine.LFD.0.999.0711050842360.15101@woody.linux-foundation.org>
Date:	Mon, 5 Nov 2007 09:15:29 -0800 (PST)
From:	Linus Torvalds <torvalds@...ux-foundation.org>
To:	"H. Peter Anvin" <hpa@...or.com>
cc:	Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
	Thomas Gleixner <tglx@...utronix.de>,
	Ingo Molnar <mingo@...hat.com>,
	Mikael Petterson <mikpe@...uu.se>,
	Eric Biederman <ebiederm@...ssion.com>,
	Jeremy Fitzhardinge <jeremy@...p.org>
Subject: Re: [GIT PULL] x86 setup: correct booting on 486 (revised)



On Sun, 4 Nov 2007, H. Peter Anvin wrote:
> 
> H. Peter Anvin (2):
>       x86 setup: add a near jump to serialize %cr0 on 386/486
>       x86 setup: set %ebx == %ebp == %edi == 0 on protected mode entry

Ok, I'm obviously happier, but I have to admit that the original code was 
safer than the new code. It did both the short jump and the far jump 
before reloading any segments.

So I suspect the new code _works_ fine, but it's simply not as 
fundamentally safe as the old code was.

The old code did do some instructions in between the short jump and the 
far jump, but they were all the kind of instructions that didn't care 
about the PE bit: there was a _read_ of the segment descriptor value, but 
that's mode-independent (it's only the writes that matter), and the other 
instructions were bog-standard integer instructions.

So I would actually prefer some additional safety, with something like 
the appended..

This is TOTALLY UNTESTED! I checked with objdump that the result looks 
roughly ok, but I didn't really think through the segment base address in 
that long jump thing. Do we have the difference between flat mode and the 
16-bit bootup mode in some better way?

Hmm?

		Linus

--
 arch/x86/boot/pmjump.S |   25 +++++++++++++++++--------
 1 files changed, 17 insertions(+), 8 deletions(-)

diff --git a/arch/x86/boot/pmjump.S b/arch/x86/boot/pmjump.S
index fa6bed1..587dc04 100644
--- a/arch/x86/boot/pmjump.S
+++ b/arch/x86/boot/pmjump.S
@@ -29,7 +29,11 @@
  */
 protected_mode_jump:
 	movl	%edx, %esi		# Pointer to boot_params table
-	movl	%eax, 2f		# Patch ljmpl instruction
+
+	xorl    %ecx, %ecx		# add data segment offset to
+	movw	%ds, %cx		# the "in_32_bit_mode" thing.
+	shll	$4, %ecx
+	addl 	%ecx, 2f
 
 	movw	$__BOOT_DS, %cx
 	xorl	%ebx, %ebx		# Per the 32-bit boot protocol
@@ -42,15 +46,20 @@ protected_mode_jump:
 	jmp	1f			# Short jump to serialize on 386/486
 1:
 
-	movw	%cx, %ds
-	movw	%cx, %es
-	movw	%cx, %fs
-	movw	%cx, %gs
-	movw	%cx, %ss
-
 	# Jump to the 32-bit entrypoint
 	.byte	0x66, 0xea		# ljmpl opcode
-2:	.long	0			# offset
+2:	.long	in_32_bit_mode		# offset
 	.word	__BOOT_CS		# segment
 
 	.size	protected_mode_jump, .-protected_mode_jump
+
+	.code32
+	.align 4
+in_32_bit_mode:
+	mov	%cx, %ds
+	mov	%cx, %es
+	mov	%cx, %fs
+	mov	%cx, %gs
+	mov	%cx, %ss
+	jmp	*%eax	
+	.size   in_32_bit_mode, .-in_32_bit_mode
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ