lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20080305221247.GE17267@synopsys.com>
Date:	Wed, 5 Mar 2008 14:12:47 -0800
From:	Joe Buck <Joe.Buck@...opsys.COM>
To:	Michael Matz <matz@...e.de>
Cc:	Jan Hubicka <hubicka@....cz>,
	Aurelien Jarno <aurelien@...el32.net>,
	"H. Peter Anvin" <hpa@...or.com>, linux-kernel@...r.kernel.org,
	gcc@....gnu.org
Subject: Re: RELEASE BLOCKER: Linux doesn't follow x86/x86-64 ABI wrt direction  flag

On Wed, Mar 05, 2008 at 10:43:33PM +0100, Michael Matz wrote:
> Hi,
> 
> On Wed, 5 Mar 2008, Joe Buck wrote:
> 
> > 
> > 
> > On Wed, 5 Mar 2008, Jan Hubicka wrote:
> > > > Linux kernel is disabling red zone and use kernel code model, yet the 
> > > > ABI is not going to be adjusted for that.
> > > > 
> > > > This is resonably easy to fix on kernel side in signal handling, or by
> > > > removing std usage completely
> > 
> > On Wed, Mar 05, 2008 at 10:02:07PM +0100, Michael Matz wrote:
> > > That is true.  But it requires updating the kernel to a fixed one if you 
> > > want to run your programs compiled by 4.3 :-/  Not something we'd like to 
> > > demand.
> > 
> > I changed the title just for emphasis.
> > 
> > I think that we can't ship 4.3.0 if signal handlers on x86/x86_64
> > platforms for both Linux and BSD systems will mysteriously (to the users)
> > fail, and it doesn't matter whose fault it is.
> 
> FWIW I don't think it's a release blocker for 4.3.0.  The error is arcane 
> and happens seldomly if at all.  And only on unfixed kernels.  A program 
> needs to do std explicitely, which most don't do _and_ get hit by a signal 
> while begin in a std region.  This happens so seldom that it didn't occur 
> in building the next openSuSE 11.0, and it continually builds packages 
> with 4.3 since months.
> 
> It should be worked around in 4.3.1 if at all.

OK, I suppose that I over-reacted, and it seems that the ship has sailed
in any case.

I agree that it's obscure, and I think that the only reason to worry is
if it introduces a means of attack, which seems unlikely.

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ