lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <48AEF457.5020100@zytor.com>
Date:	Fri, 22 Aug 2008 10:16:07 -0700
From:	"H. Peter Anvin" <hpa@...or.com>
To:	"Luiz Fernando N. Capitulino" <lcapitulino@...driva.com.br>
CC:	Mathieu Desnoyers <mathieu.desnoyers@...ymtl.ca>,
	Ingo Molnar <mingo@...e.hu>, linux-kernel@...r.kernel.org
Subject: Re: 2.6.{26.2,27-rc} oops on virtualbox

Was looking at the code stream, and noticed this:

Code: c0 0f 84 0b 01 00 00 b8 d0 bf 41 c0 c7 05 6c c0 41 c0 ff ff ff ff 
e8 7f 82 21 00 e8 1a 03 02 00 8b 45 b0 50 9d 0f 1f 84 00 00 00 <00> 00 
8b 45 bc 83 c4 60 5b 5e 5f 5d c3 66 90 a1 6c c0 41 c0 e8

Code: c0 0f 84 0b 01 00 00 b8 d0 bf 41 c0 c7 05 6c c0 41 c0 ff ff ff ff 
e8 7f 82 21 00 e8 1a 03 02 00 8b 45 b0 50 9d 0f 1f 84 00 00 00 <00> 00 
8b 45 bc 83 c4 60 5b 5e 5f 5d c3 66 90 a1 6c c0 41 c0 e8

The EIP is in the *MIDDLE* of a NOPL instruction:

C012FC46  C00F84            ror byte [edi],0x84
C012FC49  0B01              or eax,[ecx]
C012FC4B  0000              add [eax],al
C012FC4D  B8D0BF41C0        mov eax,0xc041bfd0
C012FC52  C7056CC041C0FFFF  mov dword [dword 0xc041c06c],0xffffffff
          -FFFF
C012FC5C  E87F822100        call dword 0xc0347ee0
C012FC61  E81A030200        call dword 0xc014ff80
C012FC66  8B45B0            mov eax,[ebp-0x50]
C012FC69  50                push eax
C012FC6A  9D                popfd
C012FC6B  0F1F840000000000  nop dword [eax+eax+0x0]
C012FC73  8B45BC            mov eax,[ebp-0x44]
C012FC76  83C460            add esp,byte +0x60
C012FC79  5B                pop ebx
C012FC7A  5E                pop esi
C012FC7B  5F                pop edi
C012FC7C  5D                pop ebp
C012FC7D  C3                ret
C012FC7E  6690              xchg ax,ax
C012FC80  A16CC041C0        mov eax,[0xc041c06c]

There are two possibilities: VirtualBox mis-executes (not merely traps, 
which is what tip:master looks for) the NOPL instruction, or something 
is jumping into the middle of the sequence that is then replaced by the 
NOPL.

So, Luiz: the DEBUG_INFO version of vmlinux would be helpful.  It would 
also help to know the exact version of VirtualBox you're running, what 
source you got it from, and what your host system looks like.

	-hpa
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ