| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20090904174605.GA8396@wavehammer.waldi.eu.org> Date: Fri, 4 Sep 2009 19:46:05 +0200 From: Bastian Blank <waldi@...ian.org> To: Jeremy Fitzhardinge <jeremy@...p.org> Cc: linux-kernel@...r.kernel.org, xen-devel@...ts.xensource.com, 544145@...s.debian.org, Keir Fraser <keir.fraser@...citrix.com> Subject: Re: 32bit binaries on x86_64/Xen segfaults in syscall-vdso On Fri, Sep 04, 2009 at 09:07:39AM -0700, Jeremy Fitzhardinge wrote: > On 09/03/09 15:36, Bastian Blank wrote: > > This function looks weird. It tries to restores the user code segment. > > But the documentation from AMD explicitely stat that the CS and SS are > > restored from the STAR register. > > And STAR is always set with: > wrmsrl(MSR_STAR, ((u64)__USER32_CS)<<48 | ((u64)__KERNEL_CS)<<32); No. This is the normal kernel setup. But the Xen setup (the relevant one) looks different: | #define FLAT_RING3_CS32 0xe023 | wrmsr(MSR_STAR, 0, (FLAT_RING3_CS32<<16) | __HYPERVISOR_CS); But this does not match my observation either. And even the native Linux kernel uses "iret" to jump out of a compat (32bit) syscall. No, I don't want to understand this, but it looks highly broken. Bastian -- Captain's Log, star date 21:34.5... -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists