lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:	Tue, 20 Oct 2009 07:13:24 +0100
From:	"Jan Beulich" <>
To:	<>, <>, <>
Cc:	<>, <>
Subject: Withdraw: [PATCH] x86-64: fix another kernel data leak to
	 32-bit processes

>Unfortunately I didn't realize that the other instances of branches to
>int_ret_from_sys_call also need fixing when preparing the previous
>similar patch. The issue fixed here was in fact introduced by an
>earlier patch of mine (295286a89107c353b9677bc604361c537fd6a1c0, i.e.
>in 2.6.28, but through stable now also present in 2.6.27), making
>kernel stack contents potentially visible through R8...R11 when an
>this or earlier syscall got interrupted prior to the handler being able
>to decrement the stack pointer (such that the space normally used by
>those registers within pt_regs would get overwritten by the interrupt
>handler stub).

That analysis wasn't right after all - there's a CLEAR_RREGS in each of
the modified paths already, so the change is unnecessary (and adding
redundant code). Please don't apply it.

>While touching the code, I also swapped the branch pairs so that the
>static branch prediction logic would consider the syscall-number-in-
>range case the taken path.

If this would seem a worthwhile change, I can re-send it as a separate,
lower priority patch...


To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to
More majordomo info at
Please read the FAQ at

Powered by blists - more mailing lists