lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <1288028746.3673.11.camel@laptop>
Date:	Mon, 25 Oct 2010 19:45:46 +0200
From:	Peter Zijlstra <peterz@...radead.org>
To:	Ingo Molnar <mingo@...e.hu>
Cc:	Steven Rostedt <rostedt@...dmis.org>,
	Jason Baron <jbaron@...hat.com>,
	LKML <linux-kernel@...r.kernel.org>,
	Andrew Morton <akpm@...ux-foundation.org>,
	Frederic Weisbecker <fweisbec@...il.com>,
	Thomas Gleixner <tglx@...utronix.de>,
	"H. Peter Anvin" <hpa@...or.com>,
	Arnaldo Carvalho de Melo <acme@...hat.com>,
	masami.hiramatsu.pt@...achi.com
Subject: Re: [PATCH][GIT PULL] tracing: Fix compile issue for
 trace_sched_wakeup.c

On Mon, 2010-10-25 at 17:47 +0200, Peter Zijlstra wrote:

> NOP'ed vs JMP'ed
> 

>   56:	6a 00                	push   $0x0                          6a 00                	push   $0x0
>   58:	e8 b7 fe ff ff       	call   0xffffff14                    e8 b7 fe ff ff       	call   0xffffff14
>   5d:	8b 43 1c             	mov    0x1c(%ebx),%eax               8b 43 1c             	mov    0x1c(%ebx),%eax
>   60:	89 44 24 04          	mov    %eax,0x4(%esp)                89 44 24 04          	mov    %eax,0x4(%esp)
>   64:	f0 fe 07             	lock incb (%edi)                     f0 fe 07             	lock incb (%edi)
>   67:*	0f 1f 44 00 00       	nopl   0x0(%eax,%eax,1)              e9 03 00 00 00       	jmp    0x6f              <--- PATCHED INSN
>   6c:	58                   	pop    %eax                          58                   	pop    %eax
>   6d:	eb 1d                	jmp    0x8c                          eb 1d                	jmp    0x8c
>   6f:	8b 35 70 ad 40 c1    	mov    0xc140ad70,%esi               8b 35 70 ad 40 c1    	mov    0xc140ad70,%esi
>   75:	85 f6                	test   %esi,%esi                     85 f6                	test   %esi,%esi
>   77:	74 13                	je     0x8c                          74 13                	je     0x8c
>   79:	8b 46 04             	mov    0x4(%esi),%eax                8b 46 04             	mov    0x4(%esi),%eax
>   7c:	89 da                	mov    %ebx,%edx                     89 da                	mov    %ebx,%edx
>   7e:	8b 4c 24 04          	mov    0x4(%esp),%ecx                8b 4c 24 04          	mov    0x4(%esp),%ecx
>   82:	ff 16                	call   *(%esi)                       ff 16                	call   *(%esi)
>   84:	83 c6 08             	add    $0x8,%esi                     83 c6 08             	add    $0x8,%esi
>   87:	83 3e 00             	cmpl   $0x0,(%esi)                   83 3e 00             	cmpl   $0x0,(%esi)
>   8a:	eb eb                	jmp    0x77                          eb eb                	jmp    0x77
>   8c:	89 d8                	mov    %ebx,%eax                     89 d8                	mov    %ebx,%eax
>   8e:	ff 14 24             	call   *(%esp)                       ff 14 24             	call   *(%esp)

OK, new theory.. 

56 pushl 0
67 nopl         jmp 0x6f
   popl
   jmp 0x8c

6f              mov
                test
		je 0x8c

8c mov
   call *(%esp)


So in the jumped path we miss a popl which pop's the 0 pushed before,
which is the exact address call is failing on..

Looks like gcc got its branches confused or something..

Am I reading this right?
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ