| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 26 Apr 2013 16:38:09 +0100 From: "David Laight" <David.Laight@...LAB.COM> To: "Eric Dumazet" <eric.dumazet@...il.com> Cc: "Xi Wang" <xi.wang@...il.com>, "Daniel Borkmann" <dborkman@...hat.com>, "David S. Miller" <davem@...emloft.net>, "Russell King" <linux@....linux.org.uk>, "Heiko Carstens" <heiko.carstens@...ibm.com>, "Eric Dumazet" <edumazet@...gle.com>, "Will Drewry" <wad@...omium.org>, "Andrew Morton" <akpm@...ux-foundation.org>, <netdev@...r.kernel.org>, <linux-kernel@...r.kernel.org> Subject: RE: [RFC PATCH net-next 2/6] x86: bpf_jit_comp: support BPF_S_ANC_SECCOMP_LD_W instruction > > > >> + func = (u8 *)seccomp_bpf_load; > > > >> + t_offset = func - (image + addrs[i]); > > > >> + EMIT1_off32(0xbf, K); /* mov imm32,%edi */ > > > >> + EMIT1_off32(0xe8, t_offset); /* call seccomp_bpf_load */ > > > >> + break; > > > >> +#endif > > > > > > > > This seems seriously wrong to me. > > > > > > Can you elaborate? > > > > The 'call seccomp_bpf_load' needs a pc-relative offset, > > I assume that is what EMIT1_off32() generates. > > > > The other two instructions want an absolute 32 bit value... > > Hmm, this part is fine, we perform the relative adjustments in > t_offset = func - (image + addrs[i]); The call needs the displacement from the address of the instruction following the call. I can't imagine any way in which above can allow for the 5 byte 'mov imm32,%edi' instruction. I'd have thought there would be an EMIT1_imm32(). (I've written a lot of x86 asm in my days!) David
Powered by blists - more mailing lists