| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <528D1D44.3000600@zytor.com> Date: Wed, 20 Nov 2013 12:36:20 -0800 From: "H. Peter Anvin" <hpa@...or.com> To: Linus Torvalds <torvalds@...ux-foundation.org>, "H. Peter Anvin" <hpa@...ux.intel.com> CC: Ingo Molnar <mingo@...nel.org>, Thomas Gleixner <tglx@...utronix.de>, linux-tip-commits@...r.kernel.org, Fenghua Yu <fenghua.yu@...el.com>, Linux Kernel Mailing List <linux-kernel@...r.kernel.org> Subject: Re: [tip:x86/asm] x86-64, copy_user: Remove zero byte check before copy user buffer. On 11/20/2013 12:13 PM, Linus Torvalds wrote: > On Wed, Nov 20, 2013 at 11:28 AM, H. Peter Anvin <hpa@...ux.intel.com> wrote: >>> >>> .section .fixup,"ax" >>> 11: lea (%rdx,%rcx,8),%rcx >>> 12: movl %ecx,%edx /* ecx is zerorest also */ >> >> -> Even if %rdx+%rcx*8 > 2^32 we end up truncating at 12: -- not that it >> matters, since both arguments are prototyped as "unsigned" and therefore >> the C compiler is supposed to guarantee the upper 32 bits are ignored. > > Ahh. That was the one I thought was broken, but yes, while the upper > bits of %rcx are calculated and not zeroed, they end up not actually > getting used. So yeah, I'll believe it's correct. > That being said, "lea (%rdx,%rcx,8),%ecx" (leal, as opposed to leaq) is a perfectly legitimate instruction and actually one byte shorter. The big question is if some broken version of gas will choke on it. -hpa -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists