| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 28 Apr 2014 19:44:08 +0200
From: Denys Vlasenko <dvlasenk@...hat.com>
To: linux-kernel@...r.kernel.org
CC: Denys Vlasenko <dvlasenk@...hat.com>,
Jim Keniston <jkenisto@...ibm.com>,
Masami Hiramatsu <masami.hiramatsu.pt@...achi.com>,
Srikar Dronamraju <srikar@...ux.vnet.ibm.com>,
Ingo Molnar <mingo@...nel.org>, Oleg Nesterov <oleg@...hat.com>
Subject: Re: [PATCH] uprobes: use BX register for rip-relative fixups, not
AX
On 04/28/2014 07:06 PM, Denys Vlasenko wrote:
> + * Note: we can't use rax or rdx registers as scratch!
> + * There are 3-operand insns which use rax or rdx:rax
> + * as an implicit operand, _and_ they use modrm byte
> + * whose reg field indicates third register or opcode extension.
> + * In particular, these insns:
> + * f7/6 r/m div r/m
> + * 0f b1 r/m cmpxchg r/m,reg
> + * 0f c7/1 mem cmpxchg{8b,16b} mem
> + * Looking at "reg" field won't allow to detect that rax or rdx
> + * are in use.
Eek.... even this is not good enough for cmpxchg8b!
The damn thing uses CX and BX too!
AMD docs say -
"""Compares the value in the rDX:rAX registers with a 64-bit
or 128-bit value in the specified memory location.
If the values are equal, the instruction copies the value
in the rCX:rBX registers to the memory location and sets
the zero flag (ZF) of the rFLAGS register to 1."""
So, my patch does fix the cases of div and cmpxchg insns,
but not cmpxchg8b.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists