lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <alpine.DEB.2.11.1411131448530.3935@nanos>
Date:	Thu, 13 Nov 2014 14:51:07 +0100 (CET)
From:	Thomas Gleixner <tglx@...utronix.de>
To:	Dave Hansen <dave@...1.net>
cc:	hpa@...or.com, mingo@...hat.com, x86@...nel.org,
	linux-mm@...ck.org, linux-kernel@...r.kernel.org,
	linux-ia64@...r.kernel.org, linux-mips@...ux-mips.org,
	qiaowei.ren@...el.com, dave.hansen@...ux.intel.com
Subject: Re: [PATCH 08/11] x86, mpx: [new code] decode MPX instruction to
 get bound violation information

On Wed, 12 Nov 2014, Dave Hansen wrote:
> Changes from the old decoder:
>  * Use the generic decoder instead of custom functions.  Saved
>    ~70 lines of code overall.
>  * Remove insn->addr_bytes code (never used??)
>  * Make sure never to possibly overflow the regoff[] array, plus
>    check the register range correctly in 32 and 64-bit modes.
>  * Allow get_reg() to return an error and have mpx_get_addr_ref()
>    handle when it sees errors.
>  * Only call insn_get_*() near where we actually use the values
>    instead if trying to call them all at once.
>  * Handle short reads from copy_from_user() and check the actual
>    number of read bytes against what we expect from
>    insn_get_length().  If a read stops in the middle of an
>    instruction, we error out.
>  * Actually check the opcodes intead of ignoring them.
>  * Dynamically kzalloc() siginfo_t so we don't leak any stack
>    data.
>  * Detect and handle decoder failures instead of ignoring them.

Very nice work! It's easy to follow and the error handling of all
sorts is well thought out.

Thanks,

	tglx
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ