| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 16 Aug 2016 13:15:33 +0000 From: Alexey Brodkin <Alexey.Brodkin@...opsys.com> To: "liavr@...lanox.com" <liavr@...lanox.com> CC: "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, "eladkan@...lanox.com" <eladkan@...lanox.com>, "noamca@...lanox.com" <noamca@...lanox.com>, Vineet Gupta <Vineet.Gupta1@...opsys.com>, "linux-snps-arc@...ts.infradead.org" <linux-snps-arc@...ts.infradead.org> Subject: Re: [PATCH] ARC: Change ld.as instruction to regular ld. Hi Liav, On Tue, 2016-08-16 at 10:55 +0300, Liav Rehana wrote: > From: Liav Rehana <liavr@...lanox.com> > > The instruction ld.as takes as operands a base address and an offset, > and doesn't access the sum of these two, but the sum of the base > address and a shifted version of the offset. > This isn't what we want in that case, since it causes a bug during > the push and pop of r25, since his actual offset is given during > resume_user_mode_begin. > Thus, the use of ld solves this problem. > > Signed-off-by: Liav Rehana <liavr@...lanox.com> > --- Very nice catch! But IMHO description could be improved a little bit. Probably something like that: --------------------->8--------------------- "PT_user_r25" is offset in bytes within pt_regs structure. In its turn what "ld.as r1, [r2, x]" really does is r1 <- load_from(r2 + (x << data_size)) = load_from(r2 + x*4). But the code in question is supposed to load_from(r2 + x). This leads to obvious stack corruption. --------------------->8--------------------- Reviewed-by: Alexey Brodkin <abrodkin@...opsys.com>
Powered by blists - more mailing lists