lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CA+55aFzMEcyjNfsv0iS5Ga-CpTOmNpmaUmAquOjO2ZsLBvYVYg@mail.gmail.com>
Date:   Mon, 21 Nov 2016 10:20:17 -0800
From:   Linus Torvalds <torvalds@...ux-foundation.org>
To:     "H. Peter Anvin" <hpa@...or.com>
Cc:     Andy Lutomirski <luto@...nel.org>, tedheadster@...il.com,
        Brian Gerst <brgerst@...il.com>,
        George Spelvin <linux@...izon.com>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        X86 ML <x86@...nel.org>
Subject: Re: What exactly do 32-bit x86 exceptions push on the stack in the CS slot?

On Mon, Nov 21, 2016 at 7:58 AM, H. Peter Anvin <hpa@...or.com> wrote:
> On 11/20/16 20:54, hpa@...or.com wrote:
>>
>> I believe i686+ writes zero, older CPUs leave unchanged.
>
> I should point out that, at least from my memory, the same applies to
> instructions like "movl <seg>".  I can't even remember for sure how the
> behavior differs between "movl <seg>,<reg32>" and "movl <seg>,<mem>";
> I'd have to do some digging.

I have this distinct feeling that there issues with *both* the
register and memory versions.

Because I have this dim memory that on early microarchitectures, even
"mov segment to register" would always only do a 16-bit move, even if
it was encoded as a 32-bit "movl". Although that may be partly because
I know "gas" had some confusion about operand sizes and segment
register instructions, so there might have been toolchain issues too.

I just dug out my old 486 manual on _paper_ (Christ, I still had it):
"Intel486(tm) Microprocessor Family Programmer's Reference Manual".
The "mov" instruction is only documented for r/m16, and it has a
footnote saying "In protected mode, use 16-bit operand size prefix".

I definitely know that the "only write 16 bits" was the case for
memory accesses, but I think it might have been the case even for
register moves. After all, "mov segment register" is actually a
completely different instruction from the normal "mov" instructions,
even if it often shows up together with them in the instruction
descriptions.

The i686 cleaned up a lot of things, but I think this might be an area
where there were differences between i486 and Pentium and all the
clone chips too.

                    Linus

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ