| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CALCETrWm-VwnumU4sAsq0K74ZS7s1Ja=mAhSgWZicoxN6G9CPQ@mail.gmail.com>
Date: Thu, 24 Nov 2016 09:16:39 -0800
From: Andy Lutomirski <luto@...capital.net>
To: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: "H. Peter Anvin" <hpa@...or.com>, Ingo Molnar <mingo@...nel.org>,
Brian Gerst <brgerst@...il.com>,
Andy Lutomirski <luto@...nel.org>,
Matthew Whitehead <tedheadster@...il.com>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
X86 ML <x86@...nel.org>
Subject: Re: What exactly do 32-bit x86 exceptions push on the stack in the CS slot?
On Mon, Nov 21, 2016 at 1:21 PM, Linus Torvalds
<torvalds@...ux-foundation.org> wrote:
> On Mon, Nov 21, 2016 at 10:26 AM, H. Peter Anvin <hpa@...or.com> wrote:
>> On 11/21/16 10:00, Linus Torvalds wrote:
>>>
>>> I'd much rather we go back to just making the "cs" entry explicitly
>>> 16-bit, and have a separate padding entry, the way we used to long
>>> long ago.
>>>
>>
>> I would agree 100% with this.
>
> We _used_ to do it like this in some places (signal stack, other places):
>
> unsigned short cs, __csh;
I'm testing a patch to do exactly this. I didn't bother with the
fancy anonymous union stuff because I don't see any great reason that
anything needs to write the high bits.
Amusingly, grsecurity seems to contain a fix for one instance of this
bug on x86_32 and one instance on x86_64 (!).
--Andy
Powered by blists - more mailing lists