lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Thu, 11 May 2017 19:06:00 -0700
From:   Ricardo Neri <>
To:     Borislav Petkov <>
Cc:     Ingo Molnar <>,
        Thomas Gleixner <>,
        "H. Peter Anvin" <>,
        Andy Lutomirski <>,
        Peter Zijlstra <>,
        Andrew Morton <>,
        Brian Gerst <>,
        Chris Metcalf <>,
        Dave Hansen <>,
        Paolo Bonzini <>,
        Masami Hiramatsu <>,
        Huang Rui <>, Jiri Slaby <>,
        Jonathan Corbet <>,
        "Michael S. Tsirkin" <>,
        Paul Gortmaker <>,
        Vlastimil Babka <>,
        Chen Yucong <>,
        Alexandre Julliard <>,
        Stas Sergeev <>, Fenghua Yu <>,
        "Ravi V. Shankar" <>,
        Shuah Khan <>,,,,,
        Adam Buchbinder <>,
        Colin Ian King <>,
        Lorenzo Stoakes <>,
        Qiaowei Ren <>,
        Arnaldo Carvalho de Melo <>,
        Adrian Hunter <>,
        Kees Cook <>,
        Thomas Garnier <>,
        Dmitry Vyukov <>
Subject: Re: [v6 PATCH 08/21] x86/insn-eval: Add utility function to get
 segment descriptor base address

On Fri, 2017-05-05 at 19:28 +0200, Borislav Petkov wrote:
> On Wed, Apr 26, 2017 at 03:52:41PM -0700, Ricardo Neri wrote:
> > Probably insn_get_seg_base() itself can verify if there are segment
> > override prefixes in the struct insn. If yes, use them except for
> > specific cases such as CS.
> ... and depending on whether in long mode or not.

Yes, in my v7 I ignore the segment register if we are in long mode [1].
> > On an unrelated note, I still have the problem of using DS vs ES for
> > string instructions. Perhaps instead of a use_default_seg flag, a
> > string_instruction flag that indicates how to determine the default
> > segment.
> ... or you can look at the insn opcode directly. AFAICT, you need
> to check whether the opcode is 0xa4 or 0xa5 and that the insn is a
> single-byte opcode, i.e., not from the secondary map escaped with 0xf or
> some of the other multi-byte opcode maps.

In my v7, I have added a section my function resolve_seg_register() that
segment overrides if it sees string instructions and the register EDI
and defaults to ES. If the register is EIP, it defaults to CS. To
determine if an instruction is a string instruction I do check for the
size of the opcode and the opcodes that you mention plus others based on
the Intel Software Development Manual[2].


Thanks and BR,

> -- 
> Regards/Gruss,
>     Boris.
> SUSE Linux GmbH, GF: Felix Imend├Ârffer, Jane Smithard, Graham Norton, HRB 21284 (AG N├╝rnberg)

Powered by blists - more mailing lists