| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 7 Feb 2018 20:28:16 +0100
From: Borislav Petkov <bp@...en8.de>
To: Peter Zijlstra <peterz@...radead.org>
Cc: Linus Torvalds <torvalds@...ux-foundation.org>,
kbuild test robot <fengguang.wu@...el.com>,
Ingo Molnar <mingo@...nel.org>,
Thomas Gleixner <tglx@...utronix.de>,
LKML <linux-kernel@...r.kernel.org>,
the arch/x86 maintainers <x86@...nel.org>
Subject: Re: [linus:master] BUILD REGRESSION
a2e5790d841658485d642196dbb0927303d6c22f
On Wed, Feb 07, 2018 at 08:14:51PM +0100, Peter Zijlstra wrote:
> Then someone went and wrecked it.
Yeah, note says UD0 didn't eat a ModRM byte on old CPUs. But then that
changed too. Fun stuff changing insn encoding underway.
So if we opt for adding a ModRM byte, could a 0x90 NOP work so that it
doesn't shit itself on those old CPUs?
/me goes and checks
Well, no:
b3: 0f ff eb ud0 %ebx,%ebp
decoded with latest objdump turns into:
b3: 0f .byte 0xf
b4: ff .byte 0xff
b5: 90 nop
because 0x90, when used as a ModRM means, AFAICT, register-indirect
addressing with a 32-bit offset which would need more bytes. :-\
/me adds more bytes...
Yap, yuck, that works:
b3: 0f ff 90 90 90 90 90 ud0 -0x6f6f6f70(%rax),%edx
I guess we need to experiment a bit to find a suitable byte to add...
Nasty.
--
Regards/Gruss,
Boris.
Good mailing practices for 400: avoid top-posting and trim the reply.
Powered by blists - more mailing lists