| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20200921151226.3ismmtndjn4t5z4a@treble>
Date: Mon, 21 Sep 2020 10:12:26 -0500
From: Josh Poimboeuf <jpoimboe@...hat.com>
To: Julien Thierry <jthierry@...hat.com>
Cc: linux-kernel@...r.kernel.org, peterz@...radead.org, mbenes@...e.cz,
raphael.gault@....com, benh@...nel.crashing.org
Subject: Re: [PATCH 3/3] objtool: check: Make SP memory operation match
PUSH/POP semantics
On Mon, Sep 21, 2020 at 11:31:28AM +0100, Julien Thierry wrote:
> > > diff --git a/tools/objtool/check.c b/tools/objtool/check.c
> > > index f45991c2db41..7ff87fa3caec 100644
> > > --- a/tools/objtool/check.c
> > > +++ b/tools/objtool/check.c
> > > @@ -2005,6 +2005,13 @@ static int update_cfi_state(struct instruction *insn, struct cfi_state *cfi,
> > > break;
> > > case OP_SRC_REG_INDIRECT:
> > > + if (!cfi->drap && op->dest.reg == cfa->base) {
> >
> > && op->dest.reg == CFI_BP ?
> >
>
> Does it matter? My unstandig was that the register used to point to the CFA
> is getting overwritten, so we need to fallback to something known which is
> the offset from the stack pointer.
>
> Was that not the case?
Maybe. I was wondering if it would be possible to overwrite the stack
pointer, like 'mov disp(%rsp), %rsp', which could be possible in asm.
Though I suppose the below code would be harmless, since the CFA
base/offset would already be CFI_SP/cfi->stack_size respectively.
Still, no harm in making the condition more precise.
> > > +
> > > + /* mov disp(%rsp), %rbp */
> > > + cfa->base = CFI_SP;
> > > + cfa->offset = cfi->stack_size;
> > > + }
--
Josh
Powered by blists - more mailing lists