Re: ESP corruption bug - what CPUs are affected?

From: Denis Vlasenko
Date: Tue Sep 21 2004 - 06:46:10 EST

Next message: Benjamin Herrenschmidt: "Re: [PATCH] ppc64: Fix __raw_* IO accessors"
Previous message: Ingo Freund: "RE: three days running fine, then memory allocation errors"
In reply to: Pavel Machek: "Re: ESP corruption bug - what CPUs are affected?"
Next in thread: Petr Vandrovec: "Re: ESP corruption bug - what CPUs are affected?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tuesday 21 September 2004 14:19, Pavel Machek wrote:
> Hi!
>
> > >for subsequent push/pop/call/ret operations.
> > >But if code uses full ESP, thinking that upper 16 bits are zero,
> > >it will crash badly. Correct me if I'm wrong.
> >
> > That's correct. But you should note that the
> > program not just "thinks" that the upper 16 bits
> > are zero. It writes zero there itself, and a few
> > instructions later - oops, it is no longer zero...
>
> Hmm, perhaps this can also be viewed as a "information leak"? Program
> running under dosemu is not expected to know high bits of kernel
> %esp...

Yes.

I must admit that Stas was right and I was wrong.
This is a 386 CPU bug.

Since then it seems to be codified in i86 architecture
and duplicated in all successors.
Incredible... :(
--
vda

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Benjamin Herrenschmidt: "Re: [PATCH] ppc64: Fix __raw_* IO accessors"
Previous message: Ingo Freund: "RE: three days running fine, then memory allocation errors"
In reply to: Pavel Machek: "Re: ESP corruption bug - what CPUs are affected?"
Next in thread: Petr Vandrovec: "Re: ESP corruption bug - what CPUs are affected?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]