Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 28 Jun 2018 15:16:21 +0200
From: Solar Designer <solar@...nwall.com>
To: Vasily Averin <vvs@...tuozzo.com>
Cc: owl-dev@...ts.openwall.com
Subject: Re: 32-bit syscall breakage in -431 kernel with KAISER

On Thu, Jun 28, 2018 at 04:08:29PM +0300, Vasily Averin wrote:
> On 06/26/2018 10:13 PM, Solar Designer wrote:
> > per my review of the full struct tss_struct, the stack[] field
> > offset is:
> > 
> > 4+8*5+4*2+2*2+1025*8+8 = 8264
> 
> Alexander,
> seems you're wrong
> 
> in my version of rhel5-based -123.1 kernel
> 
> crash> tss_struct -o
> struct tss_struct {
>      [0x0] u32 reserved1;
>      [0x4] u64 rsp0;
>      [0xc] u64 rsp1;
>     [0x14] u64 rsp2;
>     [0x1c] u64 reserved2;
>     [0x24] u64 ist[7];
>     [0x5c] u32 reserved3;
>     [0x60] u32 reserved4;
>     [0x64] u16 reserved5;
>     [0x66] u16 io_bitmap_base;
>     [0x68] unsigned long io_bitmap[1025];
>   [0x2070] unsigned long stack_canary;
>   [0x2078] unsigned long stack[64];
> }
> SIZE: 0x3000
> crash> tss_struct -od
> struct tss_struct {
>       [0] u32 reserved1;
>       [4] u64 rsp0;
>      [12] u64 rsp1;
>      [20] u64 rsp2;
>      [28] u64 reserved2;
>      [36] u64 ist[7];
>      [92] u32 reserved3;
>      [96] u32 reserved4;
>     [100] u16 reserved5;
>     [102] u16 io_bitmap_base;
>     [104] unsigned long io_bitmap[1025];
>    [8304] unsigned long stack_canary;
>    [8312] unsigned long stack[64];
> }
> SIZE: 12288
> 
> Seems you missed that 'ist' filed is an array

Ah, yes, indeed.  But since it has an odd number of elements, this
leaves stack[] just as unaligned.

Can you check your RHEL6-based kernels as well?

Thanks!

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.