On Tue, Oct 6, 2020 at 10:14 AM Brian Gerst wrote:
>
> On Mon, Oct 5, 2020 at 3:31 PM Andy Lutomirski wrote:
> >
> > On 32-bit kernels, the stackprotector canary is quite nasty -- it is
> > stored at %gs:(20), which is nasty because 32-bit kernels use %fs for
> > percpu storage. It's even nastie
On Mon, Oct 5, 2020 at 3:31 PM Andy Lutomirski wrote:
>
> On 32-bit kernels, the stackprotector canary is quite nasty -- it is
> stored at %gs:(20), which is nasty because 32-bit kernels use %fs for
> percpu storage. It's even nastier because it means that whether %gs
> contains userspace state o
On Mon, Oct 05, 2020 at 12:30:03PM -0700, Andy Lutomirski wrote:
> @@ -441,6 +441,9 @@ struct fixed_percpu_data {
>* GCC hardcodes the stack canary as %gs:40. Since the
>* irq_stack is the object at %gs:0, we reserve the bottom
>* 48 bytes of the irq stack for the canary.
>
On Mon, Oct 5, 2020 at 7:29 PM Sean Christopherson
wrote:
>
> On Mon, Oct 05, 2020 at 12:30:03PM -0700, Andy Lutomirski wrote:
> > On 32-bit kernels, the stackprotector canary is quite nasty -- it is
> > stored at %gs:(20), which is nasty because 32-bit kernels use %fs for
> > percpu storage. It'
On Mon, Oct 05, 2020 at 12:30:03PM -0700, Andy Lutomirski wrote:
> On 32-bit kernels, the stackprotector canary is quite nasty -- it is
> stored at %gs:(20), which is nasty because 32-bit kernels use %fs for
> percpu storage. It's even nastier because it means that whether %gs
> contains userspace
On 32-bit kernels, the stackprotector canary is quite nasty -- it is
stored at %gs:(20), which is nasty because 32-bit kernels use %fs for
percpu storage. It's even nastier because it means that whether %gs
contains userspace state or kernel state while running kernel code
sepends on whether stack
6 matches
Mail list logo
