On Wed, 22 Oct 2014, Eric Paris wrote: > That's really serious. Looking now. Indeed its serious. And it's even more serious as this masterpiece of assembly wreckage was pulled in via your tree w/o having an acked-by one of the x86 maintainers. > On Wed, 2014-10-22 at 16:08 -0200, Paulo Zanoni wrote: > > commit b4f0d3755c5e9cc86292d5fd78261903b4f23d4a > > Author: Richard Guy Briggs > > Date: Tue Mar 4 10:38:06 2014 -0500 > > audit: x86: drop arch from __audit_syscall_entry() interface > > > > According to our QA, their i386 machine doesn't boot anymore. I tried > > to write my own revert for the patch, asked QA to test, and they > > confirmed it "solves" the problem. diff --git a/arch/x86/kernel/entry_32.S b/arch/x86/kernel/entry_32.S index 0d0c9d4ab6d5..f9e3fabc8716 100644 --- a/arch/x86/kernel/entry_32.S +++ b/arch/x86/kernel/entry_32.S @@ -449,12 +449,11 @@ sysenter_audit: jnz syscall_trace_entry addl $4,%esp CFI_ADJUST_CFA_OFFSET -4 - /* %esi already in 8(%esp) 6th arg: 4th syscall arg */ - /* %edx already in 4(%esp) 5th arg: 3rd syscall arg */ - /* %ecx already in 0(%esp) 4th arg: 2nd syscall arg */ - movl %ebx,%ecx /* 3rd arg: 1st syscall arg */ - movl %eax,%edx /* 2nd arg: syscall number */ - movl $AUDIT_ARCH_I386,%eax /* 1st arg: audit arch */ + movl %esi,4(%esp) /* 5th arg: 4th syscall arg */ + movl %edx,(%esp) /* 4th arg: 3rd syscall arg */ Bilndly overwriting the stack which holds the syscall arguments is really a brilliant way to ensure security. Thanks, tglx _______________________________________________ Intel-gfx mailing list Intel-gfx@xxxxxxxxxxxxxxxxxxxxx http://lists.freedesktop.org/mailman/listinfo/intel-gfx
