lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20130108210840.GC23616@liondog.tnic>
Date:	Tue, 8 Jan 2013 22:08:40 +0100
From:	Borislav Petkov <bp@...en8.de>
To:	"H. Peter Anvin" <hpa@...or.com>
Cc:	Konrad Rzeszutek Wilk <konrad.wilk@...cle.com>,
	Yinghai Lu <yinghai@...nel.org>,
	Thomas Gleixner <tglx@...utronix.de>,
	Ingo Molnar <mingo@...e.hu>,
	"Eric W. Biederman" <ebiederm@...ssion.com>,
	Andrew Morton <akpm@...ux-foundation.org>,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH v7 00/27] x86, boot, 64bit: Add support for loading
 ramdisk and bzImage above 4G

On Tue, Dec 25, 2012 at 07:51:54AM -0800, H. Peter Anvin wrote:
> Right, it's the ljmpq issue.
> 
> Borislav Petkov <bp@...en8.de> wrote:
> 
> >On Mon, Dec 24, 2012 at 05:06:01PM -0800, H. Peter Anvin wrote:
> >> Could this be the ljmpq problem that Borislav reported
> >> (Intel implemented ljmpq, AMD didn't, and I was tempted by a
> >> micro-optimization which broke AMD which made it into the patchset)?
> >
> >It has to be. Just booted Yinghai's -v8 in kvm on an AMD host and it
> >worked fine.
> >
> >With the change below it keeps rebooting like I reported earlier. I'd
> >go
> >out on a limb here and guess that the guest is triple-faulting due to
> >an
> >unhandled #GP caused by an invalid opcode or similar.
> >
> >---
> >diff --git a/arch/x86/kernel/head_64.S b/arch/x86/kernel/head_64.S
> >index d94f6d68be2a..1842d30c96a2 100644
> >--- a/arch/x86/kernel/head_64.S
> >+++ b/arch/x86/kernel/head_64.S
> >@@ -279,11 +279,8 @@ ENTRY(secondary_startup_64)
> >         *      REX.W + FF /5 JMP m16:64 Jump far, absolute indirect,
> >         *              address given in m16:64.
> >         */
> >-       movq    initial_code(%rip),%rax
> >        pushq   $0              # fake return address to stop unwinder
> >-       pushq   $__KERNEL_CS    # set correct cs
> >-       pushq   %rax            # target address in negative space
> >-       lretq
> >+       rex64 ljmp *initial_code(%rip)
> > 
> > #ifdef CONFIG_HOTPLUG_CPU

Btw, I'm being told that we could also do a JMP FAR through a call
gate in 64-bit mode. Basically, the insn operand contains a CS:OFFSET
whereas the OFFSET is ignored but only CS is looked at. It has to point
to a call gate descriptor which contains two pieces of a Code-Segment
Offset[0:63] and this points into the virtual address space where we
want to jump to.

Here's a picture to explain it better (figure 4-31 on page 105):
http://support.amd.com/us/Processor_TechDocs/24593_APM_v2.pdf

It looks like Intel should support that too, AFAICT.

-- 
Regards/Gruss,
    Boris.

Sent from a fat crate under my desk. Formatting is fine.
--
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ