| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <48eb20be-0b49-43f9-ba73-7ab6849f2bf1@email.android.com> Date: Tue, 08 Jan 2013 13:15:41 -0800 From: "H. Peter Anvin" <hpa@...or.com> To: Borislav Petkov <bp@...en8.de> CC: Konrad Rzeszutek Wilk <konrad.wilk@...cle.com>, Yinghai Lu <yinghai@...nel.org>, Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...e.hu>, "Eric W. Biederman" <ebiederm@...ssion.com>, Andrew Morton <akpm@...ux-foundation.org>, linux-kernel@...r.kernel.org Subject: Re: [PATCH v7 00/27] x86, boot, 64bit: Add support for loading ramdisk and bzImage above 4G Yes, but why bother... Borislav Petkov <bp@...en8.de> wrote: >On Tue, Dec 25, 2012 at 07:51:54AM -0800, H. Peter Anvin wrote: >> Right, it's the ljmpq issue. >> >> Borislav Petkov <bp@...en8.de> wrote: >> >> >On Mon, Dec 24, 2012 at 05:06:01PM -0800, H. Peter Anvin wrote: >> >> Could this be the ljmpq problem that Borislav reported >> >> (Intel implemented ljmpq, AMD didn't, and I was tempted by a >> >> micro-optimization which broke AMD which made it into the >patchset)? >> > >> >It has to be. Just booted Yinghai's -v8 in kvm on an AMD host and it >> >worked fine. >> > >> >With the change below it keeps rebooting like I reported earlier. >I'd >> >go >> >out on a limb here and guess that the guest is triple-faulting due >to >> >an >> >unhandled #GP caused by an invalid opcode or similar. >> > >> >--- >> >diff --git a/arch/x86/kernel/head_64.S b/arch/x86/kernel/head_64.S >> >index d94f6d68be2a..1842d30c96a2 100644 >> >--- a/arch/x86/kernel/head_64.S >> >+++ b/arch/x86/kernel/head_64.S >> >@@ -279,11 +279,8 @@ ENTRY(secondary_startup_64) >> > * REX.W + FF /5 JMP m16:64 Jump far, absolute >indirect, >> > * address given in m16:64. >> > */ >> >- movq initial_code(%rip),%rax >> > pushq $0 # fake return address to stop >unwinder >> >- pushq $__KERNEL_CS # set correct cs >> >- pushq %rax # target address in negative space >> >- lretq >> >+ rex64 ljmp *initial_code(%rip) >> > >> > #ifdef CONFIG_HOTPLUG_CPU > >Btw, I'm being told that we could also do a JMP FAR through a call >gate in 64-bit mode. Basically, the insn operand contains a CS:OFFSET >whereas the OFFSET is ignored but only CS is looked at. It has to point >to a call gate descriptor which contains two pieces of a Code-Segment >Offset[0:63] and this points into the virtual address space where we >want to jump to. > >Here's a picture to explain it better (figure 4-31 on page 105): >http://support.amd.com/us/Processor_TechDocs/24593_APM_v2.pdf > >It looks like Intel should support that too, AFAICT. -- Sent from my mobile phone. Please excuse brevity and lack of formatting. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists