lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 07 May 2014 19:11:58 +0300
From:	Nadav Amit <nadav.amit@...il.com>
To:	Bandan Das <bsd@...hat.com>, Nadav Amit <namit@...technion.ac.il>
CC:	mtosatti@...hat.com, pbonzini@...hat.com, hpa@...or.com,
	gleb@...nel.org, tglx@...utronix.de, mingo@...hat.com,
	x86@...nel.org, kvm@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 4/5] KVM: x86: Wrong register masking in 64-bit mode

On 5/7/14, 5:50 PM, Bandan Das wrote:
> Nadav Amit <namit@...technion.ac.il> writes:
>
>> 32-bit operations are zero extended in 64-bit mode. Currently, the code does
>> not handle them correctly and keeps the high bits. In 16-bit mode, the high
>> 32-bits are kept intact.
>>
>> In addition, although it is not well-documented, when address override prefix
>
> It would be helpful to have a pointer in the SDM especially for cases
> that are not well-documented.
>
>> is used with REP-string instruction, RCX high half is zeroed even if ECX was
>> zero on the first iteration (as if an assignment was performed to ECX).
>>
>> Signed-off-by: Nadav Amit <namit@...technion.ac.il>
>>

First, as for the different masking/zero-extending behavior in different 
modes, I guess this behavior is documented in SDM Volume 1, Section 
3.3.7: "Address Calculations in 64-Bit Mode". It appears (from 
experiments on bare-metal) that it also regards ESI/EDI/ECX on 
REP-prefix instructions and I presume it regards ESP on stack operations 
and ECX on loop operations. I will ensure it soon.

Second, the behavior of zero-extending RCX even if ECX is initially zero 
was experienced on native environment (Intel SandyBridge), and we found 
no erratum regarding it. I actually found no documentation that 
describes this behavior. The term "not well-documented" is probably 
misleading, and will be clarified on v2.

Thanks,
Nadav

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ