| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <98fdd068-d1c3-1f8c-18b7-13c3909ed9ca@citrix.com>
Date: Wed, 13 Oct 2021 15:38:27 +0100
From: Andrew Cooper <andrew.cooper3@...rix.com>
To: Peter Zijlstra <peterz@...radead.org>, <x86@...nel.org>,
<jpoimboe@...hat.com>
CC: <linux-kernel@...r.kernel.org>, <alexei.starovoitov@...il.com>,
<ndesaulniers@...gle.com>
Subject: Re: [PATCH 4/9] x86/alternative: Implement .retpoline_sites support
On 13/10/2021 13:22, Peter Zijlstra wrote:
> +/*
> + * Rewrite the compiler generated retpoline thunk calls.
> + *
> + * For spectre_v2=off (!X86_FEATURE_RETPOLINE), rewrite them into immediate
> + * indirect instructions, avoiding the extra indirection.
> + *
> + * For example, convert:
> + *
> + * CALL __x86_indirect_thunk_\reg
> + *
> + * into:
> + *
> + * CALL *%\reg
> + *
> + */
> +static int patch_retpoline(void *addr, struct insn *insn, u8 *bytes)
> +{
> + void (*target)(void);
> + int reg, i = 0;
> +
> + if (cpu_feature_enabled(X86_FEATURE_RETPOLINE))
> + return -1;
> +
> + target = addr + insn->length + insn->immediate.value;
> + reg = (target - &__x86_indirect_thunk_rax) /
> + (&__x86_indirect_thunk_rcx - &__x86_indirect_thunk_rax);
This is equal measures beautiful and terrifying.
Something around here really wants to BUG_ON(reg == 4), because
literally nothing good can come from selecting %rsp.
Also, it might be a good idea (previous patch perhaps) to have some
linker assertions to confirm that the symbols are laid out safely to do
this calculation.
~Andrew
Powered by blists - more mailing lists