lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <YXpth/x0f5Rj3k+D@zn.tnic>
Date:   Thu, 28 Oct 2021 11:29:43 +0200
From:   Borislav Petkov <bp@...en8.de>
To:     Peter Zijlstra <peterz@...radead.org>
Cc:     x86@...nel.org, jpoimboe@...hat.com, andrew.cooper3@...rix.com,
        linux-kernel@...r.kernel.org, alexei.starovoitov@...il.com,
        ndesaulniers@...gle.com, bpf@...r.kernel.org
Subject: Re: [PATCH v3 11/16] x86/alternative: Handle Jcc
 __x86_indirect_thunk_\reg

On Tue, Oct 26, 2021 at 02:01:43PM +0200, Peter Zijlstra wrote:
> +	op = insn->opcode.bytes[0];
> +
> +	/*
> +	 * Convert:
> +	 *
> +	 *   Jcc.d32 __x86_indirect_thunk_\reg
> +	 *
> +	 * into:
> +	 *
> +	 *   Jncc.d8 1f
> +	 *   JMP *%\reg
> +	 *   NOP
> +	 * 1:
> +	 */

Let's explain the second part of the test better:

	/* Jcc opcodes are in the range 0x80-0x8f */

Yeah, you have that range check below but still.

> +	if (op == 0x0f && (insn->opcode.bytes[1] & 0xf0) == 0x80) {
> +		cc = insn->opcode.bytes[1] & 0xf;
> +		cc ^= 1; /* invert condition */
> +
> +		bytes[i++] = 0x70 + cc; /* Jcc.d8 */
> +		bytes[i++] = insn->length - 2;

maybe put at the end here: /* 2 == sizeof(Jcc.d8) */

to have it explicit what that 2 means.

But yeah, looks good.

Thx.

> +
> +		op = JMP32_INSN_OPCODE;
> +	}
> +
> +	ret = emit_indirect(op, reg, bytes + i);
> +	if (ret < 0)
> +		return ret;
> +	i += ret;
>  
>  	for (; i < insn->length;)
>  		bytes[i++] = BYTES_NOP1;
> @@ -443,6 +469,10 @@ void __init_or_module noinline apply_ret
>  		case JMP32_INSN_OPCODE:
>  			break;
>  
> +		case 0x0f: /* escape */
> +			if (op2 >= 0x80 && op2 <= 0x8f)
> +				break;
> +			fallthrough;
>  		default:
>  			WARN_ON_ONCE(1);
>  			continue;
> 
> 

-- 
Regards/Gruss,
    Boris.

https://people.kernel.org/tglx/notes-about-netiquette

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ