| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 28 Oct 2021 11:29:43 +0200
From: Borislav Petkov <bp@...en8.de>
To: Peter Zijlstra <peterz@...radead.org>
Cc: x86@...nel.org, jpoimboe@...hat.com, andrew.cooper3@...rix.com,
linux-kernel@...r.kernel.org, alexei.starovoitov@...il.com,
ndesaulniers@...gle.com, bpf@...r.kernel.org
Subject: Re: [PATCH v3 11/16] x86/alternative: Handle Jcc
__x86_indirect_thunk_\reg
On Tue, Oct 26, 2021 at 02:01:43PM +0200, Peter Zijlstra wrote:
> + op = insn->opcode.bytes[0];
> +
> + /*
> + * Convert:
> + *
> + * Jcc.d32 __x86_indirect_thunk_\reg
> + *
> + * into:
> + *
> + * Jncc.d8 1f
> + * JMP *%\reg
> + * NOP
> + * 1:
> + */
Let's explain the second part of the test better:
/* Jcc opcodes are in the range 0x80-0x8f */
Yeah, you have that range check below but still.
> + if (op == 0x0f && (insn->opcode.bytes[1] & 0xf0) == 0x80) {
> + cc = insn->opcode.bytes[1] & 0xf;
> + cc ^= 1; /* invert condition */
> +
> + bytes[i++] = 0x70 + cc; /* Jcc.d8 */
> + bytes[i++] = insn->length - 2;
maybe put at the end here: /* 2 == sizeof(Jcc.d8) */
to have it explicit what that 2 means.
But yeah, looks good.
Thx.
> +
> + op = JMP32_INSN_OPCODE;
> + }
> +
> + ret = emit_indirect(op, reg, bytes + i);
> + if (ret < 0)
> + return ret;
> + i += ret;
>
> for (; i < insn->length;)
> bytes[i++] = BYTES_NOP1;
> @@ -443,6 +469,10 @@ void __init_or_module noinline apply_ret
> case JMP32_INSN_OPCODE:
> break;
>
> + case 0x0f: /* escape */
> + if (op2 >= 0x80 && op2 <= 0x8f)
> + break;
> + fallthrough;
> default:
> WARN_ON_ONCE(1);
> continue;
>
>
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette
Powered by blists - more mailing lists