lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <04a3d031624d4472aaf4cd20a0d3be47@AcuMS.aculab.com>
Date:   Fri, 18 Mar 2022 23:03:50 +0000
From:   David Laight <David.Laight@...LAB.COM>
To:     'Peter Zijlstra' <peterz@...radead.org>,
        Paolo Bonzini <pbonzini@...hat.com>
CC:     Maxim Levitsky <mlevitsk@...hat.com>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        "kvm@...r.kernel.org" <kvm@...r.kernel.org>,
        "seanjc@...gle.com" <seanjc@...gle.com>
Subject: RE: [PATCH v3 6/6] KVM: x86: allow defining return-0 static calls

From: Peter Zijlstra
> Sent: 18 March 2022 18:02
> 
> On Fri, Mar 18, 2022 at 06:47:32PM +0100, Peter Zijlstra wrote:
> > On Fri, Mar 18, 2022 at 06:28:37PM +0100, Peter Zijlstra wrote:
> > > > Related to this, I don't see anything in arch/x86/kernel/static_call.c that
> > > > limits this code to x86-64:
> > > >
> > > >                 if (func == &__static_call_return0) {
> > > >                         emulate = code;
> > > >                         code = &xor5rax;
> > > >                 }
> > > >
> > > >
> > > > On 32-bit, it will be patched as "dec ax; xor eax, eax" or something like
> > > > that.  Fortunately it doesn't corrupt any callee-save register but it is not
> > > > just a bit funky, it's also not a single instruction.
> > >
> > > Urggghh.. that's fairly yuck. So there's two options I suppose:
> > >
> > > 	0x66, 0x66, 0x66, 0x31, 0xc0
> >
> > Argh, that turns into: xorw %ax, %ax.
> >
> > Let me see if there's another option.
> 
> Amazingly:
> 
>   0x2e, 0x2e, 0x2e, 0x31, 0xc0
> 
> seems to actually work.. I've build and ran and decoded the below on
> 32bit and 64bit (arguably on the same 64bit host).

Not really amazing...
In 64bit mode all accesses to 32bit registers zero the
high bits.
So 'xor %eax,%eax' zeros all of %rax in 64bit mode.
So three segment override prefixes will extend it to 5 bytes.

Think I'd pick the FS or GS override (0x64 or 0x65).
Just in case someone decides that CS/DS/ES/SS prefix will
mean something else in 64bit mode.

	David

-
Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
Registration No: 1397386 (Wales)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ