| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 17 Mar 2022 19:25:55 -0500
From: Segher Boessenkool <segher@...nel.crashing.org>
To: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: Florian Weimer <fweimer@...hat.com>,
Nick Desaulniers <ndesaulniers@...gle.com>,
"H. Peter Anvin" <hpa@...or.com>, Bill Wendling <morbo@...gle.com>,
Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
Dave Hansen <dave.hansen@...ux.intel.com>,
"maintainer:X86 ARCHITECTURE (32-BIT AND 64-BIT)" <x86@...nel.org>,
Nathan Chancellor <nathan@...nel.org>,
Juergen Gross <jgross@...e.com>,
Peter Zijlstra <peterz@...radead.org>,
Andy Lutomirski <luto@...nel.org>, llvm@...ts.linux.dev,
LKML <linux-kernel@...r.kernel.org>,
linux-toolchains <linux-toolchains@...r.kernel.org>
Subject: Re: [PATCH v5] x86: use builtins to read eflags
On Thu, Mar 17, 2022 at 01:36:19PM -0700, Linus Torvalds wrote:
> asm volatile("# __raw_save_flags\n\t"
> "pushf ; pop %0"
> : "=rm" (flags)
> : /* no input */
> : "memory");
> And is that "memory" clobber because it modifies the memory location
> just below the current stack pointer?
>
> No, not really - outside the kernel that might be an issue, but we
> already have to build the kernel with -mno-red-zone, so if the
> compiler uses that memory location, that would be a *HUGE* compiler
> bug already.
There is the problem though that this might extend the stack, which
isn't marked up anywhere, so the static checkers do not see the stack
overflow, and it won't be noticed until runtime. Or do the checkers
consider such cases?
> So the "memory" clobber has absolutely nothing to do with the fact
> that 'pushf' updates the stack pointer, writes to that location, and
> the popf then undoes it.
>
> It's literally because we don't want the compiler to move non-spill
> memory accesses around it (or other asm statements wiht memory
> clobbers), regardless of the fact that the sequence doesn't really
> read or write memory in any way that is relevant to the compiler.
Well, that, or the write of the code didn't consider this, just went
"writes memory, so we clobber".
> > GCC doesn't have barriers in the built-ins (if we are talking about
> > __builtin_ia32_readeflags_u64 and __builtin_ia32_writeeflags_u64). I
> > expect they are actually pretty useless, and were merely added for
> > completeness of the intrinsics headers.
>
> Yeah, without any kinds of ordering guarantees, I think those builtins
> are basically only so in name. They might as well return a random
> value - they're not *useful*, because they don't have any defined
> behavior.
No ordering wrt any other code, yes. Which is not anything you can
solve in only the builtin -- you need to consider the other code that
you order with as well, change that code as well.
> I mean, we *could* certainly use "read eflags" in the kernel, and yes,
> in theory it would be lovely if we didn't have to encode it as a
> "pushf/pop" sequence, and the compiler tracked the stack pointer for
> us, and perhaps combined it with other stack pointer changes to the
> point where the "popf" would never happen, it would just undo the %rsp
> change at function exit time.
>
> So yes, a builtin can improve code generation.
Yes, and they are much easier to write, and can be written correctly by
lookenspeepers who just *have* to twist every knob that they can -- more
easily than inline asm anyway, which is unforgiving to the extreme.
They are also much easier to read usually, make for cleaner code. They
certainly have their place. But they should stay there, too :-)
Segher
Powered by blists - more mailing lists