lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Mon, 15 May 2023 12:26:18 +0200
From:   Peter Zijlstra <peterz@...radead.org>
To:     Andrew.Cooper3@...rix.com
Cc:     x86@...nel.org, linux-kernel@...r.kernel.org, mhiramat@...nel.org,
        jpoimboe@...hat.com
Subject: Re: [PATCH 2/2] x86: Shorten RESET_CALL_DEPTH

On Mon, May 15, 2023 at 10:47:42AM +0100, Andrew.Cooper3@...rix.com wrote:
> On 15/05/2023 10:28 am, Peter Zijlstra wrote:

> > Shrink it by 4 bytes:
> >
> >   0:   31 c0                   xor    %eax,%eax
> >   2:   48 0f ba e8 3f          bts    $0x3f,%rax
> >   7:   65 48 89 04 25 00 00 00 00      mov    %rax,%gs:0x0

> >  #define RESET_CALL_DEPTH					\
> > -	mov	$0x80, %rax;					\
> > -	shl	$56, %rax;					\
> > +	xor	%eax, %eax;					\
> > +	bts	$59, %rax;					\
> 
> $63 ?
> 
> The disassembly looks correct.

Yeah, uhmm, clearly I fixed it somewhere but not on the version I send
out :-(

Too bad we need the RAX.W prefix...

---
Subject: x86: Shorten RESET_CALL_DEPTH
From: Peter Zijlstra <peterz@...radead.org>
Date: Fri Feb 10 10:10:57 CET 2023

RESET_CALL_DEPTH is a pretty fat monster and blows up UNTRAIN_RET to
20 bytes:

  19:       48 c7 c0 80 00 00 00    mov    $0x80,%rax
  20:       48 c1 e0 38             shl    $0x38,%rax
  24:       65 48 89 04 25 00 00 00 00      mov    %rax,%gs:0x0     29: R_X86_64_32S        pcpu_hot+0x10

Shrink it by 4 bytes:

  0:   31 c0                   xor    %eax,%eax
  2:   48 0f ba e8 3f          bts    $0x3f,%rax
  7:   65 48 89 04 25 00 00 00 00      mov    %rax,%gs:0x0

Shrink RESET_CALL_DEPTH_FROM_CALL by 5 bytes by only setting al, the
other bits are shifted out (the same could be done for
RESET_CALL_DEPTH, but the xor+bts sequence has less depencies due to
the zeroing).

Suggested-by: Andrew Cooper <andrew.cooper3@...rix.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@...radead.org>
---
 arch/x86/include/asm/nospec-branch.h |    6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

--- a/arch/x86/include/asm/nospec-branch.h
+++ b/arch/x86/include/asm/nospec-branch.h
@@ -84,12 +84,12 @@
 	movq	$-1, PER_CPU_VAR(pcpu_hot + X86_call_depth);
 
 #define RESET_CALL_DEPTH					\
-	mov	$0x80, %rax;					\
-	shl	$56, %rax;					\
+	xor	%eax, %eax;					\
+	bts	$63, %rax;					\
 	movq	%rax, PER_CPU_VAR(pcpu_hot + X86_call_depth);
 
 #define RESET_CALL_DEPTH_FROM_CALL				\
-	mov	$0xfc, %rax;					\
+	movb	$0xfc, %al;					\
 	shl	$56, %rax;					\
 	movq	%rax, PER_CPU_VAR(pcpu_hot + X86_call_depth);	\
 	CALL_THUNKS_DEBUG_INC_CALLS

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ