lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <121f58b7-b781-44cf-a18f-6f8893c82187@t-8ch.de>
Date: Sat, 10 Aug 2024 14:37:19 +0200
From: Thomas Weißschuh <linux@...ssschuh.net>
To: Ammar Faizi <ammarfaizi2@...weeb.org>
Cc: Willy Tarreau <w@....eu>, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 3/3] tools/nolibc: x86_64: wrap asm functions in functions

On 2024-08-10 19:12:25+0000, Ammar Faizi wrote:
> On Sat, Aug 10, 2024 at 12:54:46PM +0200, Thomas Weißschuh wrote:
> > +__attribute__((weak,unused,section(".text.nolibc_memmove")))
> > +__nolibc_naked __no_stack_protector
> > +void *memmove(void *dst __attribute__((unused)),
> > +	      const void *src __attribute__((unused)),
> > +	      size_t len __attribute__((unused)))
> > +{
> > +	__asm__ volatile (
> > +		"movq %rdx, %rcx\n\t"
> > +		"movq %rdi, %rax\n\t"
> > +		"movq %rdi, %rdx\n\t"
> > +		"subq %rsi, %rdx\n\t"
> > +		"cmpq %rcx, %rdx\n\t"
> > +		"jb   .Lbackward_copy\n\t"
> > +		"rep movsb\n\t"
> > +		"retq\n"
> > +		".Lbackward_copy:"
> > +		"leaq -1(%rdi, %rcx, 1), %rdi\n\t"
> > +		"leaq -1(%rsi, %rcx, 1), %rsi\n\t"
> > +		"std\n\t"
> > +		"rep movsb\n\t"
> > +		"cld\n\t"
> > +		"retq\n"
> > +	);
> > +	__nolibc_naked_epilogue();
> > +}
> 
> NAK for this patch.

Thanks for the feedback!

(I'm not an assembler programmer, so regard my notes with a grain of salt)

> This approach appears highly dangerous, particularly when the compiler
> inlines the call. When using inline assembly within a function, it's
> crucial to define proper constraints and a clobber list to ensure the
> arguments are correctly bound to the inline assembly.

Aren't the constraints a feature of Extended Asm?
This is a Basic Asm block.
Indeed naked functions only support Basic Asm, so there is no way to
explicitly bind arguments to their registers.

Looking at the object code for various on both gcc and clang show always
the same object code.
(Although GCC adds a "ud2" after the "ret")

> Moreover, as it stands, there is no indication to the compiler that the
> inline assembly modifies registers such as %rax, %rdi, %rsi, %rdx, %rcx,
> or "memory", which could lead to unpredictable behavior.

> Unfortunately, I can't spend more time on this right now as I'm
> currently traveling. I'll get back to it later when I'm in transit.

There is no urgency on this, I'll wait on your further feedback.

Thanks again,
Thomas

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ