lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAHk-=wiy=vZu63bfD8uJ6wSK8Pw_vsz-Fe2=WjFLGa_f1JnFWg@mail.gmail.com>
Date: Mon, 28 Jul 2025 22:33:48 -0700
From: Linus Torvalds <torvalds@...ux-foundation.org>
To: Josh Poimboeuf <jpoimboe@...nel.org>
Cc: "Alan J. Wylie" <alan@...ie.me.uk>, linux-kernel@...r.kernel.org, 
	regressions@...ts.linux.dev, stable@...r.kernel.org, 
	Masami Hiramatsu <mhiramat@...nel.org>
Subject: Re: "stack state/frame" and "jump dest instruction" errors (was Re:
 Linux 6.16)

On Mon, 28 Jul 2025 at 08:42, Josh Poimboeuf <jpoimboe@...nel.org> wrote:
>
> The problem is likely that CONFIG_X86_NATIVE_CPU is using some
> AMD-specific instruction(s) which objtool doesn't know how to decode.

It might be a good idea to add some byte printout in the objtool
'can't decode instruction' error message, to make it easier to
immediately see what code sequence cannot be decoded.

> I don't have time to look at this for at least the next few days, but I
> suspect this one:
>
>      1a3:       8f ea 78 10 c3 0a 06 00 00      bextr  $0x60a,%ebx,%eax

Hmm. We do have BEXTR in our x86-opcode-map.txt file,:

  Table: 3-byte opcode 1 (0x0f 0x38)
  Referrer: 3-byte escape 1
  AVXcode: 2
  # 0x0f 0x38 0x00-0x0f
  ...
  f7: BEXTR Gy,Ey,By (v) | SHLX Gy,Ey,By (66),(v) | SARX Gy,Ey,By
(F3),(v) | SHRX Gy,Ey,By (F2),(v)

but there's apparently two different versions of 'nextr'.

The one we know about is the "BMI encoding", but there's also a TBM
encoding ("Trailing Bit Manipulation") that AMD introduced for
Bulldozer, and it appears that we don't have those in our opcode maps.

And yeah, I think it's bulldozer-specific, which explains why nobody
sees it (because bulldozer was one of the not-very-great AMD uarchs
before they got it right with Zen).

             Linus

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ