lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20251223202038.91200-2-ubizjak@gmail.com>
Date: Tue, 23 Dec 2025 21:18:56 +0100
From: Uros Bizjak <ubizjak@...il.com>
To: x86@...nel.org,
	linux-kernel@...r.kernel.org
Cc: Uros Bizjak <ubizjak@...il.com>,
	Thomas Gleixner <tglx@...utronix.de>,
	Ingo Molnar <mingo@...nel.org>,
	Borislav Petkov <bp@...en8.de>,
	Dave Hansen <dave.hansen@...ux.intel.com>,
	"H. Peter Anvin" <hpa@...or.com>
Subject: [PATCH 1/3] x86/boot: replace FS/GS inline asm with segment-qualified accesses

GCC treats absolute addresses smaller than min-pagesize param
(defaulting to 4kB) as assumed results of pointer arithmetics from
NULL. The following code, when compiled with -O2 -Warray-bounds
(included in -Wall):

  int foo (void) { return *(int *)0x123; }

will emit a rather cryptic warning:

warning: array subscript 0 is outside array bounds of ‘int[0]’ [-Warray-bounds=]
    1 | int foo (void) { return *(int *)0x123; }
      |                         ^~~~~~~~~~~~~
cc1: note: source object is likely at address zero

Currently, the warning is supressed by the GCC specific RELOC_HIDE()
macro that obfuscates arithmetic on a variable address so that GCC
doesn't recognize the original var, and make assumptions about it.

The GCC specific RELOC_HIDE() macro was introduced to work around
certain ppc64 specific compiler bug in pre-4.1 GCC. This bug was
fixed long ago, and replacing GCC specific macro with a generic one
triggers the above warning in vga_recalc_vertical().

To solve the issue, replace open-coded inline assembly used for
FS/GS memory accesses in arch/x86/boot/boot.h with segment-qualified
pointer dereferences. The compiler allows pointer arithmetic from
NULL in __seg_fs and __seg_gs named address spaces. Using __seg_fs
and __seg_gs also simplifies the code, improves readability,
and allows the compiler to reason better about the memory accesses.

Explicit "memory" clobbers are also added to FS/GS segment register
updates and repe cmpsb helpers to prevent incorrect reordering.

No functional changes intended.

Signed-off-by: Uros Bizjak <ubizjak@...il.com>
Cc: Thomas Gleixner <tglx@...utronix.de>
Cc: Ingo Molnar <mingo@...nel.org>
Cc: Borislav Petkov <bp@...en8.de>
Cc: Dave Hansen <dave.hansen@...ux.intel.com>
Cc: "H. Peter Anvin" <hpa@...or.com>
---
 arch/x86/boot/boot.h | 58 ++++++++++++++------------------------------
 1 file changed, 18 insertions(+), 40 deletions(-)

diff --git a/arch/x86/boot/boot.h b/arch/x86/boot/boot.h
index 8e3eab34dff4..6f39048f0481 100644
--- a/arch/x86/boot/boot.h
+++ b/arch/x86/boot/boot.h
@@ -53,7 +53,7 @@ static inline u16 ds(void)
 
 static inline void set_fs(u16 seg)
 {
-	asm volatile("movw %0,%%fs" : : "rm" (seg));
+	asm volatile("movw %0,%%fs" : : "rm" (seg) : "memory");
 }
 static inline u16 fs(void)
 {
@@ -64,7 +64,7 @@ static inline u16 fs(void)
 
 static inline void set_gs(u16 seg)
 {
-	asm volatile("movw %0,%%gs" : : "rm" (seg));
+	asm volatile("movw %0,%%gs" : : "rm" (seg) : "memory");
 }
 static inline u16 gs(void)
 {
@@ -77,78 +77,54 @@ typedef unsigned int addr_t;
 
 static inline u8 rdfs8(addr_t addr)
 {
-	u8 *ptr = (u8 *)absolute_pointer(addr);
-	u8 v;
-	asm volatile("movb %%fs:%1,%0" : "=q" (v) : "m" (*ptr));
-	return v;
+	return *(__seg_fs u8 *)(__force addr_t)absolute_pointer(addr);
 }
 static inline u16 rdfs16(addr_t addr)
 {
-	u16 *ptr = (u16 *)absolute_pointer(addr);
-	u16 v;
-	asm volatile("movw %%fs:%1,%0" : "=r" (v) : "m" (*ptr));
-	return v;
+	return *(__seg_fs u16 *)(__force addr_t)absolute_pointer(addr);
 }
 static inline u32 rdfs32(addr_t addr)
 {
-	u32 *ptr = (u32 *)absolute_pointer(addr);
-	u32 v;
-	asm volatile("movl %%fs:%1,%0" : "=r" (v) : "m" (*ptr));
-	return v;
+	return *(__seg_fs u32 *)(__force addr_t)absolute_pointer(addr);
 }
 
 static inline void wrfs8(u8 v, addr_t addr)
 {
-	u8 *ptr = (u8 *)absolute_pointer(addr);
-	asm volatile("movb %1,%%fs:%0" : "+m" (*ptr) : "qi" (v));
+	*(__seg_fs u8 *)(__force addr_t)absolute_pointer(addr) = v;
 }
 static inline void wrfs16(u16 v, addr_t addr)
 {
-	u16 *ptr = (u16 *)absolute_pointer(addr);
-	asm volatile("movw %1,%%fs:%0" : "+m" (*ptr) : "ri" (v));
+	*(__seg_fs u16 *)(__force addr_t)absolute_pointer(addr) = v;
 }
 static inline void wrfs32(u32 v, addr_t addr)
 {
-	u32 *ptr = (u32 *)absolute_pointer(addr);
-	asm volatile("movl %1,%%fs:%0" : "+m" (*ptr) : "ri" (v));
+	*(__seg_fs u32 *)(__force addr_t)absolute_pointer(addr) = v;
 }
 
 static inline u8 rdgs8(addr_t addr)
 {
-	u8 *ptr = (u8 *)absolute_pointer(addr);
-	u8 v;
-	asm volatile("movb %%gs:%1,%0" : "=q" (v) : "m" (*ptr));
-	return v;
+	return *(__seg_gs u8 *)(__force addr_t)absolute_pointer(addr);
 }
 static inline u16 rdgs16(addr_t addr)
 {
-	u16 *ptr = (u16 *)absolute_pointer(addr);
-	u16 v;
-	asm volatile("movw %%gs:%1,%0" : "=r" (v) : "m" (*ptr));
-	return v;
+	return *(__seg_gs u16 *)(__force addr_t)absolute_pointer(addr);
 }
 static inline u32 rdgs32(addr_t addr)
 {
-	u32 *ptr = (u32 *)absolute_pointer(addr);
-	u32 v;
-	asm volatile("movl %%gs:%1,%0" : "=r" (v) : "m" (*ptr));
-	return v;
+	return *(__seg_gs u32 *)(__force addr_t)absolute_pointer(addr);
 }
 
 static inline void wrgs8(u8 v, addr_t addr)
 {
-	u8 *ptr = (u8 *)absolute_pointer(addr);
-	asm volatile("movb %1,%%gs:%0" : "+m" (*ptr) : "qi" (v));
+	*(__seg_gs u8 *)(__force addr_t)absolute_pointer(addr) = v;
 }
 static inline void wrgs16(u16 v, addr_t addr)
 {
-	u16 *ptr = (u16 *)absolute_pointer(addr);
-	asm volatile("movw %1,%%gs:%0" : "+m" (*ptr) : "ri" (v));
+	*(__seg_gs u16 *)(__force addr_t)absolute_pointer(addr) = v;
 }
 static inline void wrgs32(u32 v, addr_t addr)
 {
-	u32 *ptr = (u32 *)absolute_pointer(addr);
-	asm volatile("movl %1,%%gs:%0" : "+m" (*ptr) : "ri" (v));
+	*(__seg_gs u32 *)(__force addr_t)absolute_pointer(addr) = v;
 }
 
 /* Note: these only return true/false, not a signed return value! */
@@ -156,14 +132,16 @@ static inline bool memcmp_fs(const void *s1, addr_t s2, size_t len)
 {
 	bool diff;
 	asm volatile("fs repe cmpsb"
-		     : "=@...z" (diff), "+D" (s1), "+S" (s2), "+c" (len));
+		     : "=@...z" (diff), "+D" (s1), "+S" (s2), "+c" (len)
+		     : : "memory");
 	return diff;
 }
 static inline bool memcmp_gs(const void *s1, addr_t s2, size_t len)
 {
 	bool diff;
 	asm volatile("gs repe cmpsb"
-		     : "=@...z" (diff), "+D" (s1), "+S" (s2), "+c" (len));
+		     : "=@...z" (diff), "+D" (s1), "+S" (s2), "+c" (len)
+		     : : "memory");
 	return diff;
 }
 
-- 
2.52.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ