lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAFULd4b8hJpY-gAy4MPug1PjK4ME0M_jeBZ68XLjYuSERr7RKA@mail.gmail.com>
Date: Wed, 21 Jan 2026 17:16:53 +0100
From: Uros Bizjak <ubizjak@...il.com>
To: David Laight <david.laight.linux@...il.com>
Cc: Brian Gerst <brgerst@...il.com>, "H. Peter Anvin" <hpa@...or.com>, linux-kernel@...r.kernel.org, 
	tip-bot2 for Uros Bizjak <tip-bot2@...utronix.de>, linux-tip-commits@...r.kernel.org, 
	"Borislav Petkov (AMD)" <bp@...en8.de>, Michael Kelley <mhklinux@...look.com>, x86@...nel.org
Subject: Re: [tip: x86/cleanups] x86/segment: Use MOVL when reading segment registers

On Wed, Jan 21, 2026 at 5:06 PM David Laight
<david.laight.linux@...il.com> wrote:
>
> On Wed, 21 Jan 2026 06:49:16 -0500
> Brian Gerst <brgerst@...il.com> wrote:
>
> > On Wed, Jan 21, 2026 at 2:29 AM H. Peter Anvin <hpa@...or.com> wrote:
> > >
> > > On January 20, 2026 4:08:01 AM PST, tip-bot2 for Uros Bizjak <tip-bot2@...utronix.de> wrote:
> > > >The following commit has been merged into the x86/cleanups branch of tip:
> > > >
> > > >Commit-ID:     53ed3d91a141f5c8b3bce45b0004fbbfefe77956
> > > >Gitweb:        https://git.kernel.org/tip/53ed3d91a141f5c8b3bce45b0004fbbfefe77956
> > > >Author:        Uros Bizjak <ubizjak@...il.com>
> > > >AuthorDate:    Mon, 05 Jan 2026 10:02:32 +01:00
> > > >Committer:     Borislav Petkov (AMD) <bp@...en8.de>
> > > >CommitterDate: Tue, 20 Jan 2026 12:34:58 +01:00
> > > >
> > > >x86/segment: Use MOVL when reading segment registers
> > > >
> > > >Use MOVL when reading segment registers to avoid 0x66 operand-size override
> > > >insn prefix. The segment value is always 16-bit and gets zero-extended to the
> > > >full 32-bit size.
> > > >
> > > >Example:
> > > >
> > > >  4e4:       66 8c c0                mov    %es,%ax
> > > >  4e7:       66 89 83 80 0b 00 00    mov    %ax,0xb80(%rbx)
> > > >
> > > >  4e4:       8c c0                   mov    %es,%eax
> > > >  4e6:       66 89 83 80 0b 00 00    mov    %ax,0xb80(%rbx)
> > > >
> > > >Also, use the %k0 modifier which generates the SImode (signed integer)
> > > >register name for the target register.
> > > >
> > > >  [ bp: Extend and clarify commit message. ]
> > > >
> > > >Signed-off-by: Uros Bizjak <ubizjak@...il.com>
> > > >Signed-off-by: Borislav Petkov (AMD) <bp@...en8.de>
> > > >Reviewed-by: H. Peter Anvin (Intel) <hpa@...or.com>
> > > >Tested-by: Michael Kelley <mhklinux@...look.com>
> > > >Link: https://patch.msgid.link/20260105090422.6243-1-ubizjak@gmail.com
> > > >---
> > > > arch/x86/include/asm/segment.h | 2 +-
> > > > 1 file changed, 1 insertion(+), 1 deletion(-)
> > > >
> > > >diff --git a/arch/x86/include/asm/segment.h b/arch/x86/include/asm/segment.h
> > > >index f59ae71..9f5be2b 100644
> > > >--- a/arch/x86/include/asm/segment.h
> > > >+++ b/arch/x86/include/asm/segment.h
> > > >@@ -348,7 +348,7 @@ static inline void __loadsegment_fs(unsigned short value)
> > > >  * Save a segment register away:
> > > >  */
> > > > #define savesegment(seg, value)                               \
> > > >-      asm("mov %%" #seg ",%0":"=r" (value) : : "memory")
> > > >+      asm("movl %%" #seg ",%k0" : "=r" (value) : : "memory")
> > > >
> > > > #endif /* !__ASSEMBLER__ */
> > > > #endif /* __KERNEL__ */
> > > >
> > >
> > > Incidentally, why aren't we using =rm here? Segment moves support memory operands.
> >
> > You would have to be really careful to only use short (16-bit)
> > variables, because it will not zero-extend with a memory operand.
> >
>
> It would be much safer to have something that returned the value
> of the segment register (zero extended to 32 bits).

movl from %seg to 32-bit register (as proposed in the patch)
zero-extends the value all the way to word size (64-bits on x86_64).
The proposed solution also handles memory operands, so:

--cut here--
unsigned int m;

void foo(void)
{
  asm("mov %%gs,%k0" : "=r"(m));
}
--cut here--

compiles to optimal code:

0000000000000000 <foo>:
  0:   8c e8                   mov    %gs,%eax
  2:   89 05 00 00 00 00       mov    %eax,0x0(%rip)        # 8 <foo+0x8>
                       4: R_X86_64_PC32        m-0x4
  8:   c3                      ret

Uros.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ