On 04/10, Denys Vlasenko wrote: > > There is this monstrosity, "16-bit override for branches" in 64-mode: > > 66 e8 nn nn callw <offset16> > > Nobody sane uses it because it truncates instruction pointer. > > Or rather, *I think* it should truncate it (i.e. zero-extend to full width), > but conceivably some CPUs can be buggy wrt that: > they can decide to modify only lower 16 bits of IP, > or even they can decided to use signed <offset16> but apply it > to full-width RIP. > > AMD manuals are not clear on what exactly should happen. > > I am sure no one sane uses this form of branch instructions > in 32-bit and 64-bit code. > > I don't think we should be trying to support it "correctly" > (we can just let program crash with SIGILL or something), > we only need to make sure we don't overlook its existence > and thus are not tricked into touching or modifying unrelated data.
And after the quick check it seems that lib/insn.c doesn't parse "66 e8 nn nn" correctly. It treats the next 2 bytes as the part of 32bit offset. > Imagine that 66 e8 nn nn bytes are exactly at the end of > a page, this doesn't matter. We always read MAX_UINSN_BYTES bytes, so > and we wrongly assume that offset is 32-bit, not 16-bit. > 66 e8 nn nn. see above this will always happen. So I think branch_setup_xol_ops() should simply return -ENOSYS in this case, and let the default_ code execute it out of line. Given that nobody should use this insn, this is probably not too bad. We can teach branch_xol_ops to handle this insn correctly later. Now the question is, how I can detect this insn correctly? I mean, using the "right" helpers from lib/insn.c ? Oleg. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
