Re: [PATCH] x86_64, asm: Work around AMD SYSRET SS descriptor attribute issue

Mon, 27 Apr 2015 05:09:22 -0700 

On 04/27/2015 01:35 PM, Borislav Petkov wrote:
> On Mon, Apr 27, 2015 at 10:53:05AM +0200, Borislav Petkov wrote:
>>      ALTERNATIVE "",
>>                  "shl     $(64 - (__VIRTUAL_MASK_SHIFT+1)), %rcx \
>>                   sar     $(64 - (__VIRTUAL_MASK_SHIFT+1)), %rcx \
>>                   cmpq    %rcx, %r11 \
>>                   jne     opportunistic_sysret_failed"
>>                   X86_BUG_SYSRET_CANONICAL_RCX
> 
> Right, so I can do this:
> 
>         /*
>          * Change top 16 bits to be the sign-extension of 47th bit, if this
>          * changed %rcx, it was not canonical.
>          */
>         ALTERNATIVE "", \
>                 "shl    $(64 - (47+1)), %rcx; \
>                  sar    $(64 - (47+1)), %rcx; \
>                  cmpq   %rcx, %r11; \
>                  jne    opportunistic_sysret_failed", X86_BUG_SYSRET_CANON_RCX
> 
> If I use the __VIRTUAL_MASK_SHIFT macro *in* the ALTERNATIVE macro, I get some
> really cryptic gas error:
> 
> arch/x86/kernel/entry_64.S: Assembler messages:
> arch/x86/kernel/entry_64.S:441: Error: can't resolve `L0' {*ABS* section} - 
> `L0' {*UND* section}
> scripts/Makefile.build:294: recipe for target 'arch/x86/kernel/entry_64.o' 
> failed
> make[1]: *** [arch/x86/kernel/entry_64.o] Error 1
> Makefile:1536: recipe for target 'arch/x86/kernel/entry_64.o' failed
> make: *** [arch/x86/kernel/entry_64.o] Error 2
> 
> but I guess we can simply use the naked "47" because a couple of lines
> above, we already have the sanity-check:
> 
>         .ifne __VIRTUAL_MASK_SHIFT - 47
>         .error "virtual address width changed -- SYSRET checks need update"
>         .endif
> 
> so we should be guarded just fine.
> 
> Anyway, if we do it this way, we get 17 NOPs added at build time which is the
> length of the 4 instructions:
> 
> ffffffff819ef40c:       48 c1 e1 10             shl    $0x10,%rcx
> ffffffff819ef410:       48 c1 f9 10             sar    $0x10,%rcx
> ffffffff819ef414:       49 39 cb                cmp    %rcx,%r11
> ffffffff819ef417:       0f 85 ff 9c bc ff       jne    ffffffff815b911c 
> <opportunistic_sysret_failed>

This looks strange. opportunistic_sysret_failed label is just a few
instructions below. Why are you getting "ff 9c bc ff" offset in JNE
instead of short jump of 0x5f bytes I see without ALTERNATIVE?
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Reply via email to