subject:"\[PATCH v8 06\/11\] x86\/CPU\: Adapt assembly for PIE support"

Re: [PATCH v8 06/11] x86/CPU: Adapt assembly for PIE support

2019-07-09 Thread Thomas Garnier

On Tue, Jul 9, 2019 at 11:39 AM Alexey Dobriyan  wrote:
>
> On Mon, Jul 08, 2019 at 12:35:13PM -0700, Thomas Garnier wrote:
> > On Mon, Jul 8, 2019 at 12:09 PM Alexey Dobriyan  wrote:
> > >
> > > Thomas Garnier wrote:
> > > > - "pushq $1f\n\t"
> > > > + "movabsq $1f, %q0\n\t"
> > > > + "pushq %q0\n\t"
> > > >   "iretq\n\t"
> > > >   UNWIND_HINT_RESTORE
> > > >   "1:"
> > >
> > > Fake PIE. True PIE looks like this:
> >
> > I used movabsq in couple assembly changes where the memory context is
> > unclear and relative reference might lead to issues. It happened on
> > early boot and hibernation save/restore paths. Do you think a relative
> > reference in this function will always be accurate?
>
> As long as iretq target is not too far it should be OK.
>
> I'm not really sure which issues can pop up.
>
> IRETQ is 64-bit only, RIP-relative addressing is 64-bit only.
> Assembler (hopefully) will error compilation if target is too far.
>
> And it is shorter than movabsq.

Agree, I will change it and run some tests for the next iteration.

>
> > > 81022d70 :
> > > 81022d70:   8c d0   moveax,ss
> > > 81022d72:   50  push   rax
> > > 81022d73:   54  push   rsp
> > > 81022d74:   48 83 04 24 08  addQWORD PTR [rsp],0x8
> > > 81022d79:   9c  pushf
> > > 81022d7a:   8c c8   moveax,cs
> > > 81022d7c:   50  push   rax
> > > 81022d7d:  ===> 48 8d 05 03 00 00 00learax,[rip+0x3]  
> > >   # 81022d87 
> > > 81022d84:   50  push   rax
> > > 81022d85:   48 cf   iretq
> > > 81022d87:   c3  ret
> > >
> > > Signed-off-by: Alexey Dobriyan 
> > >
> > > --- a/arch/x86/include/asm/processor.h
> > > +++ b/arch/x86/include/asm/processor.h
> > > @@ -710,7 +710,8 @@ static inline void sync_core(void)
> > > "pushfq\n\t"
> > > "mov %%cs, %0\n\t"
> > > "pushq %q0\n\t"
> > > -   "pushq $1f\n\t"
> > > +   "leaq 1f(%%rip), %q0\n\t"
> > > +   "pushq %q0\n\t"
> > > "iretq\n\t"
> > > UNWIND_HINT_RESTORE
> > > "1:"

Re: [PATCH v8 06/11] x86/CPU: Adapt assembly for PIE support

2019-07-09 Thread Alexey Dobriyan

On Mon, Jul 08, 2019 at 12:35:13PM -0700, Thomas Garnier wrote:
> On Mon, Jul 8, 2019 at 12:09 PM Alexey Dobriyan  wrote:
> >
> > Thomas Garnier wrote:
> > > - "pushq $1f\n\t"
> > > + "movabsq $1f, %q0\n\t"
> > > + "pushq %q0\n\t"
> > >   "iretq\n\t"
> > >   UNWIND_HINT_RESTORE
> > >   "1:"
> >
> > Fake PIE. True PIE looks like this:
> 
> I used movabsq in couple assembly changes where the memory context is
> unclear and relative reference might lead to issues. It happened on
> early boot and hibernation save/restore paths. Do you think a relative
> reference in this function will always be accurate?

As long as iretq target is not too far it should be OK.

I'm not really sure which issues can pop up.

IRETQ is 64-bit only, RIP-relative addressing is 64-bit only.
Assembler (hopefully) will error compilation if target is too far.

And it is shorter than movabsq.

> > 81022d70 :
> > 81022d70:   8c d0   moveax,ss
> > 81022d72:   50  push   rax
> > 81022d73:   54  push   rsp
> > 81022d74:   48 83 04 24 08  addQWORD PTR [rsp],0x8
> > 81022d79:   9c  pushf
> > 81022d7a:   8c c8   moveax,cs
> > 81022d7c:   50  push   rax
> > 81022d7d:  ===> 48 8d 05 03 00 00 00learax,[rip+0x3]
> > # 81022d87 
> > 81022d84:   50  push   rax
> > 81022d85:   48 cf   iretq
> > 81022d87:   c3  ret
> >
> > Signed-off-by: Alexey Dobriyan 
> >
> > --- a/arch/x86/include/asm/processor.h
> > +++ b/arch/x86/include/asm/processor.h
> > @@ -710,7 +710,8 @@ static inline void sync_core(void)
> > "pushfq\n\t"
> > "mov %%cs, %0\n\t"
> > "pushq %q0\n\t"
> > -   "pushq $1f\n\t"
> > +   "leaq 1f(%%rip), %q0\n\t"
> > +   "pushq %q0\n\t"
> > "iretq\n\t"
> > UNWIND_HINT_RESTORE
> > "1:"

Re: [PATCH v8 06/11] x86/CPU: Adapt assembly for PIE support

2019-07-08 Thread Thomas Garnier

On Mon, Jul 8, 2019 at 12:09 PM Alexey Dobriyan  wrote:
>
> Thomas Garnier wrote:
> > - "pushq $1f\n\t"
> > + "movabsq $1f, %q0\n\t"
> > + "pushq %q0\n\t"
> >   "iretq\n\t"
> >   UNWIND_HINT_RESTORE
> >   "1:"
>
> Fake PIE. True PIE looks like this:

I used movabsq in couple assembly changes where the memory context is
unclear and relative reference might lead to issues. It happened on
early boot and hibernation save/restore paths. Do you think a relative
reference in this function will always be accurate?

>
> 81022d70 :
> 81022d70:   8c d0   moveax,ss
> 81022d72:   50  push   rax
> 81022d73:   54  push   rsp
> 81022d74:   48 83 04 24 08  addQWORD PTR [rsp],0x8
> 81022d79:   9c  pushf
> 81022d7a:   8c c8   moveax,cs
> 81022d7c:   50  push   rax
> 81022d7d:  ===> 48 8d 05 03 00 00 00learax,[rip+0x3]# 
> 81022d87 
> 81022d84:   50  push   rax
> 81022d85:   48 cf   iretq
> 81022d87:   c3  ret
>
> Signed-off-by: Alexey Dobriyan 
>
> --- a/arch/x86/include/asm/processor.h
> +++ b/arch/x86/include/asm/processor.h
> @@ -710,7 +710,8 @@ static inline void sync_core(void)
> "pushfq\n\t"
> "mov %%cs, %0\n\t"
> "pushq %q0\n\t"
> -   "pushq $1f\n\t"
> +   "leaq 1f(%%rip), %q0\n\t"
> +   "pushq %q0\n\t"
> "iretq\n\t"
> UNWIND_HINT_RESTORE
> "1:"

Re: [PATCH v8 06/11] x86/CPU: Adapt assembly for PIE support

2019-07-08 Thread Alexey Dobriyan

Thomas Garnier wrote:
> - "pushq $1f\n\t"
> + "movabsq $1f, %q0\n\t"
> + "pushq %q0\n\t"
>   "iretq\n\t"
>   UNWIND_HINT_RESTORE
>   "1:"

Fake PIE. True PIE looks like this:

81022d70 :
81022d70:   8c d0   moveax,ss
81022d72:   50  push   rax
81022d73:   54  push   rsp
81022d74:   48 83 04 24 08  addQWORD PTR [rsp],0x8
81022d79:   9c  pushf
81022d7a:   8c c8   moveax,cs
81022d7c:   50  push   rax
81022d7d:  ===> 48 8d 05 03 00 00 00learax,[rip+0x3]# 
81022d87 
81022d84:   50  push   rax
81022d85:   48 cf   iretq
81022d87:   c3  ret

Signed-off-by: Alexey Dobriyan 

--- a/arch/x86/include/asm/processor.h
+++ b/arch/x86/include/asm/processor.h
@@ -710,7 +710,8 @@ static inline void sync_core(void)
"pushfq\n\t"
"mov %%cs, %0\n\t"
"pushq %q0\n\t"
-   "pushq $1f\n\t"
+   "leaq 1f(%%rip), %q0\n\t"
+   "pushq %q0\n\t"
"iretq\n\t"
UNWIND_HINT_RESTORE
"1:"

[PATCH v8 06/11] x86/CPU: Adapt assembly for PIE support

2019-07-08 Thread Thomas Garnier

Change the assembly code to use only relative references of symbols for the
kernel to be PIE compatible. Use the new _ASM_MOVABS macro instead of
the 'mov $symbol, %dst' construct.

Position Independent Executable (PIE) support will allow to extend the
KASLR randomization range below 0x8000.

Signed-off-by: Thomas Garnier 
---
 arch/x86/include/asm/processor.h | 6 --
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/arch/x86/include/asm/processor.h b/arch/x86/include/asm/processor.h
index 3eab6ece52b4..3e2154b0e09f 100644
--- a/arch/x86/include/asm/processor.h
+++ b/arch/x86/include/asm/processor.h
@@ -713,11 +713,13 @@ static inline void sync_core(void)
"pushfq\n\t"
"mov %%cs, %0\n\t"
"pushq %q0\n\t"
-   "pushq $1f\n\t"
+   "movabsq $1f, %q0\n\t"
+   "pushq %q0\n\t"
"iretq\n\t"
UNWIND_HINT_RESTORE
"1:"
-   : "=" (tmp), ASM_CALL_CONSTRAINT : : "cc", "memory");
+   : "=" (tmp), ASM_CALL_CONSTRAINT
+   : : "cc", "memory");
 #endif
 }
 
-- 
2.22.0.410.gd8fdbe21b5-goog

Re: [PATCH v8 06/11] x86/CPU: Adapt assembly for PIE support

Re: [PATCH v8 06/11] x86/CPU: Adapt assembly for PIE support

Re: [PATCH v8 06/11] x86/CPU: Adapt assembly for PIE support

Re: [PATCH v8 06/11] x86/CPU: Adapt assembly for PIE support

[PATCH v8 06/11] x86/CPU: Adapt assembly for PIE support

5 matches

Site Navigation

Mail list logo

Footer information