Re: objtool clac/stac handling change..

From: Al Viro
Date: Fri Jul 03 2020 - 20:50:15 EST

Next message: syzbot: "KASAN: out-of-bounds Read in csd_lock_record"
Previous message: syzbot: "Re: KASAN: stack-out-of-bounds Read in csd_lock_record"
In reply to: Al Viro: "Re: objtool clac/stac handling change.."
Next in thread: Linus Torvalds: "Re: objtool clac/stac handling change.."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Jul 03, 2020 at 10:02:37PM +0100, Al Viro wrote:

> PS: I'm still going through the _ASM_EXTABLE... users on x86, so there
> might be more fun. Will post when I'm done...

Lovely... Not directly related to that, but... WTF?

arch/x86/lib/csum-copy_64.S:

/*
* No _ASM_EXTABLE_UA; this is used for intentional prefetch on a
* potentially unmapped kernel address.
*/
.macro ignore L=.Lignore
30:
_ASM_EXTABLE(30b, \L)
.endm

...
ignore 2f
prefetcht0 5*64(%rdi)
2:

(and no other users of 'ignore' anywhere). How could prefetcht0 possibly
raise an exception? Intel manual says that the only exception is #UD if
LOCK PREFETCHT0 is encountered; not here, obviously. AMD manual simply
says "no exceptions". Confused...

Incidentally, in the same file:
SYM_FUNC_START(csum_partial_copy_generic)
cmpl $3*64, %edx
jle .Lignore

.Lignore:
....

And it had been that way since "[PATCH] Intel x86-64 support merge" back
in 2004, where we had
@@ -59,15 +59,6 @@ csum_partial_copy_generic:
cmpl $3*64,%edx
jle .Lignore

- ignore
- prefetch (%rdi)
- ignore
- prefetch 1*64(%rdi)
- ignore
- prefetchw (%rsi)
- ignore
- prefetchw 1*64(%rsi)
-
.Lignore:
....
@@ -115,7 +106,7 @@ csum_partial_copy_generic:
movq 56(%rdi),%r13

ignore 2f
- prefetch 5*64(%rdi)
+ prefetcht0 5*64(%rdi)
2:
adcq %rbx,%rax
adcq %r8,%rax

What's going on in there? According to AMD manual, prefetch and prefetchw
can raise an exception (#UD), if
PREFETCH/PREFETCHW are not supported, as
indicated by ECX bit 8 of CPUID function
8000_0001h
Long Mode is not supported, as indicated by EDX
bit 29 of CPUID function 8000_0001h
The 3DNow! instructions are not supported, as
indicated by EDX bit 31 of CPUID function
8000_0001h.
so these at least used to make some sense, but why leave that thing at
the place where old prefetch became prefetcht0 and what is that comment
in front of 'ignore' definition about? Exceptions there had never
been about unmapped addresses - that would make no sense for prefetch.

What am I missing here?

Next message: syzbot: "KASAN: out-of-bounds Read in csd_lock_record"
Previous message: syzbot: "Re: KASAN: stack-out-of-bounds Read in csd_lock_record"
In reply to: Al Viro: "Re: objtool clac/stac handling change.."
Next in thread: Linus Torvalds: "Re: objtool clac/stac handling change.."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]