Kernel-hardening archive on lore.kernel.org
 help / color / Atom feed
From: Peter Zijlstra <peterz@infradead.org>
To: Thomas Garnier <thgarnie@chromium.org>
Cc: Kernel Hardening <kernel-hardening@lists.openwall.com>,
	Kristen Carlson Accardi <kristen@linux.intel.com>,
	Kees Cook <keescook@chromium.org>,
	Andy Lutomirski <luto@kernel.org>,
	Thomas Gleixner <tglx@linutronix.de>,
	Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
	"H. Peter Anvin" <hpa@zytor.com>,
	the arch/x86 maintainers <x86@kernel.org>,
	LKML <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH v10 04/11] x86/entry/64: Adapt assembly for PIE support
Date: Fri, 6 Dec 2019 11:26:49 +0100
Message-ID: <20191206102649.GC2844@hirez.programming.kicks-ass.net> (raw)
In-Reply-To: <CAJcbSZF+vGE6ZseiQfcis2NMcimmpwvov_P-tZe--z5UxJPDdg@mail.gmail.com>

On Thu, Dec 05, 2019 at 09:01:50AM -0800, Thomas Garnier wrote:
> On Thu, Dec 5, 2019 at 1:04 AM Peter Zijlstra <peterz@infradead.org> wrote:
> > On Wed, Dec 04, 2019 at 04:09:41PM -0800, Thomas Garnier wrote:
> >
> > > @@ -1625,7 +1627,11 @@ first_nmi:
> > >       addq    $8, (%rsp)      /* Fix up RSP */
> > >       pushfq                  /* RFLAGS */
> > >       pushq   $__KERNEL_CS    /* CS */
> > > -     pushq   $1f             /* RIP */
> > > +     pushq   $0              /* Future return address */
> >
> > We're building an IRET frame, the IRET frame does not have a 'future
> > return address' field.
> 
> I assumed that's the target RIP after iretq.

It is. But it's still the (R)IP field of the IRET frame. Calling it
anything else is just confusing. The frame is 5 words: SS, (R)SP, (R)FLAGS,
CS, (R)IP.

> > > +     pushq   %rdx            /* Save RAX */
> > > +     leaq    1f(%rip), %rdx  /* RIP */
> >
> > nonsensical comment
> 
> That was the same comment from the push $1f that I changed.

Yes, but there it made sense since the PUSH actually created that field
of the frame, here it is nonsensical. What this instruction does is put
the address of the '1f' label into RDX, which is then stuck into the
(R)IP field on the next instruction.

> > > +     movq    %rdx, 8(%rsp)   /* Put 1f on return address */
> > > +     popq    %rdx            /* Restore RAX */

  reply index

Thread overview: 26+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-12-05  0:09 [PATCH v10 00/11] x86: PIE support to extend KASLR randomization Thomas Garnier
2019-12-05  0:09 ` [PATCH v10 01/11] x86/crypto: Adapt assembly for PIE support Thomas Garnier
2019-12-18 12:46   ` Borislav Petkov
2019-12-18 16:35     ` Thomas Garnier
2019-12-18 16:45       ` Borislav Petkov
2019-12-05  0:09 ` [PATCH v10 02/11] x86: Add macro to get symbol address " Thomas Garnier
2019-12-05  0:09 ` [PATCH v10 03/11] x86: relocate_kernel - Adapt assembly " Thomas Garnier
2019-12-05  0:09 ` [PATCH v10 04/11] x86/entry/64: " Thomas Garnier
2019-12-05  9:03   ` Peter Zijlstra
2019-12-05 17:01     ` Thomas Garnier
2019-12-06 10:26       ` Peter Zijlstra [this message]
2019-12-06 16:35         ` Thomas Garnier
2019-12-20 16:05           ` Borislav Petkov
2019-12-05  0:09 ` [PATCH v10 05/11] x86: pm-trace - " Thomas Garnier
2019-12-05  0:09 ` [PATCH v10 06/11] x86/CPU: " Thomas Garnier
2019-12-05  0:09 ` [PATCH v10 07/11] x86/acpi: " Thomas Garnier
2019-12-05  0:09 ` [PATCH v10 08/11] x86/boot/64: " Thomas Garnier
2019-12-05  0:09 ` [PATCH v10 09/11] x86/power/64: " Thomas Garnier
2019-12-05  0:09 ` [PATCH v10 10/11] x86/paravirt: " Thomas Garnier
2019-12-23 17:23   ` Borislav Petkov
2019-12-24 10:04     ` Borislav Petkov
2019-12-05  0:09 ` [PATCH v10 11/11] x86/alternatives: " Thomas Garnier
2019-12-19 13:34 ` [PATCH v10 00/11] x86: PIE support to extend KASLR randomization Peter Zijlstra
2019-12-19 16:35   ` Thomas Garnier
2019-12-24 13:03 ` Borislav Petkov
2019-12-30 18:52   ` Kees Cook

Reply instructions:

You may reply publically to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20191206102649.GC2844@hirez.programming.kicks-ass.net \
    --to=peterz@infradead.org \
    --cc=bp@alien8.de \
    --cc=hpa@zytor.com \
    --cc=keescook@chromium.org \
    --cc=kernel-hardening@lists.openwall.com \
    --cc=kristen@linux.intel.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=luto@kernel.org \
    --cc=mingo@redhat.com \
    --cc=tglx@linutronix.de \
    --cc=thgarnie@chromium.org \
    --cc=x86@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Kernel-hardening archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/kernel-hardening/0 kernel-hardening/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 kernel-hardening kernel-hardening/ https://lore.kernel.org/kernel-hardening \
		kernel-hardening@lists.openwall.com
	public-inbox-index kernel-hardening

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/com.openwall.lists.kernel-hardening


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git