Re: [PATCH urgent] x86, asm: Disable opportunistic SYSRET if regs->flags has TF set

From: Borislav Petkov
Date: Thu Apr 02 2015 - 02:18:59 EST

On Wed, Apr 01, 2015 at 11:18:16PM +0200, Denys Vlasenko wrote:
> On 04/01/2015 09:25 PM, Andy Lutomirski wrote:
> > Fix it by using IRET to restore TF. Since it's late, I'm keeping
> > this minimal and keeping "testq" instead of switching to "testl".
> Changing to "testl" here wins nothing.

Except less data (a dword) being shuffled and tracked for dependencies
in the machine instead of qword.

> Since r11 is used, REX prefix will be encoded anyway.

As a future cleanup, one could use one of the "old", i.e. not-extended
registers to save 2 bytes per insn (REX pfx and ModRM) but one has to
remember to do

mov %rax, %r11

in the end.

And yep, it should preferrably be %rax as we have opcode 0xa9 which
tests an immediate and RAX and saves us the ModRM as we don't need to
specify a register.

a42: 49 f7 c3 00 00 01 00 test $0x10000,%r11
a49: 75 41 jne a8c <opportunistic_sysret_failed>

a42: 49 f7 c3 00 01 01 00 test $0x10100,%r11
a49: 75 41 jne a8c <opportunistic_sysret_failed>

a42: 41 f7 c3 00 01 01 00 test $0x10100,%r11d
a49: 75 41 jne a8c <opportunistic_sysret_failed>

a42: a9 00 01 01 00 test $0x10100,%eax
a47: 75 41 jne a8a <opportunistic_sysret_failed>


ECO tip #101: Trim your mails when you reply.
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at
Please read the FAQ at