Re: [PATCH v3 11/16] x86/alternative: Handle Jcc __x86_indirect_thunk_\reg
From: Borislav Petkov
Date: Thu Oct 28 2021 - 05:29:50 EST
On Tue, Oct 26, 2021 at 02:01:43PM +0200, Peter Zijlstra wrote:
> + op = insn->opcode.bytes[0];
> +
> + /*
> + * Convert:
> + *
> + * Jcc.d32 __x86_indirect_thunk_\reg
> + *
> + * into:
> + *
> + * Jncc.d8 1f
> + * JMP *%\reg
> + * NOP
> + * 1:
> + */
Let's explain the second part of the test better:
/* Jcc opcodes are in the range 0x80-0x8f */
Yeah, you have that range check below but still.
> + if (op == 0x0f && (insn->opcode.bytes[1] & 0xf0) == 0x80) {
> + cc = insn->opcode.bytes[1] & 0xf;
> + cc ^= 1; /* invert condition */
> +
> + bytes[i++] = 0x70 + cc; /* Jcc.d8 */
> + bytes[i++] = insn->length - 2;
maybe put at the end here: /* 2 == sizeof(Jcc.d8) */
to have it explicit what that 2 means.
But yeah, looks good.
Thx.
> +
> + op = JMP32_INSN_OPCODE;
> + }
> +
> + ret = emit_indirect(op, reg, bytes + i);
> + if (ret < 0)
> + return ret;
> + i += ret;
>
> for (; i < insn->length;)
> bytes[i++] = BYTES_NOP1;
> @@ -443,6 +469,10 @@ void __init_or_module noinline apply_ret
> case JMP32_INSN_OPCODE:
> break;
>
> + case 0x0f: /* escape */
> + if (op2 >= 0x80 && op2 <= 0x8f)
> + break;
> + fallthrough;
> default:
> WARN_ON_ONCE(1);
> continue;
>
>
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette