RE: [patch 00/38] x86/retbleed: Call depth tracking mitigation

From: David Laight
Date: Thu Jul 21 2022 - 04:22:03 EST

Next message: Sadiya Kazi: "[PATCH v2] Documentation: kunit: Add CLI args for kunit_tool"
Previous message: Helge Deller: "Re: [PATCH] dma-mapping:do not initialise statics to 0."
In reply to: Peter Zijlstra: "Re: [patch 00/38] x86/retbleed: Call depth tracking mitigation"
Next in thread: David Laight: "RE: [patch 00/38] x86/retbleed: Call depth tracking mitigation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Peter Zijlstra
> Sent: 20 July 2022 22:13
...
> The prettiest option to obscure the immediate at the callsite I could
> conjure up is something like:
>
> kcfi_caller_linus:
> movl $0x12345600, %r10d
> movb $0x78, %r10b
> cmpl %r10d, -OFFSET(%r11)
> je 1f
> ud2
> 1: call __x86_thunk_indirect_r11
>
> Which comes to around 22 bytes (+5 over the original).

You'd be better doing:
movl $0x12345678-0xaa, %r10d
addl $0xaa, %r10d
so that the immediate is obscured even if the low bits are zero.

David

-
Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
Registration No: 1397386 (Wales)

Next message: Sadiya Kazi: "[PATCH v2] Documentation: kunit: Add CLI args for kunit_tool"
Previous message: Helge Deller: "Re: [PATCH] dma-mapping:do not initialise statics to 0."
In reply to: Peter Zijlstra: "Re: [patch 00/38] x86/retbleed: Call depth tracking mitigation"
Next in thread: David Laight: "RE: [patch 00/38] x86/retbleed: Call depth tracking mitigation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]