Files · 28e18d0188b9e3ab82ebd09d9b1d1c7f8d1822aa · Jason Kridner / Linux

An error occurred while fetching folder content.

kvm/emulate: Fix SETcc emulation function offsets with SLS

Borislav Petkov authored 3 years ago

The commit in Fixes started adding INT3 after RETs as a mitigation
against straight-line speculation.

The fastop SETcc implementation in kvm's insn emulator uses macro magic
to generate all possible SETcc functions and to jump to them when
emulating the respective instruction.

However, it hardcodes the size and alignment of those functions to 4: a
three-byte SETcc insn and a single-byte RET. BUT, with SLS, there's an
INT3 that gets slapped after the RET, which brings the whole scheme out
of alignment:

  15:   0f 90 c0                seto   %al
  18:   c3                      ret
  19:   cc                      int3
  1a:   0f 1f 00                nopl   (%rax)
  1d:   0f 91 c0                setno  %al
  20:   c3                      ret
  21:   cc                      int3
  22:   0f 1f 00                nopl   (%rax)
  25:   0f 92 c0                setb   %al
  28:   c3                      ret
  29:   cc                      int3

and this e...

fe83f5ea

Forked from BeagleBoard.org / Linux

Source project has a limited visibility.

Name	Last commit	Last update

Admin message