From: Borislav Petkov <bp@alien8.de>
To: Denys Vlasenko <vda.linux@googlemail.com>
Cc: Denys Vlasenko <dvlasenk@redhat.com>,
Masami Hiramatsu <masami.hiramatsu.pt@hitachi.com>,
Ingo Molnar <mingo@kernel.org>, Oleg Nesterov <oleg@redhat.com>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH] x86: x86-opcode-map.txt: explain CALLW discrepancy between Intel and AMD
Date: Sat, 14 Feb 2015 01:28:14 +0100 [thread overview]
Message-ID: <20150214002814.GL3712@pd.tnic> (raw)
In-Reply-To: <CAK1hOcO2um10FD4zS6P1WsmoONMgnMc2q3Egz9-JfMt6tcbong@mail.gmail.com>
On Fri, Feb 13, 2015 at 02:25:20PM +0100, Denys Vlasenko wrote:
> > Well, according to the SDM, Intel truncates too, see the LOOP/LOOPcc
> > Operation section:
> >
> > ...
> > IF BranchCond = 1
> > THEN
> > IF OperandSize = 32
> > THEN EIP ← EIP + SignExtend(DEST);
> > ELSE IF OperandSize = 64
> > THEN RIP ← RIP + SignExtend(DEST);
> > FI;
> > ELSE IF OperandSize = 16
> > THEN EIP ← EIP AND 0000FFFFH; <---
> >
> > and text talks about 0x67 but that's address size and it is used to size
> > the rCX register.
> >
> > So something must be setting the OperandSize and text doesn't mention
> > anywhere about 0x66 being ignored.
> >
> > Or have you been doing some empirical experiments? :-)
>
> Yes, I did.
>
> 32-bit case: Intel CPU truncates EIP to 16 bits:
>
> $ cat t.S
> _start: .globl _start
> 1: .byte 0x66
> loop 1b
>
> $ gcc -nostartfiles -nostdlib -m32 t.S
>
> $ objdump -dr a.out
> a.out: file format elf32-i386
> Disassembly of section .text:
> 08048098 <_start>:
> 8048098: 66 data16
> 8048099: e2 fd loop 8048098 <_start>
>
> $ gdb ./a.out
> (gdb) run
> Program received signal SIGSEGV, Segmentation fault.
> 0x00008098 in ?? ()
>
>
> Now let's try 64-bit version - compiling without -m32:
>
> $ gcc -nostartfiles -nostdlib t.S
> $ ./a.out
> (runs without SEGV)
>
AMD CPU always truncates:
32-bit: a.out[13626]: segfault at 8098 ip 0000000000008098 sp 00000000ffa0ea20 error 14 in a.out[8048000+1000]
64-bit: a.out[13706]: segfault at d6 ip 00000000000000d6 sp 00007fffec14e870 error 14 in a.out[400000+1000]
Intel CPU:
32-bit: a.out[3478]: segfault at 8098 ip 0000000000008098 sp 00000000ff959da0 error 14 in a.out[8048000+1000]
64-bit:
Make the loop terminate:
_start: .globl _start
mov $1, %rcx
1: .byte 0x66
loop 1b
a.out[3523]: segfault at 0 ip 00000000004000de sp 00007ffff31674e0 error 6 in a.out[400000+1000]
segfaults because we don't have the libc glue around it, rIP is intact.
So it looks like the SDM is wrong.
--
Regards/Gruss,
Boris.
ECO tip #101: Trim your mails when you reply.
--
next prev parent reply other threads:[~2015-02-14 0:28 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-02-12 19:06 [PATCH] x86: x86-opcode-map.txt: explain CALLW discrepancy between Intel and AMD Denys Vlasenko
2015-02-13 12:01 ` Borislav Petkov
2015-02-13 13:25 ` Denys Vlasenko
2015-02-14 0:28 ` Borislav Petkov [this message]
2015-02-13 12:52 ` Masami Hiramatsu
2015-02-19 0:25 ` [tip:x86/asm] x86/asm/decoder: Explain " tip-bot for Denys Vlasenko
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150214002814.GL3712@pd.tnic \
--to=bp@alien8.de \
--cc=dvlasenk@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=masami.hiramatsu.pt@hitachi.com \
--cc=mingo@kernel.org \
--cc=oleg@redhat.com \
--cc=vda.linux@googlemail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.