Re: [kvm-unit-tests PATCH 6/8] x86/cet: Simplify IBT test

[Chao Gao <chao.gao@intel.com>]

On Fri, Jun 20, 2025 at 05:39:10PM +0200, Mathias Krause wrote:
>The inline assembly of cet_ibt_func() does unnecessary things and
>doesn't mention the clobbered registers.
>
>Fix that by reducing the code to what's needed (an indirect jump to a
>target lacking the ENDBR instruction) and passing and output register
>variable for it.
>
>Signed-off-by: Mathias Krause <minipli@grsecurity.net>
>---
> x86/cet.c | 11 +++++------
> 1 file changed, 5 insertions(+), 6 deletions(-)
>
>diff --git a/x86/cet.c b/x86/cet.c
>index fbfcf7d1ab23..b41443c1e67d 100644
>--- a/x86/cet.c
>+++ b/x86/cet.c
>@@ -36,18 +36,17 @@ static uint64_t cet_shstk_func(void)
> 
> static uint64_t cet_ibt_func(void)
> {
>+	unsigned long tmp;
> 	/*
> 	 * In below assembly code, the first instruction at label 2 is not
> 	 * endbr64, it'll trigger #CP with error code 0x3, and the execution
> 	 * is terminated when HW detects the violation.
> 	 */
> 	printf("No endbr64 instruction at jmp target, this triggers #CP...\n");
>-	asm volatile ("movq $2, %rcx\n"
>-		      "dec %rcx\n"
>-		      "leaq 2f(%rip), %rax\n"
>-		      "jmp *%rax \n"
>-		      "2:\n"
>-		      "dec %rcx\n");
>+	asm volatile ("leaq 2f(%%rip), %0\n\t"
>+		      "jmpq *%0\n\t"
>+		      "2:"
>+		      : "=r"(tmp));

@tmp isn't needed. We can still use "rax" and list it as clobbered. 

> 	return 0;
> }
> 
>-- 
>2.47.2
>