Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1753903AbbBNA27 (ORCPT <rfc822;w@1wt.eu>);
	Fri, 13 Feb 2015 19:28:59 -0500
Received: from mail.skyhub.de ([78.46.96.112]:37165 "EHLO mail.skyhub.de"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1752924AbbBNA26 (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
	Fri, 13 Feb 2015 19:28:58 -0500
Date: Sat, 14 Feb 2015 01:28:14 +0100
From: Borislav Petkov <bp@alien8.de>
To: Denys Vlasenko <vda.linux@googlemail.com>
Cc: Denys Vlasenko <dvlasenk@redhat.com>,
        Masami Hiramatsu <masami.hiramatsu.pt@hitachi.com>,
        Ingo Molnar <mingo@kernel.org>, Oleg Nesterov <oleg@redhat.com>,
        Linux Kernel Mailing List <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH] x86: x86-opcode-map.txt: explain CALLW discrepancy
 between Intel and AMD
Message-ID: <20150214002814.GL3712@pd.tnic>
References: <1423768017-31766-1-git-send-email-dvlasenk@redhat.com>
 <20150213120121.GC3712@pd.tnic>
 <CAK1hOcO2um10FD4zS6P1WsmoONMgnMc2q3Egz9-JfMt6tcbong@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <CAK1hOcO2um10FD4zS6P1WsmoONMgnMc2q3Egz9-JfMt6tcbong@mail.gmail.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 2483
Lines: 92

On Fri, Feb 13, 2015 at 02:25:20PM +0100, Denys Vlasenko wrote:
> > Well, according to the SDM, Intel truncates too, see the LOOP/LOOPcc
> > Operation section:
> >
> >         ...
> >         IF BranchCond = 1
> >         THEN
> >         IF OperandSize = 32
> >         THEN EIP ← EIP + SignExtend(DEST);
> >         ELSE IF OperandSize = 64
> >         THEN RIP ← RIP + SignExtend(DEST);
> >         FI;
> >         ELSE IF OperandSize = 16
> >         THEN EIP ← EIP AND 0000FFFFH;           <---
> >
> > and text talks about 0x67 but that's address size and it is used to size
> > the rCX register.
> >
> > So something must be setting the OperandSize and text doesn't mention
> > anywhere about 0x66 being ignored.
> >
> > Or have you been doing some empirical experiments? :-)
> 
> Yes, I did.
> 
> 32-bit case: Intel CPU truncates EIP to 16 bits:
> 
> $ cat t.S
> _start:         .globl  _start
> 1:  .byte 0x66
>     loop 1b
> 
> $ gcc -nostartfiles -nostdlib -m32 t.S
> 
> $ objdump -dr a.out
> a.out:     file format elf32-i386
> Disassembly of section .text:
> 08048098 <_start>:
>  8048098:    66                       data16
>  8048099:    e2 fd                    loop   8048098 <_start>
> 
> $ gdb ./a.out
> (gdb) run
> Program received signal SIGSEGV, Segmentation fault.
> 0x00008098 in ?? ()
> 
> 
> Now let's try 64-bit version - compiling without -m32:
> 
> $ gcc -nostartfiles -nostdlib t.S
> $ ./a.out
> (runs without SEGV)
> 

AMD CPU always truncates:

32-bit:  a.out[13626]: segfault at 8098 ip 0000000000008098 sp 00000000ffa0ea20 error 14 in a.out[8048000+1000]

64-bit:  a.out[13706]: segfault at d6 ip 00000000000000d6 sp 00007fffec14e870 error 14 in a.out[400000+1000]


Intel CPU:

32-bit:  a.out[3478]: segfault at 8098 ip 0000000000008098 sp 00000000ff959da0 error 14 in a.out[8048000+1000]

64-bit:

Make the loop terminate:

_start:         .globl  _start
    mov $1, %rcx
1:  .byte 0x66
    loop 1b


        a.out[3523]: segfault at 0 ip 00000000004000de sp 00007ffff31674e0 error 6 in a.out[400000+1000]

segfaults because we don't have the libc glue around it, rIP is intact.

So it looks like the SDM is wrong.

-- 
Regards/Gruss,
    Boris.

ECO tip #101: Trim your mails when you reply.
--
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/