Home Original page

[committed, PATCH] Remove Disp16|Disp32 from 64-bit direct branches

Jan Beulich JBeulich@suse.com
Wed May 13 06:18:00 GMT 2015 
>>> On 12.05.15 at 18:08, <hjl.tools@gmail.com> wrote:
> On Tue, May 12, 2015 at 9:03 AM, Michael Matz <matz@suse.de> wrote:
>> Hi,
>>
>> On Tue, 12 May 2015, H.J. Lu wrote:
>>
>>> On Tue, May 12, 2015 at 8:47 AM, Michael Matz <matz@suse.de> wrote:
>>> > Hi,
>>> >
>>> > On Tue, 12 May 2015, H.J. Lu wrote:
>>> >
>>> >> > Actually also that one is correctly printed I think (from a hello world
>>> >> > main, where I added a jmprel16 +0):
>>> >> >
>>> >> > 000000000040055c <main>:
>>> >> >   40055c:       55                      push   %rbp
>>> >> >   40055d:       48 89 e5                mov    %rsp,%rbp
>>> >> >   400560:       48 83 ec 30             sub    $0x30,%rsp
>>> >> >   400564:       c6 45 d1 00             movb   $0x0,-0x2f(%rbp)
>>> >> >   400568:       c6 45 d0 61             movb   $0x61,-0x30(%rbp)
>>> >> >   40056c:       48 8d 45 d0             lea    -0x30(%rbp),%rax
>>> >> >   400570:       48 89 c2                mov    %rax,%rdx
>>> >> >   400573:       be 44 06 40 00          mov    $0x400644,%esi
>>> >> >   400578:       66 e9 00 00             jmpw   57c <_init-0x3ffe8c>
>>> >> >
>>> >> > 000000000040057c <next>:
>>> >> >   40057c:       bf 52 06 40 00          mov    $0x400652,%edi
>>> >> >   ...
>>> >> >
>>> >> > It shows that rip is going to be truncated.
>>> >> >
>>> >>
>>> >> This is the same issue as
>>> >>
>>> >> https://sourceware.org/bugzilla/show_bug.cgi?id=18386 
>>> >>
>>> >> On Intel processors, 0x66 prefix before direct 32-bit unconditional
>>> >> call/jmp is ignored.  Whatever we do is wrong on AMD or Intel
>>> >> processors.
>>> >
>>> > Well, in that case I'd say the correct thing to do is to _not_ do any
>>>
>>> This is NO correct thing to do.
>>
>> Well, what do you suggest?  Your change is clearly wrong as well.
> 
> I won't call it wrong since it implies there is a right.  Given that
> 
> 0x66 jmp/call rel32
> 
> works on Intel processors and crashes on AMD processors.

What _works_ on Intel processors is secondary here. Fact is that
the x86-64 design came from AMD, and hence Intel CPUs doing
things differently than AMD's is - be honest - a flaw. The more
that by analogy with 32-bit mode, an operand size prefix on
branches ought to truncate rIP. Plus (other than my own testing
says) you seem to suggest that this isn't even consistent on Intel
CPUs, as you specifically say "unconditional" above and you also
only changed those.

> I will keep my change in unlessl someone can show a real usage of
> 
> 066 jmp/call rel16
> 
> on AMD processors.

That's the wrong position, you have to show that the change is
useful - I certainly can't see why you'd need the operand size
prefix when (on Intel CPUs) it has no effect whatsoever.
Together with it not being generally usable (due to the vendor
differences), I view the change as pointless _and_ breaking
compatibility (i.e. both by themselves a reason to revert).

Jan
More information about the Binutils mailing list