[PATCH 1/2] i386: Generate lfence with load/indirect branch/ret [CVE-2020-0551]

H.J. Lu hjl.tools@gmail.com
Fri Apr 24 13:00:04 GMT 2020

Previous message (by thread): [PATCH 1/2] i386: Generate lfence with load/indirect branch/ret [CVE-2020-0551]
Next message (by thread): [PATCH 1/2] i386: Generate lfence with load/indirect branch/ret [CVE-2020-0551]
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Apr 24, 2020 at 12:24 AM Hongtao Liu <crazylht@gmail.com> wrote:
>
> On Fri, Apr 24, 2020 at 2:01 PM Jan Beulich <jbeulich@suse.com> wrote:
> >
> > On 24.04.2020 07:30, Hongtao Liu wrote:
> > > Change to
> > >
> > > +      /* lret or iret.  */
> > > +      bfd_boolean lret = (i.tm.base_opcode | 0x5) == 0xcf;
> > > +      bfd_boolean has_rexw = i.prefix[REX_PREFIX] & REX_W;
> > > +      char prefix = 0x0;
> > > +      /* Default operand size for far return is 32 bits,
> > > +         64 bits for near return.  */
> > > +      /* Near ret ingore operand size override under CPU64.  */
> > > +      if ((!lret && flag_code == CODE_64BIT) || has_rexw)
> > > +        prefix = 0x48;
> > >        else
> > > +        prefix = i.prefix[DATA_PREFIX] ? 0x66 : 0x0;
> >
> > One minor remark on this one - I'd suggest to either omit the
> > initializer for prefix, or make the last two lines
> >
> >       else if (i.prefix[DATA_PREFIX])
> >         prefix = 0x66;
> >
> > as there's no point assigning 0 twice.
> >
>
> I'll do this change.
>
> > > Update total patch:
> >
> > Looks okay to me now, thanks.
> >
> > Jan
>
> Thanks for you review and patience, I'll wait for H.J's approval and
> submit my patch.
>

Please post your final patch.

Thanks.

-- 
H.J.

Previous message (by thread): [PATCH 1/2] i386: Generate lfence with load/indirect branch/ret [CVE-2020-0551]
Next message (by thread): [PATCH 1/2] i386: Generate lfence with load/indirect branch/ret [CVE-2020-0551]
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Binutils mailing list