On Wed, 25 Sept 2024 at 18:39, Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx> wrote: > > On Wed, 25 Sept 2024 at 08:16, Ard Biesheuvel <ardb+git@xxxxxxxxxx> wrote: > > > > Instead of pushing an immediate absolute address, which is incompatible > > with PIE codegen or linking, use a LEA instruction to take the address > > into a register. > > I don't think you can do this - it corrupts %rdi. > > Yes, the code uses %rdi later, but that's inside the SAVE_REGS_STRING > / RESTORE_REGS_STRING area. > Oops, I missed that. > And we do have special calling conventions that aren't the regular > ones, so %rdi might actually be used elsewhere. For example, > __get_user_X and __put_user_X all have magical calling conventions: > they don't actually use %rdi, but part of the calling convention is > that the unused registers aren't modified. > > Of course, I'm not actually sure you can probe those and trigger this > issue, but it all makes me think it's broken. > > And it's entirely possible that I'm wrong for some reason, but this > just _looks_ very very wrong to me. > > I think you can do this with a "pushq mem" instead, and put the > relocation into the memory location. > I'll change this into pushq arch_rethook_trampoline@GOTPCREL(%rip) which I had originally. I was trying to avoid the load from memory, but that obviously only works if the register is not live.
