On 27. 02. 24, 9:41, Jiri Slaby wrote:
Also, RIP-relative addressing was a requirement only for the initial
versions of the series, where the VERW operand was pointing within the
macro. For performance gains, later versions switched to the
implementation in which all VERW sites were pointing to single memory
location. With that, RIP-relative addressing could be droped in favor of
fixed addresses.
Will this work at all (it looks like verw would now touch random
memory)?
AFAIK, all memory operand variants of VERW have the CPU buffer clearing
behavior. I will confirm this with the CPU architects.
I might be too dumb to understand this, so sorry if the below does not
make sense. Neither I cannot see "why it works" in the minor patch you
sent (and incorporated here). You only explain it's easier for backports
and "was needed in earlier versions".
But verw can #PF (and actually used to before Nik invented the jmp
workaround in the SUSE backport). I assume it's the case when the store
of the segment (mds_verw_sel) cannot be accessed/read. Now, with fixed
addressing this works unless KASLR is employed. If it is, the fixed
address of mds_verw_sel no longer points to the correct memory. Or what
am I missing?
The assembler generates a relocation for the fixed address anyway. And
the linker resolves it as rip-relative. At least the pair from my
binutils-2.42.
But if it generates a rip-relative address, is < 6.5 with no support of
rip-rel in alternatives still fine?
Another question: can we rely on the assembler to generate a relocation
and on the linker to resolve it as rip-relative?
thanks,
--
js
suse labs
