On Wed, Sep 16, 2020 at 11:48:42PM +0100, Andrew Cooper wrote:
Every day is a school day.
Tell me about it...
This is very definitely one to be filed in obscure x86 corner cases.
The code snippet above is actually wrong for the kernel, as it uses one slot of the red-zone. Recompiling with -mno-red-zone makes something which looks safe stack-wise, give or take this behaviour.
Right, we recently disabled red zone in the early decompression stage, for SEV-ES:
https://git.kernel.org/tip/6ba0efa46047936afa81460489cfd24bc95dd863
I probably should go audit that for similar funnies:
$ objdump -d arch/x86/boot/compressed/vmlinux | grep -E "pop.*(%[er]?sp" $
Nope, nothing. Because building your snippet with:
$ gcc -Wall -O2 -mno-red-zone -o flags{,.c}
still does use that one slot:
0000000000001050 <main>: 1050: 48 83 ec 18 sub $0x18,%rsp 1054: 48 8d 3d a9 0f 00 00 lea 0xfa9(%rip),%rdi # 2004 <_IO_stdin_used+0x4> 105b: 31 c0 xor %eax,%eax 105d: 9c pushfq 105e: 8f 44 24 08 popq 0x8(%rsp) 1062: 48 8b 74 24 08 mov 0x8(%rsp),%rsi
Wonder if that flag -mno-red-zone even does anything...