From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <jbeulich@suse.com>
Received: from mx2.suse.de (mx2.suse.de [195.135.220.15])
 by sourceware.org (Postfix) with ESMTPS id 4B49F385AC19
 for <binutils@sourceware.org>; Fri, 24 Apr 2020 06:01:02 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org 4B49F385AC19
Authentication-Results: sourceware.org;
 dmarc=none (p=none dis=none) header.from=suse.com
Authentication-Results: sourceware.org;
 spf=pass smtp.mailfrom=jbeulich@suse.com
X-Virus-Scanned: by amavisd-new at test-mx.suse.de
Received: from relay2.suse.de (unknown [195.135.220.254])
 by mx2.suse.de (Postfix) with ESMTP id 474AFAEA8;
 Fri, 24 Apr 2020 06:01:00 +0000 (UTC)
Subject: Re: [PATCH 1/2] i386: Generate lfence with load/indirect branch/ret
 [CVE-2020-0551]
To: Hongtao Liu <crazylht@gmail.com>
Cc: "H.J. Lu" <hjl.tools@gmail.com>, Binutils <binutils@sourceware.org>,
 "Lu, Hongjiu" <hongjiu.lu@intel.com>
References: <20200310160528.303613-1-hjl.tools@gmail.com>
 <70acc1ec-ce95-9df7-cdce-1d6c2305b1b4@suse.com>
 <CAMZc-bwKhwx-J0j8vgeW6nw2XVzePRN3NASWKRON1z09GYYcZA@mail.gmail.com>
 <f7e4b053-2c94-bd23-b2eb-c71e92e0328e@suse.com>
 <CAMZc-bwwttS=zBV3s0es7Qx+nTPZ5=XOkXTaN+mKNn34qZfsrg@mail.gmail.com>
 <7a1737f4-2371-e1c2-e1ce-1c35a76292a2@suse.com>
 <CAMZc-bzrA1rdw0B2YQewmPJRsP2uAy_0-CnY3cSG++gH5r2Pzw@mail.gmail.com>
 <e2bc266a-8327-026c-71c6-d6016f53a93a@suse.com>
 <CAMZc-bz-DG1_ww-oOxzroqgbq3qEStcaaEaTFRNqS9bLprG3Cg@mail.gmail.com>
 <3c0f0998-23f8-12ad-f095-27d4f7173b16@suse.com>
 <CAMZc-byVoTCrR1AOPW6tu-saxF8mgWGCk8j2GA6sk9FX-j9Vdw@mail.gmail.com>
 <70ee5f7f-a0a8-747a-a674-81424d8fc443@suse.com>
 <CAMZc-bxgUAT5f_PmHXhz16B7S0EZf=W278RXt5Rn9xL=b4GurA@mail.gmail.com>
 <878893bb-3eca-7f7c-5662-ee8d753a3f39@suse.com>
 <CAMZc-bwGvfKXc4EQFq1XC6K61sCiEV9LoxipckzDR_UdY1=hPA@mail.gmail.com>
 <CAMZc-bwjObTBQ98z6Qwzch7iO7xUPBsEqMMi04Yj7_p9CTQdFw@mail.gmail.com>
From: Jan Beulich <jbeulich@suse.com>
Message-ID: <f2e4911b-55a7-38b4-da6c-d222b3c40416@suse.com>
Date: Fri, 24 Apr 2020 08:00:52 +0200
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101
 Thunderbird/68.7.0
MIME-Version: 1.0
In-Reply-To: <CAMZc-bwjObTBQ98z6Qwzch7iO7xUPBsEqMMi04Yj7_p9CTQdFw@mail.gmail.com>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-Spam-Status: No, score=-10.6 required=5.0 tests=BAYES_00, KAM_DMARC_STATUS,
 RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, SPF_HELO_NONE, SPF_PASS,
 TXREP autolearn=ham autolearn_force=no version=3.4.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on
 server2.sourceware.org
X-BeenThere: binutils@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Binutils mailing list <binutils.sourceware.org>
List-Unsubscribe: <http://sourceware.org/mailman/options/binutils>,
 <mailto:binutils-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/binutils/>
List-Post: <mailto:binutils@sourceware.org>
List-Help: <mailto:binutils-request@sourceware.org?subject=help>
List-Subscribe: <http://sourceware.org/mailman/listinfo/binutils>,
 <mailto:binutils-request@sourceware.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Apr 2020 06:01:05 -0000

On 24.04.2020 07:30, Hongtao Liu wrote:
> Change to
> 
> +      /* lret or iret.  */
> +      bfd_boolean lret = (i.tm.base_opcode | 0x5) == 0xcf;
> +      bfd_boolean has_rexw = i.prefix[REX_PREFIX] & REX_W;
> +      char prefix = 0x0;
> +      /* Default operand size for far return is 32 bits,
> +         64 bits for near return.  */
> +      /* Near ret ingore operand size override under CPU64.  */
> +      if ((!lret && flag_code == CODE_64BIT) || has_rexw)
> +        prefix = 0x48;
>        else
> +        prefix = i.prefix[DATA_PREFIX] ? 0x66 : 0x0;

One minor remark on this one - I'd suggest to either omit the
initializer for prefix, or make the last two lines

      else if (i.prefix[DATA_PREFIX])
        prefix = 0x66;

as there's no point assigning 0 twice.

> Update total patch:

Looks okay to me now, thanks.

Jan