> Date: Tue, 25 Jul 2023 16:51:18 +0200
> From: Christian Weisgerber <naddy@mips.inka.de>
>
> Christian Weisgerber:
>
> > Because amd64 should suffer from the same problem:
> >
> > fr->cpu_opts.the_dct36 = dct36_avx;
> > ...
> > fr->cpu_opts.the_dct36 = dct36_x86_64;
> >
> > dct36_avx and dct36_x86_64 are assembly routines that lack the
> > endbr64 landing pad. And yet, on my IBT-enabled amd64 laptop,
> > mpg123 plays just fine with both the avx and x86_64 decoders.
>
> I have examined the generated assembly on the calling side. There
> is no "jmp *%r11" or such. Instead, calling the function pointer
> goes through __llvm_retpoline_r11:
>
> 0000000000000000 <__llvm_retpoline_r11>:
> 0: e8 0b 00 00 00 callq 10 <__llvm_retpoline_r11+0x10>
> 5: f3 90 pause
> 7: 0f ae e8 lfence %eax
> a: e9 f6 ff ff ff jmpq 5 <__llvm_retpoline_r11+0x5>
> f: cc int3
> 10: 4c 89 1c 24 mov %r11,(%rsp)
> 14: c3 retq
> 15: 0f ae e8 lfence %eax
Thanks! That means that retpolines explain why you're not seeing any
crashes.
No comments:
Post a Comment