On Wed, Jul 1, 2026 at 1:31 AM Peter Zijlstra <[email protected]> wrote:
>
> On Wed, Jul 01, 2026 at 12:58:12AM -0700, H. Peter Anvin wrote:
> > On July 1, 2026 12:48:34 AM PDT, Peter Zijlstra <[email protected]> 
> > wrote:
> > >On Wed, Jul 01, 2026 at 09:27:47AM +0200, Peter Zijlstra wrote:
> > >> On Mon, Jun 29, 2026 at 03:29:50PM -0700, Dave Hansen wrote:
> > >>
> > >> > But, really, if ENTER is so evil and nobody uses it, shouldn't we just
> > >> > have an MSR bit somewhere to tell the CPU to #UD for it rather than
> > >> > playing these stack games?
> > >>
> > >> For supervisor mode only, I suppose. We can't ever get rid of userspace
> > >> ENTER because legacy I suppose. But we can make sure the kernel is
> > >> clean.
> > >>
> > >> So yeah, having a knob to make supervisor-ENTER trap would be useful I
> > >> suppose.
> > >
> > >x86_64-defconfig builds clean with the below :-)
> > >
> > >
> > >diff --git a/tools/objtool/arch/x86/decode.c 
> > >b/tools/objtool/arch/x86/decode.c
> > >index 1b387d5a195b..9e53db863203 100644
> > >--- a/tools/objtool/arch/x86/decode.c
> > >+++ b/tools/objtool/arch/x86/decode.c
> > >@@ -642,6 +642,10 @@ int arch_decode_instruction(struct objtool_file 
> > >*file, const struct section *sec
> > >
> > >             break;
> > >
> > >+    case 0xc8:
> > >+            WARN("ENTER instruction at %s:%lx", sec->name, offset);
> > >+            break;
> > >+
> > >     case 0xc9:
> > >             /*
> > >              * leave
> >
> > The problem is that it being a single byte long it can appear in the middle 
> > of another instruction.
>
> I understand; this was in response to Dave's suggestion to make
> (supervisor) ENTER #UD, in which case we'd have to ensure no legit
> ENTERs exist.

Peter's explanation is correct: this technique makes CFH->ACE easier.

I think both ways can mitigate it, but I would like to hear your
(maintainers') idea of which one we should proceed:

1. supervisor-ENTER-#UD + Peter's objtool check. Cleanest for ENTER,
but it needs a new bit from Intel/AMD, so future CPUs only.
2. Kill the landing zone with a 0x11-page guard area.

Thanks,
Xiang

Reply via email to