On 05/06/2025 6:06 pm, Teddy Astie wrote:
> Le 05/06/2025 à 12:27, Jan Beulich a écrit :
>> Move the function to its own assembly file. Having it in C just for the
>> entire body to be an asm() isn't really helpful. Then have two flavors:
>> A "basic" version using qword steps for the bulk of the operation, and an
>> ERMS version for modern hardware, to be substituted in via alternatives
>> patching.
>>
>> Alternatives patching, however, requires an extra precaution: It uses
>> memcpy() itself, and hence the function may patch itself. Luckily the
>> patched-in code only replaces the prolog of the original function. Make
>> sure this remains this way.
>>
> We can probably workaround that by using a separate memcpy for
> alternatives patching. So it wouldn't end up patching itself.
Not memcpy() you can't.
The compiler is permitted to invent calls to memset()/memcpy() out of
thin air, e.g. struct big_foo = {}; as a local on the stack.
This is the same reason why it's impossible to do speculation safety in
C; you cannot guarantee to get protections ahead of the first RET.
~Andrew
