2

I'm running my code on a server with "Intel Xeon Processor (Skylake, IBRS)". I listed the cpu flags at the bottom. I got a core dump, ran it in gdb and saw the illegal instruction was __builtin_ia32_wrfsbase64 (I call the intrinsic _writefsbase_u64). __builtin_ia32_rdfsbase64 also causes the illegal instruction. It supports the fsgsbase flag so I don't know why I'm getting a problem

flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 syscall nx pdpe1gb rdtscp lm constant_tsc rep_good nopl xtopology cpuid tsc_known_freq pni pclmulqdq ssse3 fma cx16 pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand hypervisor lahf_lm abm cpuid_fault invpcid_single pti ssbd ibrs ibpb fsgsbase bmi1 hle avx2 smep bmi2 erms invpcid rtm avx512f avx512dq clwb avx512cd avx512bw avx512vl xsaveopt arat pku ospke

Cal
  • 121
  • 8
  • The instructions have to be enabled by the kernel before being available to user space, and it may be that your kernel is not set up to do that. See https://www.kernel.org/doc/html/latest/x86/x86_64/fsgs.html under "FSGSBASE instructions enablement". What kernel version are you using, and how was it configured? – Nate Eldredge Jun 26 '22 at 16:50
  • @NateEldredge Debian 10 (Buster). `uname -a` shows 4.19.0-16-amd64 ... x86_64 GNU/Linux. After a quick google I don't see a simple way to enable it. Do I need to enable it via a config that debian understands or do I need to do something with a boot param or upgrade the kernel? – Cal Jun 26 '22 at 17:05
  • 1
    It looks like this was enabled in kernel version 5.9 [changelog](https://kernelnewbies.org/Linux_5.9#Faster_context_switch_with_supports_FSGSBASE_x86_instructions) so yes, you need to upgrade. – Nate Eldredge Jun 26 '22 at 17:15
  • @NateEldredge I'm sufficiently afraid one of my packages will break if I upgrade the OS. I guess I won't try running this code until next month when a newer server is setup – Cal Jun 26 '22 at 17:23
  • @Cal The Linux kernel in particular is basically always safe to upgrade without worrying about breaking anything, with the only exception being if you're using out-of-tree kernel modules. – Joseph Sible-Reinstate Monica Jun 26 '22 at 23:44

1 Answers1

3

The FSGSBASE instructions require support from the operating system as well as the hardware. The OS has to be aware that the base registers could be changed by user code without informing the OS; older OSes might have assumed that the registers could only be changed when the user made an explicit system call. There is a bit in CR4 that determines whether unprivileged code is allowed to execute these instructions, and by default, it is unset. The idea is that only an OS that contains the appropriate support will enable this bit. See Intel's guidelines for more details.

In Linux, this support was added in kernel version 5.9 (changelog). Per your comment, you are using an older kernel, so you cannot use these instructions, and must fall back to using the arch_prctl system call to request an update to the FS or GS base registers. Or else upgrade your kernel / OS.

There is a bit in the ELF AUX vector that your program can test at runtime to determine whether the FSGSBASE instructions are usable. See https://www.kernel.org/doc/html/latest/x86/x86_64/fsgs.html under "FSGSBASE instructions enablement".

Nate Eldredge
  • 48,811
  • 6
  • 54
  • 82