What is the linux inline extended asm representation of jmp [rip+foo]?

Question

As a follow up to: jmp absolute far 64 bit address.

I need to write the equivalent of the following in linux extended assembly as mentioned here . Where foo is a 64 bit absolute address.

jmp [rip+foo]

Or I need gcc/g++ to compile the following assembly: ff 25 00 00 00 00 xx xx xx xx xx xx xx xx

Where xx xx xx xx xx xx xx xx is the 64 bit absolute address from an extended assembly line.

I can write the assembly in a separate .s file and then link with my c files but prefer to keep it contained in my c file.

The compiler complained on all the following:

__asm__("jmp $1000000000000000(%rip)");

__asm__("jmp *$1000000000000000(%rip)");

unsigned long absAddr
__asm__("jmp %0(%rip)":: "r"(absAddr));

__asm__("jmp *%0(%rip)":: "r"(absAddr));

I believe the '*' is for indirect access, which probably isn't needed here but trying to see what would compile.

---

Concerning the feedback: asm("jmp *%0":: "r"(absAddr)); This was the output:

00000000000000f1 <_Z11asmFarJmp64m>:
  f1:   f3 0f 1e fa             endbr64
  f5:   55                      push   %rbp
  f6:   48 89 e5                mov    %rsp,%rbp
  f9:   48 89 7d f8             mov    %rdi,-0x8(%rbp)
  fd:   48 8b 45 f8             mov    -0x8(%rbp),%rax
 101:   ff e0                   jmp    *%rax
 103:   90                      nop
 104:   5d                      pop    %rbp
 105:   c3                      ret

Unfortunately, I cannot clobber any registers before the actual jump including rax. This is a one-direction jump, and need it to be done as an intermediate like : "ff 25 00 00 00 00 xx xx xx xx xx xx xx xx" I understand this is a very particular use case.

How do I apply the .quad in inline asm? I see it use as a qualifier for data region initialized memory. I tried asserting it as "jmp .quad ..." but the compiler complained.

Thanks

---

concerning "ff 25 00 00 00 00 xx xx xx xx xx xx xx xx"

I wrote an asm file to test and compiled with nasm, where the test target address is 0x12345678aabbccdd

SECTION .text
    ;;jmp 0x12345678aabbccdd
    db 0xff, 0x25, 0x00, 0x00, 0x00, 0x00, 0x12, 0x34, 0x56, 0x78, 0xaa, 0xbb, 0xcc, 0xdd

The objdump is:

jmp64.o:     file format elf64-x86-64


Disassembly of section .text:

0000000000000000 <.text>:
   0:   ff 25 00 00 00 00       jmp    *0x0(%rip)        # 0x6
   6:   12 34 56                adc    (%rsi,%rdx,2),%dh
   9:   78 aa                   js     0xffffffffffffffb5
   b:   bb                      .byte 0xbb
   c:   cc                      int3
   d:   dd                      .byte 0xdd

Objdmp did not read this as an 64 bit absolute jmp? Maybe objdmp isn't updated to properly decode this?

As Jester mentioned, it is properyly decoded. I realized later that:

"ff 25 00 00 00 00" is simply jmp quad ptr [rip+0000], meaning the offset of 0000 is right after the instruction size of this rawinst. So the quad word immediately after this rawinst is the jump address to use.

Thanks

Answer 1

You can use:

__asm__ __volatile__(
    "jmp *1f(%%rip)\n\t"
    "1: .quad %p0"
    :: "i" (0x12345678abcdef00ULL));
__builtin_unreachable();

Note your address needs to be a compile time constant for this.