From nobody Sun May 19 03:54:33 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=reject dis=none) header.from=citrix.com ARC-Seal: i=1; a=rsa-sha256; t=1658177469; cv=none; d=zohomail.com; s=zohoarc; b=GRYF7VXQ/heSI7Rw9KXc42Hvp9Tfkaa8roI5LhyiNJvBU8KwheLPBqR3r3XfqPC6dohmvvNQd7EEMrY98SKqTCsJyKc8ISn2ajaGVVS3bGo6AMGHD/UeRvirwYQ0miSmOn69r3JhYTPHIP/lu8HED74NkSKKuvnr5aLfVXZr2uo= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1658177469; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=TJqUfG8nS7CF5yhWv8CmbPqQ4r5KkvCeEprp0Lo43Do=; b=kIEebCNwQDdZdIS3zmMCxflQtr9B41T09ezIiCJ1EHMv5YUuLmMlyBhELtdFuHu8XQgwp/tUx5JazFTL1ZWJyzTGfjBnJl0x/6UZT9C/+urDH9pzHo8crA/wDMEcubnlFILT9E1hvORyL0l7H4T+qyfJ7r1mj8YRA5Kp6hFZRqQ= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1658177469741941.397663203037; Mon, 18 Jul 2022 13:51:09 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.370096.601739 (Exim 4.92) (envelope-from ) id 1oDXhP-00084D-Lc; Mon, 18 Jul 2022 20:50:39 +0000 Received: by outflank-mailman (output) from mailman id 370096.601739; Mon, 18 Jul 2022 20:50:39 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oDXhP-000844-GI; Mon, 18 Jul 2022 20:50:39 +0000 Received: by outflank-mailman (input) for mailman id 370096; Mon, 18 Jul 2022 20:50:38 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oDXhN-0007oP-VX for xen-devel@lists.xenproject.org; Mon, 18 Jul 2022 20:50:38 +0000 Received: from esa2.hc3370-68.iphmx.com (esa2.hc3370-68.iphmx.com [216.71.145.153]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id 455c523b-06db-11ed-924f-1f966e50362f; Mon, 18 Jul 2022 22:50:36 +0200 (CEST) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 455c523b-06db-11ed-924f-1f966e50362f DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=citrix.com; s=securemail; t=1658177436; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=yC7Ivklf/14kVov/1I8JhhkTzzgro3S/5NGgUE9lPQE=; b=YCVVRtFC7b9TsY7uUIMEpYYkkEd+Ro1DOQfy204avQU5hpeBFMEvqbwb ntFlGDN7xZFSJx8kgteY/I5nTBRrMLNAU07ESYu9jQk/6Ebxea1AMRsBp iU1czMaa1jh54w8xRO7nwF89xsFytl+zDv/1yKwULSdWqR39uj0xL8Eej k=; Authentication-Results: esa2.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none X-SBRS: 2.7 X-MesageID: 76073064 X-Ironport-Server: esa2.hc3370-68.iphmx.com X-Remote-IP: 162.221.156.83 X-Policy: $RELAYED IronPort-Data: =?us-ascii?q?A9a23=3AZcyVSqzokyGBA+lJ/up6t4n5zX1e4sY/ZkZSj?= =?us-ascii?q?/bM1gqfGCHpmQ7xbLELH0zjCQM2EUT3yIhaqDbNUz4aq/+7Nahbx0wH00GjT?= =?us-ascii?q?fXMwrY/o/tueGjOdIleLRyLAEtySNUbZmKTaQ9Vkdo/FPeseATPf28m9G/Uo?= =?us-ascii?q?gv4NssvxUGUdKvorEtYhuhcQRweQZ4i60FD7Fnr+qG8YcAZNFVqL7sS/+nQq?= =?us-ascii?q?leRV/EDR+WuSxE6WBLQsA1l7vCADXk954Ixb+Oa1esjZb3Zpu+FmTxQFI7lB?= =?us-ascii?q?D+rOlVubESwtFzTuBHRSzP0Iy4/hIiu+vn35ZLuwv4NpFjRkbYdOgQ5PcrOO?= =?us-ascii?q?5BkOJj3bMf2PNPcvo99QMY+mvm3liVNDkKTHb1LDvCeyzk8M2GxvIk9FcnE8?= =?us-ascii?q?2o3ZcaDEsQNTadDO3DFpANwTGr1OCerAo3oi+NET2t2cxnVpjX0WQrf/geSx?= =?us-ascii?q?XzrSl5+IWShlJANxGpmozi2DBxERM+cdzrMWmXBjCu2muiQb8CPYoPV/Rhch?= =?us-ascii?q?ihxq37UjUI5O+2rStAkTMbDqQqFEJF8MhKpmXL/cFIJVOjM3wtEMtuNLDCFq?= =?us-ascii?q?jQ6ibzoxMeG2g8KjvSXAdh8HBTHA1Uj70kUA64r39+eOd2Yxshb8N6z/B0xV?= =?us-ascii?q?zV9NOXEqmJ7UFHiOYcKH8ieAySVcVRZVk+6HL5VxpUU7SHCM7rmnVEVaNVxh?= =?us-ascii?q?iW1Dcz/xtXHjm9kw9Rm7k9Mh0tcVv8xDpWPE96R4eDwknqS4GiGAxSe4wKwb?= =?us-ascii?q?CqhmRB9Zz0xqFgQjBHPcWUoYUhFAgyMaxbq+RBB7BLnnYrvD196X5nDKKhWT?= =?us-ascii?q?P55YYNKSWhNc15WzpmvbFedImnTa6Z6JIAKfpFKKXX3lnLoTuxV6VnGbKjy2?= =?us-ascii?q?JAjRZmpARg0oAGrLHmoCD2rdKv0LrXZNP0WJkXH+V/yTXe9sVweR4u4iLEil?= =?us-ascii?q?te5OWPw+hfvBPplQgZY4HWQckhjNPld1zy+0fnF+4o+l/ulFxKyt8FM8kA3A?= =?us-ascii?q?uIuD7IgMukcR9hJYxo+Dle5LrJw2Mo8PWm214RZ0H6oHWWg5co3UOEdQPxXc?= =?us-ascii?q?RYCR0ELA5bntnqGLgj++JYdUI46rrj5n0Zyu3MS181JNu5VX4uVXh+CY3z5B?= =?us-ascii?q?YwTP5ZeU71tPjgCj8+ewTvWJ/BDap95VxXOSccbLzTATi2MZ9M65GqaLaT19?= =?us-ascii?q?ojSi/jEzyQArl1EC39jaopTEgoeqBhZ8bwsVSwS0vge9tdJZRik2lRknRPrO?= =?us-ascii?q?0EkPrznEpRcnPbwdPp3BIqZGygkfFkZ0+/JPbGo1ap9cB9WwsdGrpGLwxffi?= =?us-ascii?q?1gklMMEgATLVjr6MdIqTECWWFbZpBn4sMfR1VrRs0Uj/Kh4u53Ba032kXyOb?= =?us-ascii?q?0ScIUoqZi2O/btd4yD1pPI1WtDJQvliA0VyTP8MotwINiU3zS8mJTM0Q+eby?= =?us-ascii?q?0a86RIfeSNCJKiJ8+BTBhKFlLaM2aezfBw20TTRjyXnWWJpd2LQnteEKMyWC?= =?us-ascii?q?/YEoUkzbtDNWt/z5DMV9erjRUNOU1MPN5ignxAWql0oyKf8vZIhIFvSkYXpf?= =?us-ascii?q?CC04V6XgMLNyf6YwJvXLjRu1hKcunuOsRtlbvs3fRjuaU7HNmdTIEhZ/O2Mu?= =?us-ascii?q?CHEKq09+z5hC2iwOo4o8Qw8zV9521l4807XgyDdiysB/X2cDOBnTN+btCerd?= =?us-ascii?q?htaMy8+OWu1YQfDMfDttr/ePyNyHeDD84ExYG6brRfde/LS5tbioeBXEH6Fe?= =?us-ascii?q?gm5tvmgLBvO8cdvtNnVVw6iv1ZtFMOcjJ3ew4p9wb9CT/n0D3748rZOa7GAd?= =?us-ascii?q?a72AS7/IFl+La2S7lIKC161Xlfv9Osk401GZxlFnBRwrXPKqP4NxtyQE6u6c?= =?us-ascii?q?IenwA0FHhyQP1wTg3LjgvISkn4IMinrqfi6XqY3RzHKao1XFNgnO68VS9cHB?= =?us-ascii?q?eYaM6EpDi7gRsaYAnSKbEA8HhAPNJ925BOdo0NJSiArr7cGGD8ofjFGu1D8S?= =?us-ascii?q?3tmzXnE3PhmURQ3ucUfR5PEXp9rMeSmtW/ii0Y+vRfJ+YVtyUjChR0rvBTVk?= =?us-ascii?q?n6Fmjxv1gzD0kpvYWO7+MI2lwUNmAUaqJ/WUC0L7ceovpTpCFMtLL1/CjoDD?= =?us-ascii?q?sgWfcBSH4wg8SbGabEJv8VEpuFsK8ljZAS2VGlWT+2oEL4jvUwcmlUAsLfvH?= =?us-ascii?q?xP7XclKZ/TBfNrw3MzCpQEIYAtCKW9WavWZOD/dC1nR53mj+P0dVXzz9IR1q?= =?us-ascii?q?rTp5J7cs5JFcFjviZwvPT/+wP71Jc6HPQNSVWeq+6SEsSXoLZen0mqYm5Mhw?= =?us-ascii?q?bhBI6HuWPSJvLbAbTY750PhRPG8/oWE+buMOj0CPg/A4OdE858f9T6m22vyw?= =?us-ascii?q?MELPQizn5+rHW1NcjocAidXfFT3nr+roYi6hY/c52NWaV6h0P3cGH0+TdI6i?= =?us-ascii?q?tOVn02Iba/GIh6FueSbYwZd1Pc26g+IprvHhiYAGSqAohBSKRGi2iF0PiE/I?= =?us-ascii?q?mhBW1hY3qHCWTWP/qmRVRNHduFn9ys/iDsjehWBOAwS908GAwsWRNiCXpKDP?= =?us-ascii?q?UYmabtAX00g1rpZisGBLdFT7o8IHXp+Lctb3S3jKEE6SnnDhgt77Pn1JJp4i?= =?us-ascii?q?9nyLkvMvDQHbFXjfNZNoHdRgKiiXuMVhvlpRw8jTj9Rz+87tgdRFwfybY1el?= =?us-ascii?q?vAFI/tM2hGioLRvkMLfUQssAbC3BZMQ7e4zRCuMMwAUCuKpztGyShNKFdTFR?= =?us-ascii?q?ZJZrBsA9FpGycVQnjdj4WH+UmPk9KNYD2b1vHoxa67ebzDZtvrGvGex8dfbj?= =?us-ascii?q?VbAq2JemmVn7ONB3EWazVc=3D?= X-IronPort-AV: E=Sophos;i="5.92,282,1650945600"; d="scan'208";a="76073064" From: Andrew Cooper To: Xen-devel CC: Andrew Cooper , Jan Beulich , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= , Wei Liu Subject: [PATCH 1/3] x86/spec-ctrl: Consistently halt speculation using int3 Date: Mon, 18 Jul 2022 21:50:07 +0100 Message-ID: <20220718205009.3557-2-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20220718205009.3557-1-andrew.cooper3@citrix.com> References: <20220718205009.3557-1-andrew.cooper3@citrix.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @citrix.com) X-ZM-MESSAGEID: 1658177470522100003 The RSB stuffing loop and retpoline thunks date from the very beginning, wh= en halting speculation was a brand new field. These days, we've largely settled on int3 for halting speculation in non-architectural paths. It's a single byte, and is fully serialising - a requirement for delivering #BP if it were to execute. Update the thunks. Mostly for consistency across the codebase, but it does shrink every entrypath in Xen by 6 bytes which is a marginal win. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- CC: Jan Beulich CC: Roger Pau Monn=C3=A9 CC: Wei Liu --- xen/arch/x86/include/asm/spec_ctrl_asm.h | 11 +++-------- xen/arch/x86/indirect-thunk.S | 6 ++---- 2 files changed, 5 insertions(+), 12 deletions(-) diff --git a/xen/arch/x86/include/asm/spec_ctrl_asm.h b/xen/arch/x86/includ= e/asm/spec_ctrl_asm.h index 9eb4ad9ab71d..fab27ff5532b 100644 --- a/xen/arch/x86/include/asm/spec_ctrl_asm.h +++ b/xen/arch/x86/include/asm/spec_ctrl_asm.h @@ -126,9 +126,8 @@ * change. Based on Google's performance numbers, the loop is unrolled to = 16 * iterations and two calls per iteration. * - * The call filling the RSB needs a nonzero displacement. A nop would do,= but - * we use "1: pause; lfence; jmp 1b" to safely contains any ret-based - * speculation, even if the loop is speculatively executed prematurely. + * The call filling the RSB needs a nonzero displacement, and int3 halts + * speculation. * * %rsp is preserved by using an extra GPR because a) we've got plenty spa= re, * b) the two movs are shorter to encode than `add $32*8, %rsp`, and c) ca= n be @@ -141,11 +140,7 @@ =20 .irp n, 1, 2 /* Unrolled twice. */ call .L\@_insert_rsb_entry_\n /* Create an RSB entry. */ - -.L\@_capture_speculation_\n: - pause - lfence - jmp .L\@_capture_speculation_\n /* Capture rogue speculation. */ + int3 /* Halt rogue speculation. */ =20 .L\@_insert_rsb_entry_\n: .endr diff --git a/xen/arch/x86/indirect-thunk.S b/xen/arch/x86/indirect-thunk.S index 7cc22da0ef93..de6aef606832 100644 --- a/xen/arch/x86/indirect-thunk.S +++ b/xen/arch/x86/indirect-thunk.S @@ -12,11 +12,9 @@ #include =20 .macro IND_THUNK_RETPOLINE reg:req - call 2f + call 1f + int3 1: - lfence - jmp 1b -2: mov %\reg, (%rsp) ret .endm --=20 2.11.0 From nobody Sun May 19 03:54:33 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=reject dis=none) header.from=citrix.com ARC-Seal: i=1; a=rsa-sha256; t=1658177471; cv=none; d=zohomail.com; s=zohoarc; b=Ejsil0Z8nyeLlqmylIm/B2EN6ALtNfRERh4Rf8IfFaJdZIegHEYL0+fhg62vOESbyFyb01ZwhglmZPb7YEL6uYyKOzZmAHz86gYksHGsDxtpSaIXrSeNMAm+QQS/MhBPg4jXvMk1EpI0G/omIupQKScYfJaGSyPbh4NnEghyFSE= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1658177471; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=neKqEPwEYjrq9Qh92GAKyWjyCHpGNmvxNp68p6xtuYQ=; b=WsxGCrbYSiJVB/r5GAMm8CQamvyQnLyUEjptDxe9yKaEPa607q8juJEJ8reZJqYdCvdWzVqLkrqYWvNytvnpCL/g7wSCEFRKy1iGQOXd+VLdk7PYwLLohNo0auRHNywWuVylMEg0KFn0pP9t24DTThQXKYLKilStT+DTu+ka/QI= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1658177471051449.27440519601487; Mon, 18 Jul 2022 13:51:11 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.370097.601749 (Exim 4.92) (envelope-from ) id 1oDXhV-0008PA-Sn; Mon, 18 Jul 2022 20:50:45 +0000 Received: by outflank-mailman (output) from mailman id 370097.601749; Mon, 18 Jul 2022 20:50:45 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oDXhV-0008P2-Oj; Mon, 18 Jul 2022 20:50:45 +0000 Received: by outflank-mailman (input) for mailman id 370097; Mon, 18 Jul 2022 20:50:44 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oDXhU-0007oP-H8 for xen-devel@lists.xenproject.org; Mon, 18 Jul 2022 20:50:44 +0000 Received: from esa3.hc3370-68.iphmx.com (esa3.hc3370-68.iphmx.com [216.71.145.155]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id 490959ab-06db-11ed-924f-1f966e50362f; Mon, 18 Jul 2022 22:50:42 +0200 (CEST) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 490959ab-06db-11ed-924f-1f966e50362f DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=citrix.com; s=securemail; t=1658177442; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=HN3zIYBOlpweVbFPQUz5JRML8xTBSiJhocbeZtby2H4=; b=MdZDoReswkGyu7b/BVRLEYXQapj5d0SHZJacDI+prkJKRnhO+eFjbV5R cwlqTH7XBa8SX+72zXBmB1AvrWkz3KnsT5TDl3z/nGgdsLrWLkYLDcTg0 +I/YmLxABSeHJUSk7JBladU/nd/y75NsrYKL517KsJx0tHEp3TdmuPCF0 s=; Authentication-Results: esa3.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none X-SBRS: 2.7 X-MesageID: 76077190 X-Ironport-Server: esa3.hc3370-68.iphmx.com X-Remote-IP: 162.221.156.83 X-Policy: $RELAYED IronPort-Data: A9a23:5+6pNqqUeqbvsDsOvqI8meoA/VxeBmJvZRIvgKrLsJaIsI4StFCzt garIBnQb6uLYmbxc49+PYyxpE8OsMPTz4Q2TFM+rCthFnxE95uZCYyVIHmrMnLJJKUvbq7GA +byyDXkBJppJpMJjk71atANlVEliefSAOKU5NfsYkhZXRVjRDoqlSVtkus4hp8AqdWiCkaGt MiaT/f3YTdJ4BYpdDNOg06/gEk35q6q52pI5gZWic1j5zcyqVFEVPrzGonpR5fIatE8NvK3Q e/F0Ia48gvxl/v6Ior4+lpTWhRiro/6ZWBiuFIPM0SRqkEqShgJ+rQ6LJIhhXJ/0F1lqTzTJ OJl7vRcQS9xVkHFdX90vxNwS0mSNoUekFPLzOTWXWV+ACQqflO1q8iCAn3aMqUW2P5ZImtsz 8VfJSBXdz24xPut44KSH7wEasQLdKEHPasas3BkizrYEewnUdbIRKCiCd1whWlqwJoURLCHO pRfOWEHgBfoOnWjPn8+Dp4kkfjurX74azBC83qepLYt4niVxwt0uFToGIWLIoPVHJQN9qqej n7g/UvnBBMUCNKOxSSlqFjvtsTMsiyuDer+E5Xnr6U30TV/3Fc7Fxk+RVa95/6jhSaWefhSN kgV8SoGtrUp+QqgSdyVdw21pjuIswARX/JUEvYm80edx6zM+QGbC2MYCDlbZ7QbWNQeHGJwk AXTxpWwWGIp4Ob9pW+hGqm8oxGqFwsfD1U7IiIUFxIo2Jr6u6IDp0eaJjp8K5JZnuEZCBmpn W3V/XBv1ulJ5SIY//7lpA6a2lpAsrCMF1dovVuPAwpJ+ysjPOaYi5qUBU83BBqqBKKQVRG/s XcNgKByB8heXMjWxERhrAjgdYxFBspp0xWG2DaD57F7q1yQF4eLJOi8Gg1WKkZzKdojcjT0e kLVsg45zMYNYSvzM/4vMtvhW55CIU3c+TLNDKi8gj1mO8IZSeN61Hs2OR74M57FyiDAbp3Ty b/EKJ3xXB72+IxszSasRvd17ILHMhsWnDqLLbimnkvP7FZrTCTKIVvzGAfRM7tRAWLtiFm9z uuzwOPQm0wDD7ShP3OHmWPRRHhTRUUG6VnNg5Q/Xoa+zsBOQgnN19e5LWsdRrFY IronPort-HdrOrdr: A9a23:C20Bzqyj5uIhy2543J2ZKrPwFr1zdoMgy1knxilNoRw8SK2lfq eV7YwmPH7P+U8ssR4b6LO90cW7Lk80sKQFhbX5Xo3SOjUO2lHYTr2KhLGKq1aLdkHDH6xmpM BdmsBFeabN5DNB7foSjjPXLz9Z+qjjzJyV X-IronPort-AV: E=Sophos;i="5.92,282,1650945600"; d="scan'208";a="76077190" From: Andrew Cooper To: Xen-devel CC: Andrew Cooper , Jan Beulich , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= , Wei Liu Subject: [PATCH 2/3] x86/spec-ctrl: Make svm_vmexit_spec_ctrl conditional Date: Mon, 18 Jul 2022 21:50:08 +0100 Message-ID: <20220718205009.3557-3-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20220718205009.3557-1-andrew.cooper3@citrix.com> References: <20220718205009.3557-1-andrew.cooper3@citrix.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @citrix.com) X-ZM-MESSAGEID: 1658177472125100006 The logic was written this way out of an abundance of caution, but the real= ity is that AMD parts don't currently have the RAS-flushing side effect, and nor do they intend to gain it. This removes one WRMSR from the VMExit path by default on Zen2 systems. Fixes: 614cec7d79d7 ("x86/svm: VMEntry/Exit logic for MSR_SPEC_CTRL") Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- CC: Jan Beulich CC: Roger Pau Monn=C3=A9 CC: Wei Liu Zen3 doesn't get a speedup in general, because we use the WRMSR's to clear IBRS to avoid forcing it behind a VM's back. --- xen/arch/x86/hvm/svm/entry.S | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/xen/arch/x86/hvm/svm/entry.S b/xen/arch/x86/hvm/svm/entry.S index 0ff4008060fa..a60d759f7108 100644 --- a/xen/arch/x86/hvm/svm/entry.S +++ b/xen/arch/x86/hvm/svm/entry.S @@ -113,15 +113,15 @@ __UNLIKELY_END(nsvm_hap) ALTERNATIVE "", DO_OVERWRITE_RSB, X86_FEATURE_SC_RSB_HVM =20 .macro svm_vmexit_spec_ctrl - /* - * Write to MSR_SPEC_CTRL unconditionally, for the RAS[:32] - * flushing side effect. - */ - mov $MSR_SPEC_CTRL, %ecx movzbl CPUINFO_xen_spec_ctrl(%rsp), %eax + movzbl CPUINFO_last_spec_ctrl(%rsp), %edx + cmp %edx, %eax + je 1f /* Skip write if value is correct. */ + mov $MSR_SPEC_CTRL, %ecx xor %edx, %edx wrmsr mov %al, CPUINFO_last_spec_ctrl(%rsp) +1: .endm ALTERNATIVE "", svm_vmexit_spec_ctrl, X86_FEATURE_SC_MSR_HVM /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ --=20 2.11.0 From nobody Sun May 19 03:54:33 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=reject dis=none) header.from=citrix.com ARC-Seal: i=1; a=rsa-sha256; t=1658177468; cv=none; d=zohomail.com; s=zohoarc; b=Q9tdq+dY5cJpsfLfyPDCDXwOeJfSAlGtfP2pEmwZUw61yuX/m0MY8Kqsr6o0FVKrDb/LdK5W4ECo10inviccAt+DwfnaGPJu3Wc5s3kt+SQJvW3FVGnQRzOS1ElNyPc20ySJSNDQTJYkaqSnUG1DOzoFr5jrcp32La2pGA00gUo= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1658177468; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=HY1XTF17YuMco90FeO1p0etNbg4HXKGWJkOFDAvjVoY=; b=SbHbApSY366sf2Pm0PdchhAyEfx4j4HnnS6A0DzkBlTeA0PLLzZBMQKCZ5BM6E73Hi/+iykLPveUvgEg9/yEXzmvn+GVK36W2GOnxYB/EfOc1MCxSXOVBkR05RQhabQWciQndc9PAhuwDLvseLbP0cTdvZn7n9y4UGz+JxUtNNs= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1658177468025729.0404184062942; Mon, 18 Jul 2022 13:51:08 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.370098.601760 (Exim 4.92) (envelope-from ) id 1oDXhX-0000Ee-4M; Mon, 18 Jul 2022 20:50:47 +0000 Received: by outflank-mailman (output) from mailman id 370098.601760; Mon, 18 Jul 2022 20:50:47 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oDXhX-0000ET-0g; Mon, 18 Jul 2022 20:50:47 +0000 Received: by outflank-mailman (input) for mailman id 370098; Mon, 18 Jul 2022 20:50:45 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oDXhV-0007oP-HD for xen-devel@lists.xenproject.org; Mon, 18 Jul 2022 20:50:45 +0000 Received: from esa4.hc3370-68.iphmx.com (esa4.hc3370-68.iphmx.com [216.71.155.144]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id 496ab781-06db-11ed-924f-1f966e50362f; Mon, 18 Jul 2022 22:50:43 +0200 (CEST) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 496ab781-06db-11ed-924f-1f966e50362f DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=citrix.com; s=securemail; t=1658177443; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=M3ArYUh3z2ooj9dIIOMDqfshLfZAVCD2iUM3rjr1Hik=; b=ASFmpLyZ/As0yS/bsza/FcW1zz0c10bk+AqA0/9VepjC07NIhnI5QpEc T3K62C/92lSd8YODAoFWeYJZiPS0SQTBb/G9RmD2CkVJDp3iuIe9Df8PP fsYffulA3QifdXz0eQclS4jJWvlvs4hOo+o60bLovOJtY4+C6XQp8o5jF Q=; Authentication-Results: esa4.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none X-SBRS: 2.7 X-MesageID: 78644900 X-Ironport-Server: esa4.hc3370-68.iphmx.com X-Remote-IP: 162.221.156.83 X-Policy: $RELAYED IronPort-Data: A9a23:sANHP67SCl2smpSr5kKCcgxRtE/HchMFZxGqfqrLsTDasY5as4F+v jYcWTzUaayNZWOgeIpybN7io0JXsJPcm4NlHVdlqi1jHi5G8cbLO4+Ufxz6V8+wwmwvb67FA +E2MISowBUcFyeEzvuVGuG96yM6jclkf5KkYMbcICd9WAR4fykojBNnioYRj5VhxNO0GGthg /uryyHkEALjimQc3l48sfrZ8ksw5aSq4lv0g3RlDRx1lA6G/5UqJMp3yZGZdxPQXoRSF+imc OfPpJnRErTxpkpF5nuNy94XQ2VSKlLgFVHmZkl+AsBOtiNqtC0qupvXAdJHAathZ5dlqPgqo DlFncTYpQ7EpcQgksxFO/VTO3kW0aGrZNYriJVw2CCe5xSuTpfi/xlhJGEUZIwBxbZTOmJl0 vFfA2oRYE+qoNvjldpXSsE07igiBMziPYdZsXB81zDJS/0hRPgvQY2Tu4Uehm1pwJkTQ7COP KL1ahI2BPjESzRJNk0aF9QVm+Cwi2OkWzZZtEiUtew85G27IAlZj+izbIaEIoTiqcN9wVuG/ Diep3/AWAAcLdnG6AuG/liCv7qa9c/8cN1LT+DpnhJwu3WMwkQDBRtQUkG0ydGboEOjX9NUK 2QP5zEj66M18SSDXtT7GhG1vnOAlhodQMZLVf037hmXzajZ6BrfAXILJgOtc/R/6pVwH2Zzk AbUwZW5XlSDrYF5V1q91O6VtAziHRMWBkgPIgReUQVayv7a9dRbYg30cjpzLEKkpoSrRG6hm 2Hb8HJWa6Y71pBSifjilbzTq3f1/8WSEFZojunCdjj9hj6VcrJJcGBBBbLzyf9bZLiUQVCa1 JTvs5jPtbteZX1hecHkfQnsIF1Kz6zcWNEkqQQzd6TNDhz0k5JZQahe4StlOGBiOdsedDnib Sf74F0MtMYNbSP7NP8nOepd7vjGK4C6TbwJsdiNNLJzjmVZLlfbrEmCm2bKt4wSrKTcuf5mY srKGSpdJX0bFb5m3FKLegvp6pdyn3hW7T6CGvjGI+GPi+X2iIi9FehYazNjr4kRsMu5neki2 4wPbpfVkkoCCr2Wj+u+2dd7EG3m5EMTXfjew/G7vMbaSua6MAnN08Ps/I4= IronPort-HdrOrdr: A9a23:p90dEaE+3eqWvCiZpLqE0seALOsnbusQ8zAXP0AYc31om6uj5r iTdZUgpGbJYVkqKRIdcLy7V5VoBEmskaKdgrNhW4tKPjOW2ldARbsKheCJrlHd8m/Fh4lgPM 9bAtND4bbLbWSS4/yV3ODBKadE/OW6 X-IronPort-AV: E=Sophos;i="5.92,282,1650945600"; d="scan'208";a="78644900" From: Andrew Cooper To: Xen-devel CC: Andrew Cooper , Jan Beulich , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= , Wei Liu Subject: [PATCH 3/3] x86/spec-ctrl: Shrink further entry paths due to %rdx being 0 Date: Mon, 18 Jul 2022 21:50:09 +0100 Message-ID: <20220718205009.3557-4-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20220718205009.3557-1-andrew.cooper3@citrix.com> References: <20220718205009.3557-1-andrew.cooper3@citrix.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @citrix.com) X-ZM-MESSAGEID: 1658177470417100001 This is a continuation of the observation from: e9b8d31981f1 ("x86/spec-ctrl: Rework SPEC_CTRL_ENTRY_FROM_INTR_IST") 53a570b28569 ("x86/spec-ctrl: Support IBPB-on-entry") With %rdx known to be zero and not clobbered on the early entry path, we do= n't need to re-zero it every time want to write to an MSR. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- CC: Jan Beulich CC: Roger Pau Monn=C3=A9 CC: Wei Liu --- xen/arch/x86/hvm/vmx/entry.S | 4 +--- xen/arch/x86/include/asm/spec_ctrl_asm.h | 3 +-- 2 files changed, 2 insertions(+), 5 deletions(-) diff --git a/xen/arch/x86/hvm/vmx/entry.S b/xen/arch/x86/hvm/vmx/entry.S index 5f5de45a1309..392aca42b864 100644 --- a/xen/arch/x86/hvm/vmx/entry.S +++ b/xen/arch/x86/hvm/vmx/entry.S @@ -33,13 +33,12 @@ ENTRY(vmx_asm_vmexit_handler) movb $1,VCPU_vmx_launched(%rbx) mov %rax,VCPU_hvm_guest_cr2(%rbx) =20 - /* SPEC_CTRL_ENTRY_FROM_VMX Req: b=3Dcurr %rsp=3Dregs/cpuinfo, = Clob: acd */ + /* SPEC_CTRL_ENTRY_FROM_VMX Req: %rsp=3Dregs/cpuinfo, %rdx=3D0,= Clob: acd */ ALTERNATIVE "", DO_OVERWRITE_RSB, X86_FEATURE_SC_RSB_HVM =20 .macro restore_spec_ctrl mov $MSR_SPEC_CTRL, %ecx movzbl CPUINFO_xen_spec_ctrl(%rsp), %eax - xor %edx, %edx wrmsr .endm ALTERNATIVE "", restore_spec_ctrl, X86_FEATURE_SC_MSR_HVM @@ -49,7 +48,6 @@ ENTRY(vmx_asm_vmexit_handler) .macro restore_lbr mov $IA32_DEBUGCTLMSR_LBR, %eax mov $MSR_IA32_DEBUGCTLMSR, %ecx - xor %edx, %edx wrmsr .endm ALTERNATIVE "", restore_lbr, X86_FEATURE_XEN_LBR diff --git a/xen/arch/x86/include/asm/spec_ctrl_asm.h b/xen/arch/x86/includ= e/asm/spec_ctrl_asm.h index fab27ff5532b..61eed8510ba9 100644 --- a/xen/arch/x86/include/asm/spec_ctrl_asm.h +++ b/xen/arch/x86/include/asm/spec_ctrl_asm.h @@ -176,7 +176,7 @@ .macro DO_SPEC_CTRL_ENTRY maybexen:req /* * Requires %rsp=3Dregs (also cpuinfo if !maybexen) - * Requires %r14=3Dstack_end (if maybexen) + * Requires %r14=3Dstack_end (if maybexen), %rdx=3D0 * Clobbers %rax, %rcx, %rdx * * PV guests can't update MSR_SPEC_CTRL behind Xen's back, so no need to r= ead @@ -184,7 +184,6 @@ * while entries from Xen must leave shadowing in its current state. */ mov $MSR_SPEC_CTRL, %ecx - xor %edx, %edx =20 /* * Clear SPEC_CTRL shadowing *before* loading Xen's value. If entering --=20 2.11.0