From nobody Mon Feb 9 01:48:28 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=reject dis=none) header.from=citrix.com ARC-Seal: i=1; a=rsa-sha256; t=1709568674; cv=none; d=zohomail.com; s=zohoarc; b=JmXytNDD2CRwvokKGAI/Pb8zU8mcniqpwr4SrjVqeAd9vh+QHO5uonvfwsEFEv1LdSaHAjftfA4s2FYmYFKGfNZG/MFMpXj0usVOYB2gFLrGsD8ruxrpS4K2K0eoQlY2JMaMCFocPIeomyTLNiXzxRNFMbgUanaDDTQvM6+YmPA= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1709568674; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=+lXQMZ0/v8LLtfSISpT5FKIyGzrtvmnapu4SQzpeFLs=; b=VlaZ7AVdFUHYDA8IBsTdvN8D2So8ovhy1P2hTQ7/tjFtVACMa8VPGOLVHvZlwwOcoua6WklOwFqKHitN14NYPZQXfAKiD4qRn6bfpKxRjcfi5y2FAp0dZXXIFlhUDHwltxlYN7CliFJTsUfPauwrZNQK18uv+1D2TJB649Fd5Bo= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1709568674247374.77805397931206; Mon, 4 Mar 2024 08:11:14 -0800 (PST) Received: from list by lists.xenproject.org with outflank-mailman.688435.1072515 (Exim 4.92) (envelope-from ) id 1rhAtu-0007RP-IO; Mon, 04 Mar 2024 16:10:50 +0000 Received: by outflank-mailman (output) from mailman id 688435.1072515; Mon, 04 Mar 2024 16:10:50 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rhAtu-0007Qc-CA; Mon, 04 Mar 2024 16:10:50 +0000 Received: by outflank-mailman (input) for mailman id 688435; Mon, 04 Mar 2024 16:10:49 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rhAtt-0007OU-33 for xen-devel@lists.xenproject.org; Mon, 04 Mar 2024 16:10:49 +0000 Received: from mail-ej1-x635.google.com (mail-ej1-x635.google.com [2a00:1450:4864:20::635]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id c330c7b8-da41-11ee-afda-a90da7624cb6; Mon, 04 Mar 2024 17:10:47 +0100 (CET) Received: by mail-ej1-x635.google.com with SMTP id a640c23a62f3a-a4595bd5f8cso4171366b.0 for ; Mon, 04 Mar 2024 08:10:47 -0800 (PST) Received: from andrewcoop.citrite.net (default-46-102-197-194.interdsl.co.uk. [46.102.197.194]) by smtp.gmail.com with ESMTPSA id o4-20020a17090611c400b00a458d85f9d9sm202394eja.142.2024.03.04.08.10.44 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 04 Mar 2024 08:10:44 -0800 (PST) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: c330c7b8-da41-11ee-afda-a90da7624cb6 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=citrix.com; s=google; t=1709568646; x=1710173446; darn=lists.xenproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=+lXQMZ0/v8LLtfSISpT5FKIyGzrtvmnapu4SQzpeFLs=; b=VdfHIqjIdcwMnAem79kpnzCe6sCfXhRPD08KaXWVgevOzgobt41I0usL8C+tGpzU4o bXIMgBLvqWIbLvbANGQVbyXB2tRUqhg8ULCW7enKMIldTf/M1wa7V1x3xAJpQhIlMGjl +gKm2vcWA60tlyJD98F6d6TlVVIz68s2L5f0k= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1709568646; x=1710173446; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=+lXQMZ0/v8LLtfSISpT5FKIyGzrtvmnapu4SQzpeFLs=; b=OlZFeIkyXouLYXqMP3RlY0/6JJNuUGydAihseqMVuQmX6q4enO1jCxzNOOdFoqEoiO GmqmH+6A+OjoMKX5Ka1kGrgbFU5EfADLpasfSW+E33q7eOBA3UpgNl108wD0zB73Riwv W0dgS+zVZYhqXJedD/L6EaJJOCzoY8SEqTahh0+Da/az/TkHrTqfslv2s9Da5+GPJ1qO wDUDDoQArV34ivaEWXwrrNkyah6BPUHJutAenz//VOG1oZ+r4iS25KSJ5m615UTpskvb 4sNQXywFilIYazxqj6K9g4mEmbML3G202O/eqQl83+Q+JhMm+ietrAWb+ZBBDSszcM0j +TDQ== X-Gm-Message-State: AOJu0Yxzzb7gnN2kAz+s9THlpNWKv310TiRTMKzzhYUgxAuoeR9MZQqH HVFM5xUFI5HuNlq4dk1EujjKN3Hxz0J8sXz74RBLPZR7vsLSf+drG+MOreYopfvmjC7rucpxxkK X X-Google-Smtp-Source: AGHT+IEX9lC5igf0y2ySPqdY9HDEV5TczzY9LqK+73xj+/NfgET68DSyBHDRumsVDdd1JqxDSuQt2Q== X-Received: by 2002:a17:906:c310:b0:a45:6423:ad94 with SMTP id s16-20020a170906c31000b00a456423ad94mr1446167ejz.43.1709568646069; Mon, 04 Mar 2024 08:10:46 -0800 (PST) From: Andrew Cooper To: Xen-devel Cc: Andrew Cooper , Jan Beulich , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= , Wei Liu , Stefano Stabellini , Julien Grall , Volodymyr Babchuk , Bertrand Marquis , Michal Orzel , Oleksii Kurochko , Shawn Anastasio Subject: [PATCH 1/2] xen/*/nospec: Provide common versions of evaluate_nospec/block_speculation Date: Mon, 4 Mar 2024 16:10:40 +0000 Message-Id: <20240304161041.3465897-2-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20240304161041.3465897-1-andrew.cooper3@citrix.com> References: <20240304161041.3465897-1-andrew.cooper3@citrix.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @citrix.com) X-ZM-MESSAGEID: 1709568676414100001 It is daft to require all architectures to provide empty implementations of this functionality. Provide evaluate_nospec() and block_speculation() unconditionally in xen/nospec.h with architectures able to opt in by providing suitable arch variants. Rename x86's implementation to the arch_*() variants. No functional change. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- CC: Jan Beulich CC: Roger Pau Monn=C3=A9 CC: Wei Liu CC: Stefano Stabellini CC: Julien Grall CC: Volodymyr Babchuk CC: Bertrand Marquis CC: Michal Orzel CC: Oleksii Kurochko CC: Shawn Anastasio --- xen/arch/arm/include/asm/nospec.h | 9 --------- xen/arch/ppc/include/asm/nospec.h | 9 --------- xen/arch/riscv/include/asm/nospec.h | 9 --------- xen/arch/x86/include/asm/nospec.h | 8 ++++---- xen/include/xen/nospec.h | 23 +++++++++++++++++++++++ 5 files changed, 27 insertions(+), 31 deletions(-) diff --git a/xen/arch/arm/include/asm/nospec.h b/xen/arch/arm/include/asm/n= ospec.h index efac51fc03be..05df096faab0 100644 --- a/xen/arch/arm/include/asm/nospec.h +++ b/xen/arch/arm/include/asm/nospec.h @@ -12,15 +12,6 @@ # error "unknown ARM variant" #endif =20 -static inline bool evaluate_nospec(bool condition) -{ - return condition; -} - -static inline void block_speculation(void) -{ -} - #endif /* _ASM_ARM_NOSPEC_H */ =20 /* diff --git a/xen/arch/ppc/include/asm/nospec.h b/xen/arch/ppc/include/asm/n= ospec.h index b97322e48d32..9b57a7e4b24d 100644 --- a/xen/arch/ppc/include/asm/nospec.h +++ b/xen/arch/ppc/include/asm/nospec.h @@ -3,13 +3,4 @@ #ifndef __ASM_PPC_NOSPEC_H__ #define __ASM_PPC_NOSPEC_H__ =20 -static inline bool evaluate_nospec(bool condition) -{ - return condition; -} - -static inline void block_speculation(void) -{ -} - #endif /* __ASM_PPC_NOSPEC_H__ */ diff --git a/xen/arch/riscv/include/asm/nospec.h b/xen/arch/riscv/include/a= sm/nospec.h index e30f0a781b68..b227fc61ed8b 100644 --- a/xen/arch/riscv/include/asm/nospec.h +++ b/xen/arch/riscv/include/asm/nospec.h @@ -4,15 +4,6 @@ #ifndef _ASM_RISCV_NOSPEC_H #define _ASM_RISCV_NOSPEC_H =20 -static inline bool evaluate_nospec(bool condition) -{ - return condition; -} - -static inline void block_speculation(void) -{ -} - #endif /* _ASM_RISCV_NOSPEC_H */ =20 /* diff --git a/xen/arch/x86/include/asm/nospec.h b/xen/arch/x86/include/asm/n= ospec.h index 07606834c4c9..defc97707f03 100644 --- a/xen/arch/x86/include/asm/nospec.h +++ b/xen/arch/x86/include/asm/nospec.h @@ -23,20 +23,20 @@ static always_inline bool barrier_nospec_false(void) return false; } =20 -/* Allow to protect evaluation of conditionals with respect to speculation= */ -static always_inline bool evaluate_nospec(bool condition) +static always_inline bool arch_evaluate_nospec(bool condition) { if ( condition ) return barrier_nospec_true(); else return barrier_nospec_false(); } +#define arch_evaluate_nospec arch_evaluate_nospec =20 -/* Allow to block speculative execution in generic code */ -static always_inline void block_speculation(void) +static always_inline void arch_block_speculation(void) { barrier_nospec_true(); } +#define arch_block_speculation arch_block_speculation =20 /** * array_index_mask_nospec() - generate a mask that is ~0UL when the diff --git a/xen/include/xen/nospec.h b/xen/include/xen/nospec.h index 4c250ebbd663..a4155af08770 100644 --- a/xen/include/xen/nospec.h +++ b/xen/include/xen/nospec.h @@ -9,6 +9,29 @@ =20 #include =20 +/* + * Protect a conditional branch from bad speculation. Architectures *must* + * provide arch_evaluate_nospec() for this to be effective. + */ +static always_inline bool evaluate_nospec(bool cond) +{ +#ifndef arch_evaluate_nospec +#define arch_evaluate_nospec(cond) cond +#endif + return arch_evaluate_nospec(cond); +} + +/* + * Halt speculation unconditonally. Architectures *must* provide + * arch_block_speculation() for this to be effective. + */ +static always_inline void block_speculation(void) +{ +#ifdef arch_block_speculation + arch_block_speculation(); +#endif +} + /** * array_index_mask_nospec() - generate a ~0 mask when index < size, 0 oth= erwise * @index: array element index --=20 2.30.2 From nobody Mon Feb 9 01:48:28 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=reject dis=none) header.from=citrix.com ARC-Seal: i=1; a=rsa-sha256; t=1709568667; cv=none; d=zohomail.com; s=zohoarc; b=g+z5EIbyUm8OmjIvaUE1BDpSbPP0PXviE8pB5jGtvoymxyh770Pi6do3mNy7olhspnZOdmY1cwiIJNwDXiZS0cuimdZHgZ7K3mzDjSBACQr/AL+9vb+mfIoJ9dV7iM7KeelWxsIR21QApjbL77btP8LcrN4+ezoI5WR1X3/l20c= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1709568667; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=TH1o9ervsPKAzEGLoFJ5wQZrXDTVu2urG7J9ug8iYgw=; b=AaH0zvP5mas4YKS0xmwiAFZsdUIO5zHOLjk78Tn1tJR7XIIL4RX1tZ/3OHW/fKaMwp31oGEpoDc4MwWtMH4FJVo+r9NFvbWq3hYT+xGusa/gzJFzb0XGc08qmWyd1d/Dy6zibrSPIWU3CBTSw2RmdAXo0djjjTHH4tFKxsOlMDw= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1709568667886653.8268422147567; Mon, 4 Mar 2024 08:11:07 -0800 (PST) Received: from list by lists.xenproject.org with outflank-mailman.688436.1072528 (Exim 4.92) (envelope-from ) id 1rhAtx-0007s2-MF; Mon, 04 Mar 2024 16:10:53 +0000 Received: by outflank-mailman (output) from mailman id 688436.1072528; Mon, 04 Mar 2024 16:10:53 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rhAtx-0007rt-JP; Mon, 04 Mar 2024 16:10:53 +0000 Received: by outflank-mailman (input) for mailman id 688436; Mon, 04 Mar 2024 16:10:52 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rhAtv-0007OP-Ul for xen-devel@lists.xenproject.org; Mon, 04 Mar 2024 16:10:51 +0000 Received: from mail-ej1-x630.google.com (mail-ej1-x630.google.com [2a00:1450:4864:20::630]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id c497fdde-da41-11ee-a1ee-f123f15fe8a2; Mon, 04 Mar 2024 17:10:50 +0100 (CET) Received: by mail-ej1-x630.google.com with SMTP id a640c23a62f3a-a3ed9cae56fso1062774566b.1 for ; Mon, 04 Mar 2024 08:10:50 -0800 (PST) Received: from andrewcoop.citrite.net (default-46-102-197-194.interdsl.co.uk. [46.102.197.194]) by smtp.gmail.com with ESMTPSA id o4-20020a17090611c400b00a458d85f9d9sm202394eja.142.2024.03.04.08.10.46 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 04 Mar 2024 08:10:46 -0800 (PST) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: c497fdde-da41-11ee-a1ee-f123f15fe8a2 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=citrix.com; s=google; t=1709568648; x=1710173448; darn=lists.xenproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=TH1o9ervsPKAzEGLoFJ5wQZrXDTVu2urG7J9ug8iYgw=; b=vcAZo85w+c6NmrADiHaA8pYv8mwhpRX082etIj99UqIah//93PJ1GYo6gOGM9xVeuP e/wEK3EATdwaR/a4waHyAsD9TOxVY5gzx5kE1t03ionJkfhm6dO1wslUGgE/huNCHayS Dp11WgsP0qyAUNvHtzFPbjgAcLAFEgz9V2vcs= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1709568648; x=1710173448; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=TH1o9ervsPKAzEGLoFJ5wQZrXDTVu2urG7J9ug8iYgw=; b=K5t/PGs8RJ3SQ3jTHI1RWVwpZp3r1+x+DbK5Zsrk191gtUzniCToFogentAsZ5xzWh DeR+zN1hpUP2x6rGLBSiks65u/VjDiGidvyzxchenwhgXj108maBl3xOFtRpYJw/ewCs eQ4Zubzd5py6IpHB6EoV6S6qGQ8+vTfMIpg9DIXeqEO1AXidfk5kHldNruYwo2cTpJ5m IVc84fCPY/hVscHiNn5ekE4MCE2LKtn8XhI7xd6wLi0y+bUcB5jAdjdpCG/+B8h/wJYF SubrQuhbFVHY4pLVQG5KJiATb+BdDrnH2rbUuKcQRD8MG2SKNJgf1AWQtLwEJRaTxAWT R9ow== X-Gm-Message-State: AOJu0YzKXx4nuObgOIzFA/uQmBVXSl/akobGdFn9By6bIJFg1qswxEHR 2uYQD5FWtrkvwEPOfI7jgFORLwE7aslbMYEjj40KoAe5XUptsLZO+OaNIo6+oTyUhAXBclzKgfF u X-Google-Smtp-Source: AGHT+IFY7Zi3s5N1fO8bKi7PdLeyirYiZkfQWHjAWNFGcAEoYFpgczXzC9wdr4CmnLT9Osd3gTWMCA== X-Received: by 2002:a17:906:f6d7:b0:a3f:c3f0:69bf with SMTP id jo23-20020a170906f6d700b00a3fc3f069bfmr9230056ejb.13.1709568648570; Mon, 04 Mar 2024 08:10:48 -0800 (PST) From: Andrew Cooper To: Xen-devel Cc: Andrew Cooper , Jan Beulich , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= , Wei Liu Subject: [PATCH 2/2] xen/nospec: Allow evaluate_nospec() to short circuit constant expressions Date: Mon, 4 Mar 2024 16:10:41 +0000 Message-Id: <20240304161041.3465897-3-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20240304161041.3465897-1-andrew.cooper3@citrix.com> References: <20240304161041.3465897-1-andrew.cooper3@citrix.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @citrix.com) X-ZM-MESSAGEID: 1709568670464100002 When the compiler can reduce the condition to a constant, it can elide the conditional and one of the basic blocks. However, arch_evaluate_nospec() w= ill still insert speculation protection, despite there being nothing to protect. Allow the speculation protection to be skipped entirely when the compiler is removing the condition entirely. e.g. for x86, given: int foo(void) { if ( evaluate_nospec(1) ) return 2; else return 42; } then before, we get: : lfence mov $0x2,%eax retq and afterwards, we get: : mov $0x2,%eax retq which is correct. With no conditional branch to protect, the lfence isn't providing any relevant safety. Signed-off-by: Andrew Cooper --- CC: Jan Beulich CC: Roger Pau Monn=C3=A9 CC: Wei Liu --- xen/include/xen/nospec.h | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/xen/include/xen/nospec.h b/xen/include/xen/nospec.h index a4155af08770..56cf67a44176 100644 --- a/xen/include/xen/nospec.h +++ b/xen/include/xen/nospec.h @@ -18,6 +18,15 @@ static always_inline bool evaluate_nospec(bool cond) #ifndef arch_evaluate_nospec #define arch_evaluate_nospec(cond) cond #endif + + /* + * If the compiler can reduce the condition to a constant, then it won= 't + * be emitting a conditional branch, and there's nothing needing + * protecting. + */ + if ( __builtin_constant_p(cond) ) + return cond; + return arch_evaluate_nospec(cond); } =20 --=20 2.30.2