[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[xen master] xen/arm64: Place a speculation barrier following an ret instruction

commit bcab2ac84931ab58e2f2cd1242ed551d8aaff021
Author:     Julien Grall <jgrall@xxxxxxxxxx>
AuthorDate: Tue Jun 16 16:33:12 2020 +0100
Commit:     Julien Grall <jgrall@xxxxxxxxxx>
CommitDate: Tue Apr 20 13:17:34 2021 +0100

    xen/arm64: Place a speculation barrier following an ret instruction
    
    Some CPUs can speculate past a RET instruction and potentially perform
    speculative accesses to memory before processing the return.
    
    There is no known gadget available after the RET instruction today.
    However some of the registers (such as in check_pending_guest_serror())
    may contain a value provided by the guest.
    
    In order to harden the code, it would be better to add a speculation
    barrier after each RET instruction. The performance impact is meant to
    be negligeable as the speculation barrier is not meant to be
    architecturally executed.
    
    Rather than manually inserting a speculation barrier, use a macro
    which overrides the mnemonic RET and replace with RET + SB. We need to
    use the opcode for RET to prevent any macro recursion.
    
    This patch is only covering the assembly code. C code would need to be
    covered separately using the compiler support.
    
    Note that the definition of the macros sb needs to be moved earlier in
    asm-arm/macros.h so it can be used by the new macro.
    
    This is part of the work to mitigate straight-line speculation.
    
    Signed-off-by: Julien Grall <jgrall@xxxxxxxxxx>
    Reviewed-by: Bertrand Marquis <bertrand.marquis@xxxxxxx>
    Acked-by: Stefano Stabellini <sstabellini@xxxxxxxxxx>
---
 xen/include/asm-arm/arm64/macros.h |  6 ++++++
 xen/include/asm-arm/macros.h       | 18 +++++++++---------
 2 files changed, 15 insertions(+), 9 deletions(-)

diff --git a/xen/include/asm-arm/arm64/macros.h 
b/xen/include/asm-arm/arm64/macros.h
index f981b4f43e..5ad66efd6b 100644
--- a/xen/include/asm-arm/arm64/macros.h
+++ b/xen/include/asm-arm/arm64/macros.h
@@ -21,6 +21,12 @@
     ldr     \dst, [\dst, \tmp]
     .endm
 
+    .macro  ret
+        /* ret opcode */
+        .inst 0xd65f03c0
+        sb
+    .endm
+
 /*
  * Register aliases.
  */
diff --git a/xen/include/asm-arm/macros.h b/xen/include/asm-arm/macros.h
index 4833671f4c..1aa373760f 100644
--- a/xen/include/asm-arm/macros.h
+++ b/xen/include/asm-arm/macros.h
@@ -5,6 +5,15 @@
 # error "This file should only be included in assembly file"
 #endif
 
+    /*
+     * Speculative barrier
+     * XXX: Add support for the 'sb' instruction
+     */
+    .macro sb
+    dsb nsh
+    isb
+    .endm
+
 #if defined (CONFIG_ARM_32)
 # include <asm/arm32/macros.h>
 #elif defined(CONFIG_ARM_64)
@@ -20,13 +29,4 @@
     .endr
     .endm
 
-    /*
-     * Speculative barrier
-     * XXX: Add support for the 'sb' instruction
-     */
-    .macro sb
-    dsb nsh
-    isb
-    .endm
-
 #endif /* __ASM_ARM_MACROS_H */
--
generated by git-patchbot for /home/xen/git/xen.git#master

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.