[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[xen staging] x86/spec-ctrl: Consistently halt speculation using int3

commit addb336f4afb244fd57eb141a9c6ac365ed36563
Author:     Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
AuthorDate: Thu Jun 30 22:15:25 2022 +0100
Commit:     Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
CommitDate: Tue Jul 19 14:28:18 2022 +0100

    x86/spec-ctrl: Consistently halt speculation using int3
    
    The RSB stuffing loop and retpoline thunks date from the very beginning, 
when
    halting speculation was a brand new field.
    
    These days, we've largely settled on int3 for halting speculation in
    non-architectural paths.  It's a single byte, and is fully serialising - a
    requirement for delivering #BP if it were to execute.
    
    Update the thunks.  Mostly for consistency across the codebase, but it does
    shrink every entrypath in Xen by 6 bytes which is a marginal win.
    
    Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
    Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx>
---
 xen/arch/x86/include/asm/spec_ctrl_asm.h | 11 +++--------
 xen/arch/x86/indirect-thunk.S            |  6 ++----
 2 files changed, 5 insertions(+), 12 deletions(-)

diff --git a/xen/arch/x86/include/asm/spec_ctrl_asm.h 
b/xen/arch/x86/include/asm/spec_ctrl_asm.h
index 9eb4ad9ab7..fab27ff553 100644
--- a/xen/arch/x86/include/asm/spec_ctrl_asm.h
+++ b/xen/arch/x86/include/asm/spec_ctrl_asm.h
@@ -126,9 +126,8 @@
  * change. Based on Google's performance numbers, the loop is unrolled to 16
  * iterations and two calls per iteration.
  *
- * The call filling the RSB needs a nonzero displacement.  A nop would do, but
- * we use "1: pause; lfence; jmp 1b" to safely contains any ret-based
- * speculation, even if the loop is speculatively executed prematurely.
+ * The call filling the RSB needs a nonzero displacement, and int3 halts
+ * speculation.
  *
  * %rsp is preserved by using an extra GPR because a) we've got plenty spare,
  * b) the two movs are shorter to encode than `add $32*8, %rsp`, and c) can be
@@ -141,11 +140,7 @@
 
     .irp n, 1, 2                    /* Unrolled twice. */
     call .L\@_insert_rsb_entry_\n   /* Create an RSB entry. */
-
-.L\@_capture_speculation_\n:
-    pause
-    lfence
-    jmp .L\@_capture_speculation_\n /* Capture rogue speculation. */
+    int3                            /* Halt rogue speculation. */
 
 .L\@_insert_rsb_entry_\n:
     .endr
diff --git a/xen/arch/x86/indirect-thunk.S b/xen/arch/x86/indirect-thunk.S
index 7cc22da0ef..de6aef6068 100644
--- a/xen/arch/x86/indirect-thunk.S
+++ b/xen/arch/x86/indirect-thunk.S
@@ -12,11 +12,9 @@
 #include <asm/asm_defns.h>
 
 .macro IND_THUNK_RETPOLINE reg:req
-        call 2f
+        call 1f
+        int3
 1:
-        lfence
-        jmp 1b
-2:
         mov %\reg, (%rsp)
         ret
 .endm
--
generated by git-patchbot for /home/xen/git/xen.git#staging

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.