[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH SpectreV1+L1TF v4 03/11] config: introduce L1TF_LFENCE option

To: "Andrew Cooper" <andrew.cooper3@xxxxxxxxxx>
From: "Jan Beulich" <JBeulich@xxxxxxxx>
Date: Fri, 25 Jan 2019 03:14:05 -0700
Cc: Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wei.liu2@xxxxxxxxxx>, Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx>, George Dunlap <George.Dunlap@xxxxxxxxxxxxx>, Tim Deegan <tim@xxxxxxx>, Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>, Dario Faggioli <dfaggioli@xxxxxxxx>, Martin Pohlack <mpohlack@xxxxxxxxx>, Julien Grall <julien.grall@xxxxxxx>, nmanthey@xxxxxxxxx, "Martin Mazein\(amazein\)" <amazein@xxxxxxxxx>, xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Julian Stecklina <jsteckli@xxxxxxxxx>, David Woodhouse <dwmw@xxxxxxxxxxxx>, Bjoern Doebel <doebel@xxxxxxxxx>
Delivery-date: Fri, 25 Jan 2019 10:14:19 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

>>> On 24.01.19 at 22:29, <andrew.cooper3@xxxxxxxxxx> wrote:
> Worse is the "evaluate condition, stash result, fence, use variable"
> option, which is almost completely useless.  If you work out the
> resulting instruction stream, you'll have a conditional expression
> calculated down into a register, then a fence, then a test register and
> conditional jump into one of two basic blocks.  This takes the perf hit,
> and doesn't protect either of the basic blocks for speculative
> mis-execution.

How does it not protect anything? It shrinks the speculation window
to just the register test and conditional branch, which ought to be
far smaller than that behind a memory access which fails to hit any
of the caches (and perhaps even any of the TLBs). This is the more
that LFENCE does specifically not prevent insn fetching from
continuing.

That said I agree that the LFENCE would better sit between the
register test and the conditional branch, but as we've said so many
times before - this can't be achieved without compiler support. It's
said enough that the default "cc" clobber of asm()-s on x86 alone
prevents this from possibly working, while my over four year old
patch to add a means to avoid this has not seen sufficient
comments to get it into some hopefully acceptable shape, but also
has not been approved as is.

Then again, following an earlier reply of mine on another sub-
thread, nothing really prevents the compiler from moving ahead
and folding the two LFENCEs of the "both branches" model into
one. It just so happens that apparently right now this never
occurs (assuming Norbert has done full generated code analysis
to confirm the intended placement).

Jan

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

Follow-Ups:
- Re: [Xen-devel] [PATCH SpectreV1+L1TF v4 03/11] config: introduce L1TF_LFENCE option
  - From: Andrew Cooper
- Re: [Xen-devel] [PATCH SpectreV1+L1TF v4 03/11] config: introduce L1TF_LFENCE option
  - From: Norbert Manthey

References:
- [Xen-devel] SpectreV1+L1TF Patch Series
  - From: Norbert Manthey
- [Xen-devel] [PATCH SpectreV1+L1TF v4 03/11] config: introduce L1TF_LFENCE option
  - From: Norbert Manthey
- Re: [Xen-devel] [PATCH SpectreV1+L1TF v4 03/11] config: introduce L1TF_LFENCE option
  - From: Andrew Cooper

Prev by Date: Re: [Xen-devel] [RFC] virtio_ring: check dma_mem for xen_domain
Next by Date: Re: [Xen-devel] [PATCH for-4.12] x86/p2m: Drop erroneous #VE-enabled check in ept_set_entry()
Previous by thread: Re: [Xen-devel] [PATCH SpectreV1+L1TF v4 03/11] config: introduce L1TF_LFENCE option
Next by thread: Re: [Xen-devel] [PATCH SpectreV1+L1TF v4 03/11] config: introduce L1TF_LFENCE option
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.