Xen project Mailing List

Re: [PATCH] x86: guard against straight-line speculation past RET

To: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>

Date: Mon, 7 Sep 2020 12:14:39 +0200

Cc: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>

Delivery-date: Mon, 07 Sep 2020 10:14:48 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 07.09.2020 11:25, Jan Beulich wrote: > On 04.09.2020 20:18, Andrew Cooper wrote: >> Clang doesn't actually expand the macro for ret instructions, so a Clang >> build of Xen only ends up getting protected in the assembly files. >> >> The following experiment demonstrates the issue: >> >> $ cat ret.c >> asm (".macro ret\n\t" >> ".error \"foo\"\n\t" >> ".endm\n\t"); >> void foo(void) {} >> >> $ gcc -O3 -c ret.c -o ret.o && objdump -d ret.o >> /tmp/ccf8hkyN.s: Assembler messages: >> /tmp/ccf8hkyN.s:16: Error: foo >> >> $ clang-10 -O3 -c ret.c -o ret.o && objdump -d ret.o >> >> ret.o: file format elf64-x86-64 >> >> >> Disassembly of section .text: >> >> 0000000000000000 <foo>: >> 0: c3 retq >> >> >> Worse, -no-integrated-as doesn't immediately help, even though it >> invokes $(AS). >> >> I tracked that down to the difference between ret and retq, which >> highlights an assumption about GCC which may not remain true in the future. >> >> Adding a second macro covering retq fixes the scenario in combination >> with -no-integrated-as. > > Ah, yes, I should of course have thought of retq. Albeit as per > above - generated code looks fine here when using clang 5. I'm sorry, I can indeed see this part of the issue. I did look at the wrong build tree when putting together the earlier reply. Jan

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.