[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [PATCH v2 5/6] x86: guard against straight-line speculation past RET
On 13.10.2020 14:00, Andrew Cooper wrote: > On 28/09/2020 13:31, Jan Beulich wrote: >> --- a/xen/Makefile >> +++ b/xen/Makefile >> @@ -145,7 +145,15 @@ t2 = $(call as-insn,$(CC) -I$(BASEDIR)/i >> # https://bugs.llvm.org/show_bug.cgi?id=36110 >> t3 = $(call as-insn,$(CC),".macro FOO;.endm"$(close); asm volatile >> $(open)".macro FOO;.endm",-no-integrated-as) >> >> -CLANG_FLAGS += $(call or,$(t1),$(t2),$(t3)) >> +# Check whether \(text) escaping in macro bodies is supported. >> +t4 = $(call as-insn,$(CC),".macro m ret:req; \\(ret) $$\\ret; .endm; m >> 8",,-no-integrated-as) >> + >> +# Check whether macros can override insn mnemonics in inline assembly. >> +t5 = $(call as-insn,$(CC),".macro ret; .error; .endm; .macro retq; .error; >> .endm",-no-integrated-as) >> + >> +acc1 := $(call or,$(t1),$(t2),$(t3),$(t4)) >> + >> +CLANG_FLAGS += $(call or,$(acc1),$(t5)) > > I'm not happy taking this until there is toolchain support visible in > the future. > > We *cannot* rule out the use of IAS forever more, because there are > features far more important than ret speculation which depend on it. So what do you suggest? We can't have both, afaics, so we need to pick either being able to use the integrated assembler or being able to guard RET. >> --- a/xen/include/asm-x86/asm-defns.h >> +++ b/xen/include/asm-x86/asm-defns.h >> @@ -50,3 +50,22 @@ >> .macro INDIRECT_JMP arg:req >> INDIRECT_BRANCH jmp \arg >> .endm >> + >> +/* >> + * To guard against speculation past RET, insert a breakpoint insn >> + * immediately after them. >> + */ >> +.macro ret operand:vararg >> + ret$ \operand >> +.endm >> +.macro retq operand:vararg >> + ret$ \operand >> +.endm >> +.macro ret$ operand:vararg >> + .purgem ret >> + ret \operand > > You're substituting retq for ret, which defeats the purpose of unwrapping. I'm afraid I don't understand the "defeats" aspect. > I will repeat my previous feedback. Do away with this > wrapping/unwrapping and just use a raw .byte. Its simpler and faster. Well, I could now also repeat my prior response to your prior feedback, but since iirc you didn't reply back then I don't expect you would now. Instead I'll - once again - give in despite my believe that this is the cleaner approach, and that in cases like this one - when there are pros and cons to either approach - it should be the author's choice rather than the reviewer's. Jan
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |