[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v3 5/7] x86: guard against straight-line speculation past RET

  • To: Jan Beulich <jbeulich@xxxxxxxx>
  • From: Roger Pau Monné <roger.pau@xxxxxxxxxx>
  • Date: Wed, 11 Nov 2020 15:19:50 +0100
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=zIuRIBYUodhU7YjxRg4obkkTosdRqYr++JOcSlXvKcs=; b=nUZ/xWzB5cKdsdMkSGmJhw0elw0OO8hhjfTyhZHgfBknK5c9/mnFUlONI8YuT6eDEPIzLg6PQfeBfhhgmd7T7utupLp7iorQ6ODsWEkez2NxPNAn0CeqnvGXKmxsMQz65z1MNLYtF07nxlJIGIgw5vlbYu7G/+JMyzXKtAVtwC0/rVjtuGf9MO5MMhHxenRwH2Ke9cQgPP3jp4RFzOTVLegIYxGACVF2Vtkhl20SNw1tAgzYDI6pQZ5NNkAySh6XApMnc67ehkJUrYvDFXVzS9Ft6RvMuaFzz3xikebPhelR7V22BAV3OGBQz03iBNHT0Xg+VfzgyqU55J1WCcZ6LQ==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=oFaQkV0V9i+gZ2jMmjOK+P3QOJvk/vrPuKG9rHL+vCDIxaJEN5SB7yw6rEDOtJijewriRJCfRX74ldx/OQOEUVCmitvyf/pjyI7kSiH+15j7VY2QMl6CgckaEC8t7C2MUKyYatrnQR5svW2fmpk0GjyhIZb7LjDiOCgBW6li1i1XTsqbUzmXO0fHh0fYTCDYRU3rssmB0kT9z9pNrYSx3Od+ql43hcSdZBd6Ivuwbd9NJgYSrKefdAgC0Ql7FSu9hWRoy8DOgXWXn+FA39OX25rj4wFvOneRx971JhgTLghIdVGSitgWpk1KF8K/YvgY/m7xwRm0Kg2mnkKGokFj3Q==
  • Authentication-results: esa2.hc3370-68.iphmx.com; dkim=pass (signature verified) header.i=@citrix.onmicrosoft.com
  • Cc: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, "Andrew Cooper" <andrew.cooper3@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>
  • Delivery-date: Wed, 11 Nov 2020 14:21:32 +0000
  • Ironport-sdr: qhiZWmqMcktUGflrEsoQv5rNE7TL6FUVRRe3KjwCkMkv9xIFld5SguRitlv0gM7ad/BUvV+H8s gR5jitW1eKq5xdi7wBuqknORRhqZyaFu1LGrUwkOKTmzU+swncgBhBdATTnuofvxHqANf/S1Ib 7u9t4i8mRu9Qb6oaABLWtUM4Ku477rcZDlQixFe6mgpW89Hd3sf/wG2xS8x8tFLrv9TkyOznPT dEuXe8SDUDe6AsqF+5gZ6OrLxKtF6Ct36JajuyzROACoUF4Y0Khaepo0DY7DtKKShQ28URyqO9 Ew4=
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On Wed, Nov 11, 2020 at 02:33:34PM +0100, Jan Beulich wrote:
> On 11.11.2020 12:15, Roger Pau Monné wrote:
> > On Fri, Oct 23, 2020 at 10:38:04AM +0200, Jan Beulich wrote:
> >> Under certain conditions CPUs can speculate into the instruction stream
> >> past a RET instruction. Guard against this just like 3b7dab93f240
> >> ("x86/spec-ctrl: Protect against CALL/JMP straight-line speculation")
> >> did - by inserting an "INT $3" insn. It's merely the mechanics of how to
> >> achieve this that differ: A set of macros gets introduced to post-
> >> process RET insns issued by the compiler (or living in assembly files).
> >>
> >> Unfortunately for clang this requires further features their built-in
> >> assembler doesn't support: We need to be able to override insn mnemonics
> >> produced by the compiler (which may be impossible, if internally
> >> assembly mnemonics never get generated), and we want to use \(text)
> >> escaping / quoting in the auxiliary macro.
> >>
> >> Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
> >> Acked-by: Roger Pau Monné <roger.pau@xxxxxxxxxx>
> >> ---
> >> TBD: Would be nice to avoid the additions in .init.text, but a query to
> >>      the binutils folks regarding the ability to identify the section
> >>      stuff is in (by Peter Zijlstra over a year ago:
> >>      https://sourceware.org/pipermail/binutils/2019-July/107528.html)
> >>      has been left without helpful replies.
> >> ---
> >> v3: Use .byte 0xc[23] instead of the nested macros.
> >> v2: Fix build with newer clang. Use int3 mnemonic. Also override retq.
> >>
> >> --- a/xen/Makefile
> >> +++ b/xen/Makefile
> >> @@ -145,7 +145,15 @@ t2 = $(call as-insn,$(CC) -I$(BASEDIR)/i
> >>  # https://bugs.llvm.org/show_bug.cgi?id=36110
> >>  t3 = $(call as-insn,$(CC),".macro FOO;.endm"$(close); asm volatile 
> >> $(open)".macro FOO;.endm",-no-integrated-as)
> >>  
> >> -CLANG_FLAGS += $(call or,$(t1),$(t2),$(t3))
> >> +# Check whether \(text) escaping in macro bodies is supported.
> >> +t4 = $(call as-insn,$(CC),".macro m ret:req; \\(ret) $$\\ret; .endm; m 
> >> 8",,-no-integrated-as)
> >> +
> >> +# Check whether macros can override insn mnemonics in inline assembly.
> >> +t5 = $(call as-insn,$(CC),".macro ret; .error; .endm; .macro retq; 
> >> .error; .endm",-no-integrated-as)
> > 
> > I was going over this to post a bug report to LLVM, but it seems like
> > gcc also doesn't overwrite ret when using the above snippet:
> > 
> > https://godbolt.org/z/oqsPTv
> 
> I can't see what's different from
> 
> void test(void) {
>       asm volatile (".macro ret; .error; .endm; .macro retq; .error; .endm");
> }
> 
> but this one produces "Error: .error directive invoked in source file"
> for me with both old and new gcc.

You are right, I think godbolt is somehow busted?

I can reproduce your results with my version of gcc, so will just
report to LLVM.

Roger.

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.