Xen project Mailing List

Re: [PATCH 7/8] x86/spec-ctrl: Issue VERW during IST exit to Xen

To: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>

Date: Fri, 15 Sep 2023 09:15:47 +0200

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=4e5Og+eLrLFQ6KmXFJKqQygHyGRdff0dqPUl4tRZbFc=; b=oHpagLHe6vS6/TBFaRHrqZ3wNMTtmlDCkGEyabJAjTC6wdj0jnyg3ILuixXHYPSNYGk32T3mT9InLSBxTHEERYtdX2Essjg5m4TauQBPVi2X/MVWyNQa0UB7j5lESvNlh+cFwNQXloq0yLu8OYtrULkkSdevChmHfT0sKORiVJ1Z9AKY1LAXltZyt1lATJg2Ph2TC+bK1dUoT13JwZpO9THXx/fJKPXKGHZswbvvFMY0biqyvUYXSUsZ3pG+pJTIg0JMFdSZqAzVmDdO9CgUGvxR/yXCzGKbbse0uc0wLne5IC84aDtB6eBHYses02qs2b2o8UCa4YBsXyICFuZUDg==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=izHCyVxamaxCj6pHD4T1ID5/AvpLESLVRBrWEEisZkwnpmGDFtalOmWm/lJFMwKPos7jIvOFt9AGRoMadZZQ6Io1GmGoPWWwB0zc1lI6KYMnkEgZIspqrdN1EcltmnZZKnALPGTUsnWB/TH1fucReA/Zuvl0jlnrTycDKVVv8Vw1+baD6FznA2bIEyjj8KcwmTOKQN//Vmkw8J0PHXhWejC1Wo2GKJktcuhayIKgvSbNj70FQmkem6xXEusmz7ujXqSrUlv62GO8rRVBo3vA7PROyQsozk4zbQqC4/CFme2nx1/Veqg+uyuLVLxP/B3Ttwts5mddE7JtFoBEbimNaA==

Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;

Cc: Roger Pau Monné <roger.pau@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>

Delivery-date: Fri, 15 Sep 2023 07:15:54 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 14.09.2023 21:49, Andrew Cooper wrote: > On 14/09/2023 11:01 am, Jan Beulich wrote: >> On 13.09.2023 22:27, Andrew Cooper wrote: >>> There is a corner case where e.g. an NMI hitting an exit-to-guest path after >>> SPEC_CTRL_EXIT_TO_* would have run the entire NMI handler *after* the VERW >>> flush to scrub potentially sensitive data from uarch buffers. >>> >>> In order to compensate, issue VERW when exiting to Xen from an IST entry. >>> >>> SPEC_CTRL_EXIT_TO_XEN already has two reads of spec_ctrl_flags off the >>> stack, >>> and we're about to add a third. Load the field into %ebx, and list the >>> register as clobbered. >>> >>> %r12 has been arranged to be the ist_exit signal, so add this as an input >>> dependency and use it to identify when to issue a VERW. >>> >>> Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> >> While looking technically okay, I still have a couple of remarks: >> >>> --- a/xen/arch/x86/include/asm/spec_ctrl_asm.h >>> +++ b/xen/arch/x86/include/asm/spec_ctrl_asm.h >>> @@ -344,10 +344,12 @@ UNLIKELY_DISPATCH_LABEL(\@_serialise): >>> */ >>> .macro SPEC_CTRL_EXIT_TO_XEN >>> /* >>> - * Requires %r14=stack_end >>> - * Clobbers %rax, %rcx, %rdx >>> + * Requires %r12=ist_exit, %r14=stack_end >>> + * Clobbers %rax, %rbx, %rcx, %rdx >> While I'd generally be a little concerned of the growing dependency and >> clobber lists, there being a single use site makes this pretty okay. The >> macro invocation being immediately followed by RESTORE_ALL effectively >> means we can clobber almost everything here. >> >> As to register usage and my comment on patch 5: There's no real need >> to switch %rbx to %r14 there if I'm not mistaken > > As said, it's about consistency of the helpers. While I'm not entirely happy with this, ... >>> @@ -367,8 +369,16 @@ UNLIKELY_DISPATCH_LABEL(\@_serialise): >>> >>> .L\@_skip_sc_msr: >>> >>> - /* TODO VERW */ >>> + test %r12, %r12 >>> + jz .L\@_skip_ist_exit >>> + >>> + /* Logically DO_SPEC_CTRL_COND_VERW but without the %rsp=cpuinfo >>> dependency */ >>> + testb $SCF_verw, %bl >>> + jz .L\@_verw_skip >>> + verw STACK_CPUINFO_FIELD(verw_sel)(%r14) >>> +.L\@_verw_skip: >> Nit: .L\@_skip_verw would be more consistent with the other label names. > > So it would. I'll tweak. ... then Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx> Jan

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.