[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 05/12] x86: Migrate spec_ctrl vendor checks to cpu_vendor()

  • To: Jan Beulich <jbeulich@xxxxxxxx>
  • From: Alejandro Vallejo <alejandro.garciavallejo@xxxxxxx>
  • Date: Thu, 12 Feb 2026 15:55:58 +0100
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=suse.com smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0)
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=upTvwB/xKG0YJKqZ73mCz/e9Bc+WguMxroxZZwUkvk4=; b=pSYccwNqDsxdA6LABsXfUGhBJpMDN+FlhoaXh6EhkB2ltRjXFZwhIhLpTMfSl6yoQLYFdArbcVtyP11ss0zfueELLjQKd8WpE+yoGnNBTVtjRPFSsmJtLTgTlr0Pqpga+KFiNAhftyVG52xJbWb5A4APLWcwERDo8uuyZ0ZYnllq+vsGO+vP6sGlXYG1IylifjhJKv2TjPy/RAVv3UakNzyQOxEl5jEPlDNXEowqB2vNqYdB2+wjkV94nG8o9piEmFmhvXmTfLrLtf9PPF8eO8NDUxU8yaHrwNYgf2iECcMJG5EoN2tUEU7pQ9Tpre/+sGtaUAWjFWIYG6bEXnzQOw==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=TxaBUmsUjy8eBAu5zQH4FfeaHyyBTGHkwjqWAAqOo9mbMbwnRMJCK/VIBhe+wvoqsb+zhgTeIouyiixDprgTh1gG+Fv22CH0gMYAZ0wmqvZ1kmkS1/0a0lLhaYQ3D9ma/fS/gAdOvW8+7AQfqYRX0AiMobhnWDBPIDXI276hcrdMuqAjN5PyG0bbPINPKD1fc9LhS61+RYY76zWV4CR867/qCmxRKacZyZK/jMh7MBUFibPfzixJdYYWlWvAG3KdgOwU9sixDpjSXU3bUtg1CROY7+7LwQ6oO0Idv1wbk94TFOr4hzU4Zsw+scib7418SW4vtgWGFqKWUpvqdp6Dow==
  • Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Jason Andryuk <jason.andryuk@xxxxxxx>, <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • Delivery-date: Thu, 12 Feb 2026 14:56:16 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On Thu Feb 12, 2026 at 11:49 AM CET, Jan Beulich wrote:
> On 06.02.2026 17:15, Alejandro Vallejo wrote:
>> @@ -738,11 +738,10 @@ static bool __init retpoline_calculations(void)
>>      unsigned int ucode_rev = this_cpu(cpu_sig).rev;
>>      bool safe = false;
>>  
>> -    if ( boot_cpu_data.vendor & (X86_VENDOR_AMD | X86_VENDOR_HYGON) )
>> +    if ( cpu_vendor() & (X86_VENDOR_AMD | X86_VENDOR_HYGON) )
>>          return true;
>>  
>> -    if ( boot_cpu_data.vendor != X86_VENDOR_INTEL ||
>> -         boot_cpu_data.family != 6 )
>> +    if ( !(cpu_vendor() & X86_VENDOR_INTEL) || boot_cpu_data.family != 6 )
>>          return false;
>
> At the example of this (applies throughout this patch): With the panic() in
> patch 03 the transformation looks correct. Without that panic(), or without
> being explicitly aware of it, this gives the impression of explicitly doing
> an unsafe thing:

These patches wouldn't be functional changes without the X86_ENABLED_VENDORS
mask at cpu_vendor() or the single-vendor optimisation. I could split it that
way. Introduce the cpu_vendor() macro early. Transform the entire tree, and then
apply the optimisations.

> being explicitly aware of it, this gives the impression of explicitly doing
> an unsafe thing:

Without the panic, it'd indeed be (intentionally) doing an unsafe thing.
Removing the panic can't be safe, it's not just a matter of features missing.
It'd imply printing a banner saying the current configuration is unsupported.

> Even though by way of boot_cpu_data.vendor we know what
> vendor's CPU we're on, we're acting as if we didn't know.

Not with the panic in place, which is partially why I put it there.

> I'm really
> uncertain whether such changes are worth it with the mere goal of reducing
> code size.

It is unreachable code, and in a safety context every line of unreachable code
must be either removed or justified. And justifications cost time, effort and
are difficult to maintain.

> Even beyond the concern raised, this feels like it might be
> increasing the risk of introducing subtle bugs.

I would've agreed with you with x86_vendor_is(), which is why for v1 I took a
step back to make cpu_vendor(). That macro was complex. Too complex and it took
many trial and errors to fine tune it. cpu_vendor() is comparatively trivial and
relies on the compiler doing the heavy lifting. In the single-vendor case it's
a constant and it's hopefully uncontroversially fine to remove unreachable code
then.

In the multivendor case, the complexity amounts to a mask of available vendors.

I don't think there's an inherent danger in removing unreachable code, so long
as we can prove at boot time the reachability preconditions can't be met.

>
> I wonder what Andrew and Roger think in this regard.

+1

Cheers,
Alejandro

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.