[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v3 5/7] x86: guard against straight-line speculation past RET

  • To: Jan Beulich <jbeulich@xxxxxxxx>
  • From: Roger Pau Monné <roger.pau@xxxxxxxxxx>
  • Date: Tue, 10 Nov 2020 12:16:03 +0100
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=XnTB1J1VK+kzRdZpv40WckXOrhwiJ028YdQrgs5DGVk=; b=UyMDJyQo4uGY8JZkziAXZAaTvtkya9qws3x/VqySFR83uiK32H0ml+shcW6b64jGHpkgwNySRI1MiQB+bB8F29tdTmX7kD6nRdgt1cfb5RIrMbcLefQKuPdHJ9WKLHbHh368gkTUs19sqMhGz/my0cFfYn1PBCXy6rw7ZBvzpG1uiiQdT0WC9djjo23QbMzKdcp5e21/B93FlpBfSey5zKMBs3jODhSZYGEzZNWMObSEmbAcqLjEBTWcYaJtdd6QOiiKiWUyP8//W72BOIYRxOHqGhrfqOl91QasCFGrO2Dlm+mPVR8EyOkhGgN3d5Y5AUKXnZ9PQitCOqesltufZg==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=J6fya2vX62CndgJoDBnstFv8r65WYuxWEEwYE/CR/B/cfBmhMaI+rvwJKIkM4Zp5kNl0w7aMRDVAVwF01VDCCfo48e9PIJxjaGJGaOwC4NT4r5Al0nCAjksb5IkuACYLmZSgWbLLDf9z5fHXZMqs8xPfnxpJdjXegjiTQqmS3uNt3aJCYTs0zlb0AXVrrjxcOVPbRn8+0xF+zq4VY3cxhAfT0sRMjf5zoubmq1M7WtWEGkTLtlCgf++VzAnliiUKqjzRtvjWCqqKNVs5FcQWtEuMgVz4IcXeJwcPMr3R1MGncnENxAs3XHyOUfaUm4JGMvI9boRssto7/L1f4kGTwg==
  • Authentication-results: esa3.hc3370-68.iphmx.com; dkim=pass (signature verified) header.i=@citrix.onmicrosoft.com
  • Cc: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, "Andrew Cooper" <andrew.cooper3@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>
  • Delivery-date: Tue, 10 Nov 2020 11:16:20 +0000
  • Ironport-sdr: FzvriLHXav0THI47ZVQwxKykduWLJfdUIW95aSXpBTXPW7nPDFZgCevwYkq8/o1yPnUP/aFnJa RJ+iDMAYiSdOaO16E7ERwG19kLvndhmNm3oJwOh1HTue515d1D7qwcMMVpq6EauTyowtDnBhjt aw/aXoLcJX2mmzJ4DFOifKZP9CMYMOP6snSgnmvrjDWZVzSK8JCLYZNUzBjXtJT8tHMVPjqFO1 pBe/8z35yGVVpFP3cm+Q5jGu0rkFKpoMGEAh+zvyIE8lrTGI+Axw645XIjrbtDjPDO1DG/9QEs vhc=
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On Tue, Nov 10, 2020 at 11:06:46AM +0100, Jan Beulich wrote:
> On 10.11.2020 10:31, Roger Pau Monné wrote:
> > On Fri, Oct 23, 2020 at 10:38:04AM +0200, Jan Beulich wrote:
> >> Under certain conditions CPUs can speculate into the instruction stream
> >> past a RET instruction. Guard against this just like 3b7dab93f240
> >> ("x86/spec-ctrl: Protect against CALL/JMP straight-line speculation")
> >> did - by inserting an "INT $3" insn. It's merely the mechanics of how to
> >> achieve this that differ: A set of macros gets introduced to post-
> >> process RET insns issued by the compiler (or living in assembly files).
> >>
> >> Unfortunately for clang this requires further features their built-in
> >> assembler doesn't support: We need to be able to override insn mnemonics
> >> produced by the compiler (which may be impossible, if internally
> >> assembly mnemonics never get generated), and we want to use \(text)
> >> escaping / quoting in the auxiliary macro.
> > 
> > Could this have an option to enable/disable at build time?
> 
> Well, a subsequent patch adds a config option for this, which in
> the worst case could be turned off. I'm afraid though I'm not
> clear about the question, because ...
> 
> > FreeBSD will drop GNU as quite soon from base, and albeit it can be
> > installed as a package I would like to be able to build Xen using a
> > toolchain based on LLVM exclusively.
> 
> ... it's not clear to me what the implications here are: Are you
> saying -no-integrated-as is not going to function anymore, unless
> people explicitly install gas? If that's not what you meant to
> indicate, then I don't see how building would become impossible.

I'm still inquiring about this, but I would say that when gas is
removed from FreeBSD then the 'as' command would be mapped to llvm-as,
and thus -no-integrated-as would hit the same issues as the integrated
as. So far in Xen we have assumed that -no-integrated-as would
fallback to an as capable of doing what the integrated clang as
doesn't support, but that might not be the case.

Ideally we would have to re-run the tests with -no-integrated-as, in
order to assert that the external as is really capable of what the
internal one is not.

Roger.

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.