Xen project Mailing List

Re: [PATCH] x86/vmx: Drop memory clobbers on VMX instruction wrappers

To: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>

Date: Mon, 7 Apr 2025 14:00:32 +0200

Autocrypt: addr=jbeulich@xxxxxxxx; keydata= xsDiBFk3nEQRBADAEaSw6zC/EJkiwGPXbWtPxl2xCdSoeepS07jW8UgcHNurfHvUzogEq5xk hu507c3BarVjyWCJOylMNR98Yd8VqD9UfmX0Hb8/BrA+Hl6/DB/eqGptrf4BSRwcZQM32aZK 7Pj2XbGWIUrZrd70x1eAP9QE3P79Y2oLrsCgbZJfEwCgvz9JjGmQqQkRiTVzlZVCJYcyGGsD /0tbFCzD2h20ahe8rC1gbb3K3qk+LpBtvjBu1RY9drYk0NymiGbJWZgab6t1jM7sk2vuf0Py O9Hf9XBmK0uE9IgMaiCpc32XV9oASz6UJebwkX+zF2jG5I1BfnO9g7KlotcA/v5ClMjgo6Gl MDY4HxoSRu3i1cqqSDtVlt+AOVBJBACrZcnHAUSuCXBPy0jOlBhxPqRWv6ND4c9PH1xjQ3NP nxJuMBS8rnNg22uyfAgmBKNLpLgAGVRMZGaGoJObGf72s6TeIqKJo/LtggAS9qAUiuKVnygo 3wjfkS9A3DRO+SpU7JqWdsveeIQyeyEJ/8PTowmSQLakF+3fote9ybzd880fSmFuIEJldWxp Y2ggPGpiZXVsaWNoQHN1c2UuY29tPsJgBBMRAgAgBQJZN5xEAhsDBgsJCAcDAgQVAggDBBYC AwECHgECF4AACgkQoDSui/t3IH4J+wCfQ5jHdEjCRHj23O/5ttg9r9OIruwAn3103WUITZee e7Sbg12UgcQ5lv7SzsFNBFk3nEQQCACCuTjCjFOUdi5Nm244F+78kLghRcin/awv+IrTcIWF hUpSs1Y91iQQ7KItirz5uwCPlwejSJDQJLIS+QtJHaXDXeV6NI0Uef1hP20+y8qydDiVkv6l IreXjTb7DvksRgJNvCkWtYnlS3mYvQ9NzS9PhyALWbXnH6sIJd2O9lKS1Mrfq+y0IXCP10eS FFGg+Av3IQeFatkJAyju0PPthyTqxSI4lZYuJVPknzgaeuJv/2NccrPvmeDg6Coe7ZIeQ8Yj t0ARxu2xytAkkLCel1Lz1WLmwLstV30g80nkgZf/wr+/BXJW/oIvRlonUkxv+IbBM3dX2OV8 AmRv1ySWPTP7AAMFB/9PQK/VtlNUJvg8GXj9ootzrteGfVZVVT4XBJkfwBcpC/XcPzldjv+3 HYudvpdNK3lLujXeA5fLOH+Z/G9WBc5pFVSMocI71I8bT8lIAzreg0WvkWg5V2WZsUMlnDL9 mpwIGFhlbM3gfDMs7MPMu8YQRFVdUvtSpaAs8OFfGQ0ia3LGZcjA6Ik2+xcqscEJzNH+qh8V m5jjp28yZgaqTaRbg3M/+MTbMpicpZuqF4rnB0AQD12/3BNWDR6bmh+EkYSMcEIpQmBM51qM EKYTQGybRCjpnKHGOxG0rfFY1085mBDZCH5Kx0cl0HVJuQKC+dV2ZY5AqjcKwAxpE75MLFkr wkkEGBECAAkFAlk3nEQCGwwACgkQoDSui/t3IH7nnwCfcJWUDUFKdCsBH/E5d+0ZnMQi+G0A nAuWpQkjM1ASeQwSHEeAWPgskBQL

Cc: Roger Pau Monné <roger.pau@xxxxxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>

Delivery-date: Mon, 07 Apr 2025 12:00:38 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 07.04.2025 12:45, Andrew Cooper wrote: > The use, or not, of memory clobbers on the VMX instructions is complicated. > > There are two separate aspects to consider: > > 1. Originally, the VMX instructions used hardcoded bytes, including memory > encodings. Therefore, the compiler couldn't see the correct relationship > between parameters. The memory clobber for this purpose should have been > dropped when switching to mnemonics. > > This covers INVEPT and INVVPID, each of which has no change in memory, nor > in fact the current address space in use. Yet then they need to come after respective table modifications. > 2. Most of these instructions operate on a VMCS region. This is a (mostly) > opaque data structure, operated on by physical address. Again, this hides > the relationship between the instructions and the VMCS from the compiler. > > The processor might use internal state to cache the VMCS (writing it back > to memory on VMCLEAR), or it might operate on memory directly. > > Because the VMCS is opaque (so the compiler has nothing interesting to know > about it), and because VMREAD/VMWRITE have chosen not to use a memory > clobber (to tell the compiler that something changed), none of the other > VMX instructions should use a memory clobber either. For this, there's actually a good example below, with everything needed in context. > This covers VMXON, VMXOFF, VMPTRLD and VMPTCLEAR. Nit: The last insn is VMCLEAR. > --- a/xen/arch/x86/hvm/vmx/vmcs.c > +++ b/xen/arch/x86/hvm/vmx/vmcs.c > @@ -754,7 +754,7 @@ static int _vmx_cpu_up(bool bsp) > _ASM_EXTABLE(1b, %l[vmxon_fault]) > : > : [addr] "m" (this_cpu(vmxon_region)) > - : "memory" > + : > : vmxon_fail, vmxon_fault ); > > this_cpu(vmxon) = 1; > @@ -811,7 +811,7 @@ void cf_check vmx_cpu_down(void) > > BUG_ON(!(read_cr4() & X86_CR4_VMXE)); > this_cpu(vmxon) = 0; > - asm volatile ( "vmxoff" ::: "memory" ); > + asm volatile ( "vmxoff" ); With the clobber dropped, the compiler is free to re-order the prior store with the asm(), despite the "volatile", isn't it? [1] This may then be applicable elsewhere as well. Jan [1] Quote: "Note that the compiler can move even volatile asm instructions relative to other code, including across jump instructions."

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.