Xen project Mailing List

Re: [PATCH] x86/AMD: Convert rdmsr_amd_safe() to use asm goto()

From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>

Date: Tue, 22 Apr 2025 11:42:39 +0100

Autocrypt: addr=andrew.cooper3@xxxxxxxxxx; keydata= xsFNBFLhNn8BEADVhE+Hb8i0GV6mihnnr/uiQQdPF8kUoFzCOPXkf7jQ5sLYeJa0cQi6Penp VtiFYznTairnVsN5J+ujSTIb+OlMSJUWV4opS7WVNnxHbFTPYZVQ3erv7NKc2iVizCRZ2Kxn srM1oPXWRic8BIAdYOKOloF2300SL/bIpeD+x7h3w9B/qez7nOin5NzkxgFoaUeIal12pXSR Q354FKFoy6Vh96gc4VRqte3jw8mPuJQpfws+Pb+swvSf/i1q1+1I4jsRQQh2m6OTADHIqg2E ofTYAEh7R5HfPx0EXoEDMdRjOeKn8+vvkAwhviWXTHlG3R1QkbE5M/oywnZ83udJmi+lxjJ5 YhQ5IzomvJ16H0Bq+TLyVLO/VRksp1VR9HxCzItLNCS8PdpYYz5TC204ViycobYU65WMpzWe LFAGn8jSS25XIpqv0Y9k87dLbctKKA14Ifw2kq5OIVu2FuX+3i446JOa2vpCI9GcjCzi3oHV e00bzYiHMIl0FICrNJU0Kjho8pdo0m2uxkn6SYEpogAy9pnatUlO+erL4LqFUO7GXSdBRbw5 gNt25XTLdSFuZtMxkY3tq8MFss5QnjhehCVPEpE6y9ZjI4XB8ad1G4oBHVGK5LMsvg22PfMJ ISWFSHoF/B5+lHkCKWkFxZ0gZn33ju5n6/FOdEx4B8cMJt+cWwARAQABzSlBbmRyZXcgQ29v cGVyIDxhbmRyZXcuY29vcGVyM0BjaXRyaXguY29tPsLBegQTAQgAJAIbAwULCQgHAwUVCgkI CwUWAgMBAAIeAQIXgAUCWKD95wIZAQAKCRBlw/kGpdefoHbdD/9AIoR3k6fKl+RFiFpyAhvO 59ttDFI7nIAnlYngev2XUR3acFElJATHSDO0ju+hqWqAb8kVijXLops0gOfqt3VPZq9cuHlh IMDquatGLzAadfFx2eQYIYT+FYuMoPZy/aTUazmJIDVxP7L383grjIkn+7tAv+qeDfE+txL4 SAm1UHNvmdfgL2/lcmL3xRh7sub3nJilM93RWX1Pe5LBSDXO45uzCGEdst6uSlzYR/MEr+5Z JQQ32JV64zwvf/aKaagSQSQMYNX9JFgfZ3TKWC1KJQbX5ssoX/5hNLqxMcZV3TN7kU8I3kjK mPec9+1nECOjjJSO/h4P0sBZyIUGfguwzhEeGf4sMCuSEM4xjCnwiBwftR17sr0spYcOpqET ZGcAmyYcNjy6CYadNCnfR40vhhWuCfNCBzWnUW0lFoo12wb0YnzoOLjvfD6OL3JjIUJNOmJy RCsJ5IA/Iz33RhSVRmROu+TztwuThClw63g7+hoyewv7BemKyuU6FTVhjjW+XUWmS/FzknSi dAG+insr0746cTPpSkGl3KAXeWDGJzve7/SBBfyznWCMGaf8E2P1oOdIZRxHgWj0zNr1+ooF /PzgLPiCI4OMUttTlEKChgbUTQ+5o0P080JojqfXwbPAyumbaYcQNiH1/xYbJdOFSiBv9rpt TQTBLzDKXok86M7BTQRS4TZ/ARAAkgqudHsp+hd82UVkvgnlqZjzz2vyrYfz7bkPtXaGb9H4 Rfo7mQsEQavEBdWWjbga6eMnDqtu+FC+qeTGYebToxEyp2lKDSoAsvt8w82tIlP/EbmRbDVn 7bhjBlfRcFjVYw8uVDPptT0TV47vpoCVkTwcyb6OltJrvg/QzV9f07DJswuda1JH3/qvYu0p vjPnYvCq4NsqY2XSdAJ02HrdYPFtNyPEntu1n1KK+gJrstjtw7KsZ4ygXYrsm/oCBiVW/OgU g/XIlGErkrxe4vQvJyVwg6YH653YTX5hLLUEL1NS4TCo47RP+wi6y+TnuAL36UtK/uFyEuPy wwrDVcC4cIFhYSfsO0BumEI65yu7a8aHbGfq2lW251UcoU48Z27ZUUZd2Dr6O/n8poQHbaTd 6bJJSjzGGHZVbRP9UQ3lkmkmc0+XCHmj5WhwNNYjgbbmML7y0fsJT5RgvefAIFfHBg7fTY/i kBEimoUsTEQz+N4hbKwo1hULfVxDJStE4sbPhjbsPCrlXf6W9CxSyQ0qmZ2bXsLQYRj2xqd1 bpA+1o1j2N4/au1R/uSiUFjewJdT/LX1EklKDcQwpk06Af/N7VZtSfEJeRV04unbsKVXWZAk uAJyDDKN99ziC0Wz5kcPyVD1HNf8bgaqGDzrv3TfYjwqayRFcMf7xJaL9xXedMcAEQEAAcLB XwQYAQgACQUCUuE2fwIbDAAKCRBlw/kGpdefoG4XEACD1Qf/er8EA7g23HMxYWd3FXHThrVQ HgiGdk5Yh632vjOm9L4sd/GCEACVQKjsu98e8o3ysitFlznEns5EAAXEbITrgKWXDDUWGYxd pnjj2u+GkVdsOAGk0kxczX6s+VRBhpbBI2PWnOsRJgU2n10PZ3mZD4Xu9kU2IXYmuW+e5KCA vTArRUdCrAtIa1k01sPipPPw6dfxx2e5asy21YOytzxuWFfJTGnVxZZSCyLUO83sh6OZhJkk b9rxL9wPmpN/t2IPaEKoAc0FTQZS36wAMOXkBh24PQ9gaLJvfPKpNzGD8XWR5HHF0NLIJhgg 4ZlEXQ2fVp3XrtocHqhu4UZR4koCijgB8sB7Tb0GCpwK+C4UePdFLfhKyRdSXuvY3AHJd4CP 4JzW0Bzq/WXY3XMOzUTYApGQpnUpdOmuQSfpV9MQO+/jo7r6yPbxT7CwRS5dcQPzUiuHLK9i nvjREdh84qycnx0/6dDroYhp0DFv4udxuAvt1h4wGwTPRQZerSm4xaYegEFusyhbZrI0U9tJ B8WrhBLXDiYlyJT6zOV2yZFuW47VrLsjYnHwn27hmxTC/7tvG3euCklmkn9Sl9IAKFu29RSo d5bD8kMSCYsTqtTfT6W4A3qHGvIDta3ptLYpIAOD2sY3GYq2nf3Bbzx81wZK14JdDDHUX2Rs 6+ahAA==

Cc: Roger Pau Monné <roger.pau@xxxxxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>

Delivery-date: Tue, 22 Apr 2025 10:42:45 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 22/04/2025 10:07 am, Jan Beulich wrote: > On 17.04.2025 19:24, Andrew Cooper wrote: >> On 07/04/2025 4:48 pm, Jan Beulich wrote: >>> On 07.04.2025 17:35, Andrew Cooper wrote: >>>> Unlike the WRMSR side, we can't use asm goto() unconditionally, because our >>>> toolchain baseline doesn't support asm goto with outputs. >>> Is there actually a benefit we gain from now needing to maintain two >>> different >>> pieces of logic fulfilling the same purpose? >> IMO, yes. Besides getting rid of .fixup/unlikely, the code generation >> is better-enough to warrant it, including getting the common path >> correct (the referenced labels are all considered cold). >> >> e.g. for this change, we go from: >> >> xor %esi,%esi >> rdmsr >> test %esi,%esi >> jne <init_amd+0x540> >> and $0xfffffffe,%edx >> wrmsr >> >> (note the forward branch) to simply: >> >> rdmsr >> and $0xfffffffe,%edx >> wrmsr >> >> because the exception table redirect is directly into init_amd.cold, and >> we don't have to hold `int err` in a register across the asm() block. >> >> This is an intentionally simple example to get the infrastructure in, >> but vmread() will definitely benefit. >> >>>> Also, there's a different errata workaround we'll need if we want to use >>>> asm >>>> goto() with "+" constraints: >>>> >>>> config CC_HAS_ASM_GOTO_TIED_OUTPUT >>>> depends on CC_HAS_ASM_GOTO_OUTPUT >>>> # Detect buggy gcc and clang, fixed in gcc-11 clang-14. >>>> def_bool $(success,echo 'int foo(int *x) { asm goto (".long (%l[bar]) - >>>> .": "+m"(*x) ::: bar); return *x; bar: return 0; }' | $CC -x c - -c -o >>>> /dev/null) >>>> >>>> I'm tempted to put it in straight away, lest we forget about it. >>> Perhaps best if we really want to go this route. Yet then - why "TIED"? >>> Isn't >>> "tied" the term they use when referring to an earlier operand by using a >>> digit (or the operand's name in square brackets)? >> This is straight from Linux. I've not looked at the issue in detail. > So what I see is that Sean in Linux commit 1aa0e8b144b6 uses this term also > in the description. I'm unconvinced it's correct, though. Gcc doc doesn't > call the "+" modifier anything special, and it calls the numeric constraints > (for which "+" can be a shorthand in certain cases) "matching constraint". > > We can of course sort the naming in the eventual patch pulling in that > behavior, yet I'd like to suggest already now that we don't blindly follow > Linux'es naming (unless the choice can be backed by some doc reference). In the meantime, I found https://clang.llvm.org/docs/LanguageExtensions.html#asm-goto-with-output-constraints "When using tied-outputs (i.e. outputs that are inputs and outputs, not just outputs) with the +r constraint" So Clang does name this case specifically as tied outputs. > >>>> --- a/xen/Kconfig >>>> +++ b/xen/Kconfig >>>> @@ -41,6 +41,20 @@ config CC_SPLIT_SECTIONS >>>> config CC_HAS_UBSAN >>>> def_bool $(cc-option,-fsanitize=undefined) >>>> >>>> +# Fixed in GCC 14, 13.3, 12.4 and 11.5 >>>> +# https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113921 >>>> +config GCC_ASM_GOTO_OUTPUT_BROKEN >>>> + bool >>>> + depends on CC_IS_GCC >>>> + default y if GCC_VERSION < 110500 >>>> + default y if GCC_VERSION >= 120000 && GCC_VERSION < 120400 >>>> + default y if GCC_VERSION >= 130000 && GCC_VERSION < 130300 >>> Unlike for pre-release versions (x.0.y) I view this as problematic. Distros >>> are likely to have backported the fix before the minor releases took place. >>> Or they may have backported without ever meaning to follow later minor >>> releases. We'd needlessly exclude them here. Imo ... >>> >>>> +config CC_HAS_ASM_GOTO_OUTPUT >>>> + def_bool y >>>> + depends on !GCC_ASM_GOTO_OUTPUT_BROKEN >>>> + depends on $(success,echo 'int foo(int x) { asm goto ("": "=r"(x) ::: >>>> bar); return x; bar: return 0; }' | $(CC) -x c - -c -o /dev/null) >>> ... the only option is to actually probe for support as well as the (non-) >>> buggy-ness. >> There is no sensible way to probe. It compiles fine, but (AIUI) fails >> to spill registers correctly on some paths, which also makes it very >> sensitive to other optimisations. > Hmm, okay, Linux commit f2f6a8e88717 kind of suggests that there might have > been more issues in gcc. Really I can't help the impression that the issue > still wasn't fully understood, and hence may re-surface in another context. > In which case I guess I agree the above is the best we can do for the time > being, until we learn of further breakage: > Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx> Thanks. ~Andrew

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.