[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v9] common: honor CONFIG_CC_SPLIT_SECTIONS also for assembly functions

  • To: Jan Beulich <jbeulich@xxxxxxxx>
  • From: Alejandro Vallejo <alejandro.garciavallejo@xxxxxxx>
  • Date: Fri, 13 Feb 2026 11:01:51 +0100
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=suse.com smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0)
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=bhlaYgiqSmwHiBP9/BuGDXVhDNIh6+cV9S9QcQoVQ54=; b=imSYrWW1kaeAvUcoPLcBp9rkb0lW43FDP+jdguB1BBISZ9NSXYHkG460LCAXamS77PNzaESSpZnjCZCzgQb7fs6WGrzd8HwdgSVq5dFKULZBQn1spgyicPVzi4La+tE+N56lNUEkPWvhGjZ8quJXU3sQnBz89h8RB4sM3tCrULzEmadMzOGeglsVgZQzkj+c6SSDnqQASNQeEqKGRtSHM5f8FBM8vZUc6BXVQGmPoC2bM0hEtY92xDlTj/89pryNuGdbR5/y8P2KD5cmEDRHwVvNtLRU0+IbudOgaAB4iJhsdrJwToKrS1fvXIN3lj54JIVD1kLqD/qXSpLwYWAjBg==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=iGVf9vowBiP7GJZ4IIVBvT68+NpJTaEc7B+oomsAaDLdDqEGid9fH1LbGlMRjYbRIFiHkNmYvkGgxcOVXl/7hhuLmdNFSY7pOcBz60/yZ/mHRBgKUHKUgI0LoZ+AxyX8SE+M5FQPVq5i2unpomTL98XfGxxKjHlZJGrqIT2la1PlOFNQ2jiB81OWNXmVrI7coxnci1SXzIy1DCZS1ZHW+MyV59op56x88YpbSuDLL+RtqAk5EzXvFQFC2ORSJYReLtZK59cT5jgdUcGA9dr/6hSuItNUWLQYV3mpIImI5YG2SvBZf2DnygMTQdbiSE2mZQBqc0IqZNc8x1u1b95QqA==
  • Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Anthony PERARD <anthony.perard@xxxxxxxxxx>, Michal Orzel <michal.orzel@xxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Bertrand Marquis <bertrand.marquis@xxxxxxx>, Volodymyr Babchuk <volodymyr_babchuk@xxxxxxxx>, Oleksii Kurochko <oleksii.kurochko@xxxxxxxxx>, Xen-devel <xen-devel-bounces@xxxxxxxxxxxxxxxxxxxx>, Jason Andryuk <jason.andryuk@xxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • Delivery-date: Fri, 13 Feb 2026 10:11:11 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On Fri Feb 13, 2026 at 9:12 AM CET, Jan Beulich wrote:
> On 12.02.2026 19:29, Alejandro Vallejo wrote:
>> On Wed Jan 28, 2026 at 3:35 PM CET, Jason Andryuk wrote:
>>> On 2025-04-01 06:58, Jan Beulich wrote:
>>>> Leverage the new infrastructure in xen/linkage.h to also switch to per-
>>>> function sections (when configured), deriving the specific name from the
>>>> "base" section in use at the time FUNC() is invoked.
>>>>
>>>> Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
>>>> Tested-by: Luca Fancellu <luca.fancellu@xxxxxxx> # arm
>> 
>> I don't seem to have the original patch in my inbox, so I'll just answer 
>> here.
>> 
>> About the assembly modifications on the exception entry points:
>> 
>> With split sections the linker is free to reorder all of them as it sees fit,
>> which probably means we want int3 after every jump to prevent straight-line
>> speculation from allocating an XSA number for us. It's possible the linker 
>> might
>> inject them, but it might also not. Better to err on the side of caution.
>
> We're lacking such INT3 elsewhere, hence why this is the topic of separate
> (existing) work.

Maybe so, but split sections changes things qualitatively in that now you don't
really know what's after the exception entry point. Previously, if the CPU was
to speculate ahead in most exception they'd eventually hit the spec mitigations
of entry_DF before being able to reach anywhere truly dangerous. entry_PF's
straight line led to the mitigations too. Same with NMI...

Having them all in separate sections shuffled at the linker's will is way too
dangerous, IMO. We clearly need individual function markers for livepatching,
but section-wise it's fine to put everything that can't possibly be GCd in a
single section.

> See how, for example, we're also not using -mharden-sls=all.

Hmm. I can see how -mharden-sls=all might impact perf in places we don't want,
but surely -mharden-sls=return can only be good?

> See e.g. [1] for a very old posting. Even in my outbox I can't find newer
> postings covering more stuff. Intermediately some of this was posted to
> security@ only, but there clearly was the plan to have all of this in public.

Thanks for the context.

That'd address the speculation problem, but we'd still suffer branches in
avoidable places.

It'd be nice to have a general means preventing dangerous SLS, but that's
largely orthogonal to the new challenges that arise with split sections, I
think.

>
>> Though more generally, I'd just keep all exception entry points in the same
>> section. They'd never get GC'ed anyway and we're paying an extra branch in 
>> the
>> #PF path for no reason.
>
> Inserting a branch there was, iirc, asked for by someone independent of this
> work. But yes, suppressing too fine grained section splits is an option.

My .02 is that splitting that which cannot be GCd serves no purpose and
increases the cognitive burden of an already very complex system.

>
> Jan
>
> [1] https://lists.xenproject.org/archives/html/xen-devel/2020-11/msg01542.html

Cheers,
Alejandro

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.