From patchwork Mon Nov 23 13:43:23 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Jan Beulich X-Patchwork-Id: 11925219 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-17.2 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_SANE_1 autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id D8D40C2D0E4 for ; Mon, 23 Nov 2020 13:43:38 +0000 (UTC) Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 60230206F1 for ; Mon, 23 Nov 2020 13:43:38 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=suse.com header.i=@suse.com header.b="qj1tBgwO" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 60230206F1 Authentication-Results: mail.kernel.org; dmarc=fail (p=quarantine dis=none) header.from=suse.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Received: from list by lists.xenproject.org with outflank-mailman.34320.65274 (Exim 4.92) (envelope-from ) id 1khC7q-0001Vm-Dy; Mon, 23 Nov 2020 13:43:26 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 34320.65274; Mon, 23 Nov 2020 13:43:26 +0000 X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1khC7q-0001Vf-AY; Mon, 23 Nov 2020 13:43:26 +0000 Received: by outflank-mailman (input) for mailman id 34320; Mon, 23 Nov 2020 13:43:25 +0000 Received: from us1-rack-iad1.inumbo.com ([172.99.69.81]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1khC7p-0001Va-8E for xen-devel@lists.xenproject.org; Mon, 23 Nov 2020 13:43:25 +0000 Received: from mx2.suse.de (unknown [195.135.220.15]) by us1-rack-iad1.inumbo.com (Halon) with ESMTPS id d6fc5328-1d54-4315-bc9f-f5c811249af7; Mon, 23 Nov 2020 13:43:24 +0000 (UTC) Received: from relay2.suse.de (unknown [195.135.221.27]) by mx2.suse.de (Postfix) with ESMTP id 8B0CDAD09; Mon, 23 Nov 2020 13:43:23 +0000 (UTC) Received: from us1-rack-iad1.inumbo.com ([172.99.69.81]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1khC7p-0001Va-8E for xen-devel@lists.xenproject.org; Mon, 23 Nov 2020 13:43:25 +0000 X-Inumbo-ID: d6fc5328-1d54-4315-bc9f-f5c811249af7 Received: from mx2.suse.de (unknown [195.135.220.15]) by us1-rack-iad1.inumbo.com (Halon) with ESMTPS id d6fc5328-1d54-4315-bc9f-f5c811249af7; Mon, 23 Nov 2020 13:43:24 +0000 (UTC) X-Virus-Scanned: by amavisd-new at test-mx.suse.de DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=susede1; t=1606139003; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=AnKusbjZAyoMSt2heKF01++irq1SZLWnDVB4dzApjOw=; b=qj1tBgwOGrrzSoQ4Xejg5QdkYCx8Hj35SUlSaCzaxAWGSpvl3n+7Peb7H9JNvSsJWGxYgZ 4E++k2jQEnxLgumyQ8xC7M5i2EBu59oJODssZIWUi8EBQlMxL+9/U/uxeXle/wfm9DRwKU cz1ltrXZ8/ZFVL50lNtpypKDf8CIEzc= Received: from relay2.suse.de (unknown [195.135.221.27]) by mx2.suse.de (Postfix) with ESMTP id 8B0CDAD09; Mon, 23 Nov 2020 13:43:23 +0000 (UTC) Subject: [PATCH v3 1/7] x86: replace __ASM_{CL,ST}AC From: Jan Beulich To: "xen-devel@lists.xenproject.org" Cc: Andrew Cooper , Wei Liu , =?utf-8?q?Roger_Pau_Monn=C3=A9?= References: <8e7d1472-dd37-8ed3-ec2f-ce954ea61dfd@suse.com> Message-ID: Date: Mon, 23 Nov 2020 14:43:23 +0100 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.5.0 MIME-Version: 1.0 In-Reply-To: <8e7d1472-dd37-8ed3-ec2f-ce954ea61dfd@suse.com> Content-Language: en-US Introduce proper assembler macros instead, enabled only when the assembler itself doesn't support the insns. To avoid duplicating the macros for assembly and C files, have them processed into asm-macros.h. This in turn requires adding a multiple inclusion guard when generating that header. No change to generated code. Signed-off-by: Jan Beulich Reviewed-by: Roger Pau Monné --- a/xen/arch/x86/Makefile +++ b/xen/arch/x86/Makefile @@ -243,7 +243,10 @@ $(BASEDIR)/include/asm-x86/asm-macros.h: echo '#if 0' >$@.new echo '.if 0' >>$@.new echo '#endif' >>$@.new + echo '#ifndef __ASM_MACROS_H__' >>$@.new + echo '#define __ASM_MACROS_H__' >>$@.new echo 'asm ( ".include \"$@\"" );' >>$@.new + echo '#endif /* __ASM_MACROS_H__ */' >>$@.new echo '#if 0' >>$@.new echo '.endif' >>$@.new cat $< >>$@.new --- a/xen/arch/x86/arch.mk +++ b/xen/arch/x86/arch.mk @@ -20,6 +20,7 @@ $(call as-option-add,CFLAGS,CC,"rdrand % $(call as-option-add,CFLAGS,CC,"rdfsbase %rax",-DHAVE_AS_FSGSBASE) $(call as-option-add,CFLAGS,CC,"xsaveopt (%rax)",-DHAVE_AS_XSAVEOPT) $(call as-option-add,CFLAGS,CC,"rdseed %eax",-DHAVE_AS_RDSEED) +$(call as-option-add,CFLAGS,CC,"clac",-DHAVE_AS_CLAC_STAC) $(call as-option-add,CFLAGS,CC,"clwb (%rax)",-DHAVE_AS_CLWB) $(call as-option-add,CFLAGS,CC,".equ \"x\"$$(comma)1",-DHAVE_AS_QUOTED_SYM) $(call as-option-add,CFLAGS,CC,"invpcid (%rax)$$(comma)%rax",-DHAVE_AS_INVPCID) --- a/xen/arch/x86/asm-macros.c +++ b/xen/arch/x86/asm-macros.c @@ -1 +1,2 @@ +#include #include --- /dev/null +++ b/xen/include/asm-x86/asm-defns.h @@ -0,0 +1,9 @@ +#ifndef HAVE_AS_CLAC_STAC +.macro clac + .byte 0x0f, 0x01, 0xca +.endm + +.macro stac + .byte 0x0f, 0x01, 0xcb +.endm +#endif --- a/xen/include/asm-x86/asm_defns.h +++ b/xen/include/asm-x86/asm_defns.h @@ -13,10 +13,12 @@ #include #ifdef __ASSEMBLY__ +#include #ifndef CONFIG_INDIRECT_THUNK .equ CONFIG_INDIRECT_THUNK, 0 #endif #else +#include asm ( "\t.equ CONFIG_INDIRECT_THUNK, " __stringify(IS_ENABLED(CONFIG_INDIRECT_THUNK)) ); #endif @@ -200,34 +202,27 @@ register unsigned long current_stack_poi #endif -/* "Raw" instruction opcodes */ -#define __ASM_CLAC ".byte 0x0f,0x01,0xca" -#define __ASM_STAC ".byte 0x0f,0x01,0xcb" - #ifdef __ASSEMBLY__ .macro ASM_STAC - ALTERNATIVE "", __ASM_STAC, X86_FEATURE_XEN_SMAP + ALTERNATIVE "", stac, X86_FEATURE_XEN_SMAP .endm .macro ASM_CLAC - ALTERNATIVE "", __ASM_CLAC, X86_FEATURE_XEN_SMAP + ALTERNATIVE "", clac, X86_FEATURE_XEN_SMAP .endm #else static always_inline void clac(void) { /* Note: a barrier is implicit in alternative() */ - alternative("", __ASM_CLAC, X86_FEATURE_XEN_SMAP); + alternative("", "clac", X86_FEATURE_XEN_SMAP); } static always_inline void stac(void) { /* Note: a barrier is implicit in alternative() */ - alternative("", __ASM_STAC, X86_FEATURE_XEN_SMAP); + alternative("", "stac", X86_FEATURE_XEN_SMAP); } #endif -#undef __ASM_STAC -#undef __ASM_CLAC - #ifdef __ASSEMBLY__ .macro SAVE_ALL op, compat=0 .ifeqs "\op", "CLAC" From patchwork Mon Nov 23 13:43:42 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jan Beulich X-Patchwork-Id: 11925221 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-17.2 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_SANE_1 autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1EA17C2D0E4 for ; Mon, 23 Nov 2020 13:43:56 +0000 (UTC) Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id A77EA206F1 for ; Mon, 23 Nov 2020 13:43:55 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=suse.com header.i=@suse.com header.b="DIT2NspT" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org A77EA206F1 Authentication-Results: mail.kernel.org; dmarc=fail (p=quarantine dis=none) header.from=suse.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Received: from list by lists.xenproject.org with outflank-mailman.34323.65286 (Exim 4.92) (envelope-from ) id 1khC8A-0001bI-MV; Mon, 23 Nov 2020 13:43:46 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 34323.65286; Mon, 23 Nov 2020 13:43:46 +0000 X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1khC8A-0001bA-J8; Mon, 23 Nov 2020 13:43:46 +0000 Received: by outflank-mailman (input) for mailman id 34323; Mon, 23 Nov 2020 13:43:45 +0000 Received: from all-amaz-eas1.inumbo.com ([34.197.232.57] helo=us1-amaz-eas2.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1khC89-0001az-Et for xen-devel@lists.xenproject.org; Mon, 23 Nov 2020 13:43:45 +0000 Received: from mx2.suse.de (unknown [195.135.220.15]) by us1-amaz-eas2.inumbo.com (Halon) with ESMTPS id 931f676e-68dc-4108-bbf8-6dbf17fe81ba; Mon, 23 Nov 2020 13:43:43 +0000 (UTC) Received: from relay2.suse.de (unknown [195.135.221.27]) by mx2.suse.de (Postfix) with ESMTP id 2A77AAD80; Mon, 23 Nov 2020 13:43:43 +0000 (UTC) Received: from all-amaz-eas1.inumbo.com ([34.197.232.57] helo=us1-amaz-eas2.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1khC89-0001az-Et for xen-devel@lists.xenproject.org; Mon, 23 Nov 2020 13:43:45 +0000 X-Inumbo-ID: 931f676e-68dc-4108-bbf8-6dbf17fe81ba Received: from mx2.suse.de (unknown [195.135.220.15]) by us1-amaz-eas2.inumbo.com (Halon) with ESMTPS id 931f676e-68dc-4108-bbf8-6dbf17fe81ba; Mon, 23 Nov 2020 13:43:43 +0000 (UTC) X-Virus-Scanned: by amavisd-new at test-mx.suse.de DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=susede1; t=1606139023; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=PgSMLKtdyjHrf/GCQK6MQcXchHhGvrCH3R9vQSxzTCE=; b=DIT2NspTL8RJcMxk39xvf87OhlaFUfeOZBiw0acedlGWS1rvPBzw8reRrIWnasEMa4KjdQ MqcUeXR7y4dR8l9jGHjtG3bnW4hRKIW6PdskEmuqyzxNF7o6KT8ZZxkD+oCG+d4gEyCe0+ 8xb2RasYsk4TL8WIr9G9Beu8jqAYXTo= Received: from relay2.suse.de (unknown [195.135.221.27]) by mx2.suse.de (Postfix) with ESMTP id 2A77AAD80; Mon, 23 Nov 2020 13:43:43 +0000 (UTC) Subject: [PATCH v3 2/7] x86: drop ASM_{CL,ST}AC From: Jan Beulich To: "xen-devel@lists.xenproject.org" Cc: Andrew Cooper , Wei Liu , =?utf-8?q?Roger_Pau_Monn=C3=A9?= References: <8e7d1472-dd37-8ed3-ec2f-ce954ea61dfd@suse.com> Message-ID: <81f34bf0-e802-ae11-3a46-9ba45b17fe3f@suse.com> Date: Mon, 23 Nov 2020 14:43:42 +0100 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.5.0 MIME-Version: 1.0 In-Reply-To: <8e7d1472-dd37-8ed3-ec2f-ce954ea61dfd@suse.com> Content-Language: en-US Use ALTERNATIVE directly, such that at the use sites it is visible that alternative code patching is in use. Similarly avoid hiding the fact in SAVE_ALL. No change to generated code. Signed-off-by: Jan Beulich Reviewed-by: Andrew Cooper --- v2: Further adjust comment in asm_domain_crash_synchronous(). --- a/xen/arch/x86/traps.c +++ b/xen/arch/x86/traps.c @@ -2200,9 +2200,8 @@ void activate_debugregs(const struct vcp void asm_domain_crash_synchronous(unsigned long addr) { /* - * We need clear AC bit here because in entry.S AC is set - * by ASM_STAC to temporarily allow accesses to user pages - * which is prevented by SMAP by default. + * We need to clear the AC bit here because the exception fixup logic + * may leave user accesses enabled. * * For some code paths, where this function is called, clac() * is not needed, but adding clac() here instead of each place --- a/xen/arch/x86/x86_64/compat/entry.S +++ b/xen/arch/x86/x86_64/compat/entry.S @@ -12,7 +12,7 @@ #include ENTRY(entry_int82) - ASM_CLAC + ALTERNATIVE "", clac, X86_FEATURE_XEN_SMAP pushq $0 movl $HYPERCALL_VECTOR, 4(%rsp) SAVE_ALL compat=1 /* DPL1 gate, restricted to 32bit PV guests only. */ @@ -286,7 +286,7 @@ ENTRY(compat_int80_direct_trap) compat_create_bounce_frame: ASSERT_INTERRUPTS_ENABLED mov %fs,%edi - ASM_STAC + ALTERNATIVE "", stac, X86_FEATURE_XEN_SMAP testb $2,UREGS_cs+8(%rsp) jz 1f /* Push new frame at registered guest-OS stack base. */ @@ -333,7 +333,7 @@ compat_create_bounce_frame: movl TRAPBOUNCE_error_code(%rdx),%eax .Lft8: movl %eax,%fs:(%rsi) # ERROR CODE 1: - ASM_CLAC + ALTERNATIVE "", clac, X86_FEATURE_XEN_SMAP /* Rewrite our stack frame and return to guest-OS mode. */ /* IA32 Ref. Vol. 3: TF, VM, RF and NT flags are cleared on trap. */ andl $~(X86_EFLAGS_VM|X86_EFLAGS_RF|\ @@ -379,7 +379,7 @@ compat_crash_page_fault_4: addl $4,%esi compat_crash_page_fault: .Lft14: mov %edi,%fs - ASM_CLAC + ALTERNATIVE "", clac, X86_FEATURE_XEN_SMAP movl %esi,%edi call show_page_walk jmp dom_crash_sync_extable --- a/xen/arch/x86/x86_64/entry.S +++ b/xen/arch/x86/x86_64/entry.S @@ -280,7 +280,7 @@ ENTRY(sysenter_entry) pushq $0 pushfq GLOBAL(sysenter_eflags_saved) - ASM_CLAC + ALTERNATIVE "", clac, X86_FEATURE_XEN_SMAP pushq $3 /* ring 3 null cs */ pushq $0 /* null rip */ pushq $0 @@ -333,7 +333,7 @@ UNLIKELY_END(sysenter_gpf) jmp .Lbounce_exception ENTRY(int80_direct_trap) - ASM_CLAC + ALTERNATIVE "", clac, X86_FEATURE_XEN_SMAP pushq $0 movl $0x80, 4(%rsp) SAVE_ALL @@ -452,7 +452,7 @@ __UNLIKELY_END(create_bounce_frame_bad_s subq $7*8,%rsi movq UREGS_ss+8(%rsp),%rax - ASM_STAC + ALTERNATIVE "", stac, X86_FEATURE_XEN_SMAP movq VCPU_domain(%rbx),%rdi STORE_GUEST_STACK(rax,6) # SS movq UREGS_rsp+8(%rsp),%rax @@ -490,7 +490,7 @@ __UNLIKELY_END(create_bounce_frame_bad_s STORE_GUEST_STACK(rax,1) # R11 movq UREGS_rcx+8(%rsp),%rax STORE_GUEST_STACK(rax,0) # RCX - ASM_CLAC + ALTERNATIVE "", clac, X86_FEATURE_XEN_SMAP #undef STORE_GUEST_STACK @@ -532,11 +532,11 @@ domain_crash_page_fault_2x8: domain_crash_page_fault_1x8: addq $8,%rsi domain_crash_page_fault_0x8: - ASM_CLAC + ALTERNATIVE "", clac, X86_FEATURE_XEN_SMAP movq %rsi,%rdi call show_page_walk ENTRY(dom_crash_sync_extable) - ASM_CLAC + ALTERNATIVE "", clac, X86_FEATURE_XEN_SMAP # Get out of the guest-save area of the stack. GET_STACK_END(ax) leaq STACK_CPUINFO_FIELD(guest_cpu_user_regs)(%rax),%rsp @@ -594,7 +594,8 @@ UNLIKELY_END(exit_cr3) iretq ENTRY(common_interrupt) - SAVE_ALL CLAC + ALTERNATIVE "", clac, X86_FEATURE_XEN_SMAP + SAVE_ALL GET_STACK_END(14) @@ -626,7 +627,8 @@ ENTRY(page_fault) movl $TRAP_page_fault,4(%rsp) /* No special register assumptions. */ GLOBAL(handle_exception) - SAVE_ALL CLAC + ALTERNATIVE "", clac, X86_FEATURE_XEN_SMAP + SAVE_ALL GET_STACK_END(14) @@ -831,7 +833,8 @@ ENTRY(entry_CP) ENTRY(double_fault) movl $TRAP_double_fault,4(%rsp) /* Set AC to reduce chance of further SMAP faults */ - SAVE_ALL STAC + ALTERNATIVE "", stac, X86_FEATURE_XEN_SMAP + SAVE_ALL GET_STACK_END(14) @@ -864,7 +867,8 @@ ENTRY(nmi) pushq $0 movl $TRAP_nmi,4(%rsp) handle_ist_exception: - SAVE_ALL CLAC + ALTERNATIVE "", clac, X86_FEATURE_XEN_SMAP + SAVE_ALL GET_STACK_END(14) --- a/xen/include/asm-x86/asm_defns.h +++ b/xen/include/asm-x86/asm_defns.h @@ -200,16 +200,6 @@ register unsigned long current_stack_poi UNLIKELY_END_SECTION "\n" \ ".Llikely." #tag ".%=:" -#endif - -#ifdef __ASSEMBLY__ -.macro ASM_STAC - ALTERNATIVE "", stac, X86_FEATURE_XEN_SMAP -.endm -.macro ASM_CLAC - ALTERNATIVE "", clac, X86_FEATURE_XEN_SMAP -.endm -#else static always_inline void clac(void) { /* Note: a barrier is implicit in alternative() */ @@ -224,18 +214,7 @@ static always_inline void stac(void) #endif #ifdef __ASSEMBLY__ -.macro SAVE_ALL op, compat=0 -.ifeqs "\op", "CLAC" - ASM_CLAC -.else -.ifeqs "\op", "STAC" - ASM_STAC -.else -.ifnb \op - .err -.endif -.endif -.endif +.macro SAVE_ALL compat=0 addq $-(UREGS_error_code-UREGS_r15), %rsp cld movq %rdi,UREGS_rdi(%rsp) From patchwork Mon Nov 23 13:44:12 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Jan Beulich X-Patchwork-Id: 11925223 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-17.2 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_SANE_1 autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 57C7FC388F9 for ; Mon, 23 Nov 2020 13:44:25 +0000 (UTC) Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id D71BE206F1 for ; Mon, 23 Nov 2020 13:44:24 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=suse.com header.i=@suse.com header.b="Hk4DtJHg" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org D71BE206F1 Authentication-Results: mail.kernel.org; dmarc=fail (p=quarantine dis=none) header.from=suse.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Received: from list by lists.xenproject.org with outflank-mailman.34330.65310 (Exim 4.92) (envelope-from ) id 1khC8e-0001kM-CA; Mon, 23 Nov 2020 13:44:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 34330.65310; Mon, 23 Nov 2020 13:44:16 +0000 X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1khC8e-0001kF-8I; Mon, 23 Nov 2020 13:44:16 +0000 Received: by outflank-mailman (input) for mailman id 34330; Mon, 23 Nov 2020 13:44:14 +0000 Received: from all-amaz-eas1.inumbo.com ([34.197.232.57] helo=us1-amaz-eas2.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1khC8c-0001jS-Nt for xen-devel@lists.xenproject.org; Mon, 23 Nov 2020 13:44:14 +0000 Received: from mx2.suse.de (unknown [195.135.220.15]) by us1-amaz-eas2.inumbo.com (Halon) with ESMTPS id 1be9698c-6ac1-4ab8-9de4-04ea58a5fcc4; Mon, 23 Nov 2020 13:44:13 +0000 (UTC) Received: from relay2.suse.de (unknown [195.135.221.27]) by mx2.suse.de (Postfix) with ESMTP id E3A64AC0C; Mon, 23 Nov 2020 13:44:12 +0000 (UTC) Received: from all-amaz-eas1.inumbo.com ([34.197.232.57] helo=us1-amaz-eas2.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1khC8c-0001jS-Nt for xen-devel@lists.xenproject.org; Mon, 23 Nov 2020 13:44:14 +0000 X-Inumbo-ID: 1be9698c-6ac1-4ab8-9de4-04ea58a5fcc4 Received: from mx2.suse.de (unknown [195.135.220.15]) by us1-amaz-eas2.inumbo.com (Halon) with ESMTPS id 1be9698c-6ac1-4ab8-9de4-04ea58a5fcc4; Mon, 23 Nov 2020 13:44:13 +0000 (UTC) X-Virus-Scanned: by amavisd-new at test-mx.suse.de DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=susede1; t=1606139053; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=WBhxnrqI/ea3YaLwkwfUd+kbHRlyoh/3QMt0/b0VBtU=; b=Hk4DtJHgoyaRgau9Umhf8UEB71yZ5+l+p6PXVzfplk0gQdnErlVbuB5QUVcwkfZ+oE2iXi G9/j1UwbyAPrXqQf32osNY1Co6iSS5SqVqDDNKRJ1YT1hLMtkafCdnqk1moSuLLDvt/tbG T8bjzhhHyF/W5zM0USlN3rOmFdomQXc= Received: from relay2.suse.de (unknown [195.135.221.27]) by mx2.suse.de (Postfix) with ESMTP id E3A64AC0C; Mon, 23 Nov 2020 13:44:12 +0000 (UTC) Subject: [PATCH v3 3/7] x86: fold indirect_thunk_asm.h into asm-defns.h From: Jan Beulich To: "xen-devel@lists.xenproject.org" Cc: Andrew Cooper , Wei Liu , =?utf-8?q?Roger_Pau_Monn=C3=A9?= References: <8e7d1472-dd37-8ed3-ec2f-ce954ea61dfd@suse.com> Message-ID: <80152a45-0737-eff4-d2ee-6630ffbf34b9@suse.com> Date: Mon, 23 Nov 2020 14:44:12 +0100 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.5.0 MIME-Version: 1.0 In-Reply-To: <8e7d1472-dd37-8ed3-ec2f-ce954ea61dfd@suse.com> Content-Language: en-US There's little point in having two separate headers both getting included by asm_defns.h. This in particular reduces the number of instances of guarding asm(".include ...") suitably in such dual use headers. No change to generated code. Signed-off-by: Jan Beulich Reviewed-by: Roger Pau Monné --- a/xen/Makefile +++ b/xen/Makefile @@ -139,7 +139,7 @@ ifeq ($(TARGET_ARCH),x86) t1 = $(call as-insn,$(CC),".L0: .L1: .skip (.L1 - .L0)",,-no-integrated-as) # Check whether clang asm()-s support .include. -t2 = $(call as-insn,$(CC) -I$(BASEDIR)/include,".include \"asm-x86/indirect_thunk_asm.h\"",,-no-integrated-as) +t2 = $(call as-insn,$(CC) -I$(BASEDIR)/include,".include \"asm-x86/asm-defns.h\"",,-no-integrated-as) # Check whether clang keeps .macro-s between asm()-s: # https://bugs.llvm.org/show_bug.cgi?id=36110 --- a/xen/include/asm-x86/asm-defns.h +++ b/xen/include/asm-x86/asm-defns.h @@ -7,3 +7,40 @@ .byte 0x0f, 0x01, 0xcb .endm #endif + +.macro INDIRECT_BRANCH insn:req arg:req +/* + * Create an indirect branch. insn is one of call/jmp, arg is a single + * register. + * + * With no compiler support, this degrades into a plain indirect call/jmp. + * With compiler support, dispatch to the correct __x86_indirect_thunk_* + */ + .if CONFIG_INDIRECT_THUNK == 1 + + $done = 0 + .irp reg, ax, cx, dx, bx, bp, si, di, 8, 9, 10, 11, 12, 13, 14, 15 + .ifeqs "\arg", "%r\reg" + \insn __x86_indirect_thunk_r\reg + $done = 1 + .exitm + .endif + .endr + + .if $done != 1 + .error "Bad register arg \arg" + .endif + + .else + \insn *\arg + .endif +.endm + +/* Convenience wrappers. */ +.macro INDIRECT_CALL arg:req + INDIRECT_BRANCH call \arg +.endm + +.macro INDIRECT_JMP arg:req + INDIRECT_BRANCH jmp \arg +.endm --- a/xen/include/asm-x86/asm_defns.h +++ b/xen/include/asm-x86/asm_defns.h @@ -22,7 +22,6 @@ asm ( "\t.equ CONFIG_INDIRECT_THUNK, " __stringify(IS_ENABLED(CONFIG_INDIRECT_THUNK)) ); #endif -#include #ifndef __ASSEMBLY__ void ret_from_intr(void); --- a/xen/include/asm-x86/indirect_thunk_asm.h +++ /dev/null @@ -1,53 +0,0 @@ -/* - * Trickery to allow this header to be included at the C level, to permit - * proper dependency tracking in .*.o.d files, while still having it contain - * assembler only macros. - */ -#ifndef __ASSEMBLY__ -# if 0 - .if 0 -# endif -asm ( "\t.include \"asm/indirect_thunk_asm.h\"" ); -# if 0 - .endif -# endif -#else - -.macro INDIRECT_BRANCH insn:req arg:req -/* - * Create an indirect branch. insn is one of call/jmp, arg is a single - * register. - * - * With no compiler support, this degrades into a plain indirect call/jmp. - * With compiler support, dispatch to the correct __x86_indirect_thunk_* - */ - .if CONFIG_INDIRECT_THUNK == 1 - - $done = 0 - .irp reg, ax, cx, dx, bx, bp, si, di, 8, 9, 10, 11, 12, 13, 14, 15 - .ifeqs "\arg", "%r\reg" - \insn __x86_indirect_thunk_r\reg - $done = 1 - .exitm - .endif - .endr - - .if $done != 1 - .error "Bad register arg \arg" - .endif - - .else - \insn *\arg - .endif -.endm - -/* Convenience wrappers. */ -.macro INDIRECT_CALL arg:req - INDIRECT_BRANCH call \arg -.endm - -.macro INDIRECT_JMP arg:req - INDIRECT_BRANCH jmp \arg -.endm - -#endif From patchwork Mon Nov 23 13:44:42 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Jan Beulich X-Patchwork-Id: 11925225 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-17.2 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_SANE_1 autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 69E98C2D0E4 for ; Mon, 23 Nov 2020 13:44:59 +0000 (UTC) Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id F30CF206F1 for ; Mon, 23 Nov 2020 13:44:58 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=suse.com header.i=@suse.com header.b="Ey5Ku3DH" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org F30CF206F1 Authentication-Results: mail.kernel.org; dmarc=fail (p=quarantine dis=none) header.from=suse.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Received: from list by lists.xenproject.org with outflank-mailman.34338.65322 (Exim 4.92) (envelope-from ) id 1khC98-0001vw-Lz; Mon, 23 Nov 2020 13:44:46 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 34338.65322; Mon, 23 Nov 2020 13:44:46 +0000 X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1khC98-0001vo-Ig; Mon, 23 Nov 2020 13:44:46 +0000 Received: by outflank-mailman (input) for mailman id 34338; Mon, 23 Nov 2020 13:44:45 +0000 Received: from all-amaz-eas1.inumbo.com ([34.197.232.57] helo=us1-amaz-eas2.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1khC97-0001vW-27 for xen-devel@lists.xenproject.org; Mon, 23 Nov 2020 13:44:45 +0000 Received: from mx2.suse.de (unknown [195.135.220.15]) by us1-amaz-eas2.inumbo.com (Halon) with ESMTPS id fbf8f3b7-055f-420e-9797-ded7925fee27; Mon, 23 Nov 2020 13:44:44 +0000 (UTC) Received: from relay2.suse.de (unknown [195.135.221.27]) by mx2.suse.de (Postfix) with ESMTP id 6F810AD8D; Mon, 23 Nov 2020 13:44:43 +0000 (UTC) Received: from all-amaz-eas1.inumbo.com ([34.197.232.57] helo=us1-amaz-eas2.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1khC97-0001vW-27 for xen-devel@lists.xenproject.org; Mon, 23 Nov 2020 13:44:45 +0000 X-Inumbo-ID: fbf8f3b7-055f-420e-9797-ded7925fee27 Received: from mx2.suse.de (unknown [195.135.220.15]) by us1-amaz-eas2.inumbo.com (Halon) with ESMTPS id fbf8f3b7-055f-420e-9797-ded7925fee27; Mon, 23 Nov 2020 13:44:44 +0000 (UTC) X-Virus-Scanned: by amavisd-new at test-mx.suse.de DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=susede1; t=1606139083; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=m5Zmmmf0MXsKoaKGmPTD4yW/lR2RJgU9NvmMhz/MhpE=; b=Ey5Ku3DHR8NVCbvpfRLtc84MjFMjwVKLLNCFcTzI6kAUDf+faOxgUX7eKWf6oIhece4UHC 6m6+9rW0Leee4EWeUgpq+SnEIjTJRPwUilV6U4nvMz8wdRsZyMb5rfra3eTPQPOfpsvYW/ 8lMTprNy4ww7Tnzu+urckAK78ZlszFg= Received: from relay2.suse.de (unknown [195.135.221.27]) by mx2.suse.de (Postfix) with ESMTP id 6F810AD8D; Mon, 23 Nov 2020 13:44:43 +0000 (UTC) Subject: [PATCH v3 4/7] x86: guard against straight-line speculation past RET From: Jan Beulich To: "xen-devel@lists.xenproject.org" Cc: Andrew Cooper , Wei Liu , =?utf-8?q?Roger_Pau_Monn=C3=A9?= References: <8e7d1472-dd37-8ed3-ec2f-ce954ea61dfd@suse.com> Message-ID: <0f717e5d-c1f7-ff0d-e136-16cea6b77de3@suse.com> Date: Mon, 23 Nov 2020 14:44:42 +0100 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.5.0 MIME-Version: 1.0 In-Reply-To: <8e7d1472-dd37-8ed3-ec2f-ce954ea61dfd@suse.com> Content-Language: en-US Under certain conditions CPUs can speculate into the instruction stream past a RET instruction. Guard against this just like 3b7dab93f240 ("x86/spec-ctrl: Protect against CALL/JMP straight-line speculation") did - by inserting an "INT $3" insn. It's merely the mechanics of how to achieve this that differ: A set of macros gets introduced to post- process RET insns issued by the compiler (or living in assembly files). Unfortunately for clang this requires further features their built-in assembler doesn't support: We need to be able to override insn mnemonics produced by the compiler (which may be impossible, if internally assembly mnemonics never get generated). Signed-off-by: Jan Beulich Acked-by: Roger Pau Monné --- TBD: Would be nice to avoid the additions in .init.text, but a query to the binutils folks regarding the ability to identify the section stuff is in (by Peter Zijlstra over a year ago: https://sourceware.org/pipermail/binutils/2019-July/107528.html) has been left without helpful replies. --- v4: Drop left-over checking of clang for \(text) handling. v3: Use .byte 0xc[23] instead of the nested macros. v2: Fix build with newer clang. Use int3 mnemonic. Also override retq. --- a/xen/Makefile +++ b/xen/Makefile @@ -145,7 +145,10 @@ t2 = $(call as-insn,$(CC) -I$(BASEDIR)/i # https://bugs.llvm.org/show_bug.cgi?id=36110 t3 = $(call as-insn,$(CC),".macro FOO;.endm"$(close); asm volatile $(open)".macro FOO;.endm",-no-integrated-as) -CLANG_FLAGS += $(call or,$(t1),$(t2),$(t3)) +# Check whether macros can override insn mnemonics in inline assembly. +t4 = $(call as-insn,$(CC),".macro ret; .error; .endm; .macro retq; .error; .endm",-no-integrated-as) + +CLANG_FLAGS += $(call or,$(t1),$(t2),$(t3),$(t4)) endif CLANG_FLAGS += -Werror=unknown-warning-option --- a/xen/include/asm-x86/asm-defns.h +++ b/xen/include/asm-x86/asm-defns.h @@ -44,3 +44,19 @@ .macro INDIRECT_JMP arg:req INDIRECT_BRANCH jmp \arg .endm + +/* + * To guard against speculation past RET, insert a breakpoint insn + * immediately after them. + */ +.macro ret operand:vararg + retq \operand +.endm +.macro retq operand:vararg + .ifb \operand + .byte 0xc3 + .else + .byte 0xc2 + .word \operand + .endif +.endm From patchwork Mon Nov 23 13:45:33 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Jan Beulich X-Patchwork-Id: 11925227 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-17.2 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_SANE_1 autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id DB482C2D0E4 for ; Mon, 23 Nov 2020 13:45:47 +0000 (UTC) Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 8874F20781 for ; Mon, 23 Nov 2020 13:45:47 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=suse.com header.i=@suse.com header.b="UGPdq806" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 8874F20781 Authentication-Results: mail.kernel.org; dmarc=fail (p=quarantine dis=none) header.from=suse.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Received: from list by lists.xenproject.org with outflank-mailman.34347.65334 (Exim 4.92) (envelope-from ) id 1khC9x-00025x-1F; Mon, 23 Nov 2020 13:45:37 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 34347.65334; Mon, 23 Nov 2020 13:45:37 +0000 X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1khC9w-00025q-Tw; Mon, 23 Nov 2020 13:45:36 +0000 Received: by outflank-mailman (input) for mailman id 34347; Mon, 23 Nov 2020 13:45:35 +0000 Received: from us1-rack-iad1.inumbo.com ([172.99.69.81]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1khC9v-00025f-DZ for xen-devel@lists.xenproject.org; Mon, 23 Nov 2020 13:45:35 +0000 Received: from mx2.suse.de (unknown [195.135.220.15]) by us1-rack-iad1.inumbo.com (Halon) with ESMTPS id 88cc19ee-b5b7-4f6f-aeae-258e2af5d9ea; Mon, 23 Nov 2020 13:45:34 +0000 (UTC) Received: from relay2.suse.de (unknown [195.135.221.27]) by mx2.suse.de (Postfix) with ESMTP id E6960ABCE; Mon, 23 Nov 2020 13:45:33 +0000 (UTC) Received: from us1-rack-iad1.inumbo.com ([172.99.69.81]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1khC9v-00025f-DZ for xen-devel@lists.xenproject.org; Mon, 23 Nov 2020 13:45:35 +0000 X-Inumbo-ID: 88cc19ee-b5b7-4f6f-aeae-258e2af5d9ea Received: from mx2.suse.de (unknown [195.135.220.15]) by us1-rack-iad1.inumbo.com (Halon) with ESMTPS id 88cc19ee-b5b7-4f6f-aeae-258e2af5d9ea; Mon, 23 Nov 2020 13:45:34 +0000 (UTC) X-Virus-Scanned: by amavisd-new at test-mx.suse.de DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=susede1; t=1606139134; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=cGukHYFeZjwNwwKmI/A8FWjkYK+Lh6/hnHJ4QJdVKlA=; b=UGPdq806MwOeFU4A8nfqF6OoZBySvnaH8YlLUj+QFDYWEe9Wel1Pa8Y7bXS6CPDhIHMVeb h4k4ylbhbK8sQoBlB9ap3KbNSAl3+1ZzfMABH4sE5CmGKNe294qz5lf89KuKDjBAZdJtKX 2P4YzKM2NS8jBejprz54cAZs1cqzczA= Received: from relay2.suse.de (unknown [195.135.221.27]) by mx2.suse.de (Postfix) with ESMTP id E6960ABCE; Mon, 23 Nov 2020 13:45:33 +0000 (UTC) Subject: [PATCH v3 5/7] x86: limit amount of INT3 in IND_THUNK_* From: Jan Beulich To: "xen-devel@lists.xenproject.org" Cc: Andrew Cooper , Wei Liu , =?utf-8?q?Roger_Pau_Monn=C3=A9?= References: <8e7d1472-dd37-8ed3-ec2f-ce954ea61dfd@suse.com> Message-ID: Date: Mon, 23 Nov 2020 14:45:33 +0100 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.5.0 MIME-Version: 1.0 In-Reply-To: <8e7d1472-dd37-8ed3-ec2f-ce954ea61dfd@suse.com> Content-Language: en-US There's no point having every replacement variant to also specify the INT3 - just have it once in the base macro. When patching, NOPs will get inserted, which are fine to speculate through (until reaching the INT3). Signed-off-by: Jan Beulich Acked-by: Roger Pau Monné --- I also wonder whether the LFENCE in IND_THUNK_RETPOLINE couldn't be replaced by INT3 as well. Of course the effect will be marginal, as the size of the thunk will still be 16 bytes when including tail padding resulting from alignment. --- v3: Add comment. v2: New. --- a/xen/arch/x86/indirect-thunk.S +++ b/xen/arch/x86/indirect-thunk.S @@ -11,6 +11,9 @@ #include +/* Don't transform the "ret" further down. */ +.purgem ret + .macro IND_THUNK_RETPOLINE reg:req call 2f 1: @@ -24,12 +27,10 @@ .macro IND_THUNK_LFENCE reg:req lfence jmp *%\reg - int3 /* Halt straight-line speculation */ .endm .macro IND_THUNK_JMP reg:req jmp *%\reg - int3 /* Halt straight-line speculation */ .endm /* @@ -44,6 +45,8 @@ ENTRY(__x86_indirect_thunk_\reg) __stringify(IND_THUNK_LFENCE \reg), X86_FEATURE_IND_THUNK_LFENCE, \ __stringify(IND_THUNK_JMP \reg), X86_FEATURE_IND_THUNK_JMP + int3 /* Halt straight-line speculation */ + .size __x86_indirect_thunk_\reg, . - __x86_indirect_thunk_\reg .type __x86_indirect_thunk_\reg, @function .endm From patchwork Mon Nov 23 13:45:56 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jan Beulich X-Patchwork-Id: 11925229 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-17.2 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_SANE_1 autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id ED1F2C388F9 for ; Mon, 23 Nov 2020 13:46:10 +0000 (UTC) Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 78647206F1 for ; Mon, 23 Nov 2020 13:46:10 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=suse.com header.i=@suse.com header.b="vVX4omis" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 78647206F1 Authentication-Results: mail.kernel.org; dmarc=fail (p=quarantine dis=none) header.from=suse.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Received: from list by lists.xenproject.org with outflank-mailman.34351.65346 (Exim 4.92) (envelope-from ) id 1khCAJ-0002CI-Bc; Mon, 23 Nov 2020 13:45:59 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 34351.65346; Mon, 23 Nov 2020 13:45:59 +0000 X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1khCAJ-0002CB-6u; Mon, 23 Nov 2020 13:45:59 +0000 Received: by outflank-mailman (input) for mailman id 34351; Mon, 23 Nov 2020 13:45:58 +0000 Received: from us1-rack-iad1.inumbo.com ([172.99.69.81]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1khCAI-0002C4-R3 for xen-devel@lists.xenproject.org; Mon, 23 Nov 2020 13:45:58 +0000 Received: from mx2.suse.de (unknown [195.135.220.15]) by us1-rack-iad1.inumbo.com (Halon) with ESMTPS id fcb645b7-d493-414d-8ed5-da826e2edc67; Mon, 23 Nov 2020 13:45:58 +0000 (UTC) Received: from relay2.suse.de (unknown [195.135.221.27]) by mx2.suse.de (Postfix) with ESMTP id 6277DAD19; Mon, 23 Nov 2020 13:45:57 +0000 (UTC) Received: from us1-rack-iad1.inumbo.com ([172.99.69.81]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1khCAI-0002C4-R3 for xen-devel@lists.xenproject.org; Mon, 23 Nov 2020 13:45:58 +0000 X-Inumbo-ID: fcb645b7-d493-414d-8ed5-da826e2edc67 Received: from mx2.suse.de (unknown [195.135.220.15]) by us1-rack-iad1.inumbo.com (Halon) with ESMTPS id fcb645b7-d493-414d-8ed5-da826e2edc67; Mon, 23 Nov 2020 13:45:58 +0000 (UTC) X-Virus-Scanned: by amavisd-new at test-mx.suse.de DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=susede1; t=1606139157; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=w7uDOn4N0IoJ51us1LkK9OZYghwqQsMbEk0Oi9fZxmc=; b=vVX4omisYEgIILBK7CbJImhtB56Q0TRg2zdFwOd5W9a35SD3MCmc8tUfmQHZCCX6gHZVw8 1BRDnqx24cDcwiNY2Dn44KlU9EZc00YAKS2vyeFVjjmhrxvtsyH/t5X0Qsi/+vRbLF3Iul HKGyOPtTmLW6CgpA3rze81SEmbGnoM8= Received: from relay2.suse.de (unknown [195.135.221.27]) by mx2.suse.de (Postfix) with ESMTP id 6277DAD19; Mon, 23 Nov 2020 13:45:57 +0000 (UTC) Subject: [PATCH v3 6/7] x86: make guarding against straight-line speculation optional From: Jan Beulich To: "xen-devel@lists.xenproject.org" Cc: Andrew Cooper , Wei Liu , =?utf-8?q?Roger_Pau_Monn=C3=A9?= References: <8e7d1472-dd37-8ed3-ec2f-ce954ea61dfd@suse.com> Message-ID: Date: Mon, 23 Nov 2020 14:45:56 +0100 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.5.0 MIME-Version: 1.0 In-Reply-To: <8e7d1472-dd37-8ed3-ec2f-ce954ea61dfd@suse.com> Content-Language: en-US Put insertion of INT3 behind CONFIG_SPECULATIVE_HARDEN_BRANCH conditionals. Signed-off-by: Jan Beulich --- v3: New. --- a/xen/arch/x86/indirect-thunk.S +++ b/xen/arch/x86/indirect-thunk.S @@ -11,8 +11,10 @@ #include +#ifdef CONFIG_SPECULATIVE_HARDEN_BRANCH /* Don't transform the "ret" further down. */ .purgem ret +#endif .macro IND_THUNK_RETPOLINE reg:req call 2f @@ -45,7 +47,9 @@ ENTRY(__x86_indirect_thunk_\reg) __stringify(IND_THUNK_LFENCE \reg), X86_FEATURE_IND_THUNK_LFENCE, \ __stringify(IND_THUNK_JMP \reg), X86_FEATURE_IND_THUNK_JMP +#ifdef CONFIG_SPECULATIVE_HARDEN_BRANCH int3 /* Halt straight-line speculation */ +#endif .size __x86_indirect_thunk_\reg, . - __x86_indirect_thunk_\reg .type __x86_indirect_thunk_\reg, @function --- a/xen/include/asm-x86/asm-defns.h +++ b/xen/include/asm-x86/asm-defns.h @@ -45,6 +45,8 @@ INDIRECT_BRANCH jmp \arg .endm +#ifdef CONFIG_SPECULATIVE_HARDEN_BRANCH + /* * To guard against speculation past RET, insert a breakpoint insn * immediately after them. @@ -60,3 +62,5 @@ .word \operand .endif .endm + +#endif From patchwork Mon Nov 23 13:46:23 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Jan Beulich X-Patchwork-Id: 11925233 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-17.2 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_SANE_1 autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 63FFEC388F9 for ; Mon, 23 Nov 2020 13:46:38 +0000 (UTC) Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id DA6D22075A for ; Mon, 23 Nov 2020 13:46:37 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=suse.com header.i=@suse.com header.b="pFHfdZa+" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org DA6D22075A Authentication-Results: mail.kernel.org; dmarc=fail (p=quarantine dis=none) header.from=suse.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Received: from list by lists.xenproject.org with outflank-mailman.34360.65358 (Exim 4.92) (envelope-from ) id 1khCAk-0002Ji-KA; Mon, 23 Nov 2020 13:46:26 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 34360.65358; Mon, 23 Nov 2020 13:46:26 +0000 X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1khCAk-0002Ja-Gs; Mon, 23 Nov 2020 13:46:26 +0000 Received: by outflank-mailman (input) for mailman id 34360; Mon, 23 Nov 2020 13:46:25 +0000 Received: from us1-rack-iad1.inumbo.com ([172.99.69.81]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1khCAj-0002JO-Lw for xen-devel@lists.xenproject.org; Mon, 23 Nov 2020 13:46:25 +0000 Received: from mx2.suse.de (unknown [195.135.220.15]) by us1-rack-iad1.inumbo.com (Halon) with ESMTPS id 985749d8-5b92-4062-a5bc-1b08fd081024; Mon, 23 Nov 2020 13:46:24 +0000 (UTC) Received: from relay2.suse.de (unknown [195.135.221.27]) by mx2.suse.de (Postfix) with ESMTP id EF7CAAC23; Mon, 23 Nov 2020 13:46:23 +0000 (UTC) Received: from us1-rack-iad1.inumbo.com ([172.99.69.81]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1khCAj-0002JO-Lw for xen-devel@lists.xenproject.org; Mon, 23 Nov 2020 13:46:25 +0000 X-Inumbo-ID: 985749d8-5b92-4062-a5bc-1b08fd081024 Received: from mx2.suse.de (unknown [195.135.220.15]) by us1-rack-iad1.inumbo.com (Halon) with ESMTPS id 985749d8-5b92-4062-a5bc-1b08fd081024; Mon, 23 Nov 2020 13:46:24 +0000 (UTC) X-Virus-Scanned: by amavisd-new at test-mx.suse.de DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=susede1; t=1606139184; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=vDqW5RTe5KhXmgkVYzMyjwwQbOdd2k70RljFlzhoaCU=; b=pFHfdZa+cuPa90DerVTHkiQI8Vm/AJhQHtwMNNMS0fTtFJdermuXy7tWML8godkCDBjkbv f0wuDWwgEu5nU6CCIaEXvaVf0QitqWL67X+iqppFshfVSoYWej/fW5yw1B1jVe5lIkeV4Z T/l5zpYzVLCjODWlInwYnEy8sH+lBlo= Received: from relay2.suse.de (unknown [195.135.221.27]) by mx2.suse.de (Postfix) with ESMTP id EF7CAAC23; Mon, 23 Nov 2020 13:46:23 +0000 (UTC) Subject: [PATCH v3 7/7] x86: reduce CET-SS related #ifdef-ary From: Jan Beulich To: "xen-devel@lists.xenproject.org" Cc: Andrew Cooper , Wei Liu , =?utf-8?q?Roger_Pau_Monn=C3=A9?= References: <8e7d1472-dd37-8ed3-ec2f-ce954ea61dfd@suse.com> Message-ID: <3b55e0f7-a9ad-73f4-bf2c-99053f7886e3@suse.com> Date: Mon, 23 Nov 2020 14:46:23 +0100 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.5.0 MIME-Version: 1.0 In-Reply-To: <8e7d1472-dd37-8ed3-ec2f-ce954ea61dfd@suse.com> Content-Language: en-US Commit b586a81b7a90 ("x86/CET: Fix build following c/s 43b98e7190") had to introduce a number of #ifdef-s to make the build work with older tool chains. Introduce an assembler macro covering for tool chains not knowing of CET-SS, allowing some conditionals where just SETSSBSY is the problem to be dropped again. No change to generated code. Signed-off-by: Jan Beulich Reviewed-by: Roger Pau Monné --- v4: Move to end of series. --- Now that I've done this I'm no longer sure which direction is better to follow: On one hand this introduces dead code (even if just NOPs) into CET-SS-disabled builds. Otoh this is a step towards breaking the tool chain version dependency of the feature. I've also dropped conditionals around bigger chunks of code; while I think that's preferable, I'm open to undo those parts. --- a/xen/arch/x86/boot/x86_64.S +++ b/xen/arch/x86/boot/x86_64.S @@ -31,7 +31,6 @@ ENTRY(__high_start) jz .L_bsp /* APs. Set up shadow stacks before entering C. */ -#ifdef CONFIG_XEN_SHSTK testl $cpufeat_mask(X86_FEATURE_XEN_SHSTK), \ CPUINFO_FEATURE_OFFSET(X86_FEATURE_XEN_SHSTK) + boot_cpu_data(%rip) je .L_ap_shstk_done @@ -55,7 +54,6 @@ ENTRY(__high_start) mov $XEN_MINIMAL_CR4 | X86_CR4_CET, %ecx mov %rcx, %cr4 setssbsy -#endif .L_ap_shstk_done: call start_secondary --- a/xen/arch/x86/setup.c +++ b/xen/arch/x86/setup.c @@ -668,7 +668,7 @@ static void __init noreturn reinit_bsp_s stack_base[0] = stack; memguard_guard_stack(stack); - if ( IS_ENABLED(CONFIG_XEN_SHSTK) && cpu_has_xen_shstk ) + if ( cpu_has_xen_shstk ) { wrmsrl(MSR_PL0_SSP, (unsigned long)stack + (PRIMARY_SHSTK_SLOT + 1) * PAGE_SIZE - 8); --- a/xen/arch/x86/x86_64/compat/entry.S +++ b/xen/arch/x86/x86_64/compat/entry.S @@ -197,9 +197,7 @@ ENTRY(cr4_pv32_restore) /* See lstar_enter for entry register state. */ ENTRY(cstar_enter) -#ifdef CONFIG_XEN_SHSTK ALTERNATIVE "", "setssbsy", X86_FEATURE_XEN_SHSTK -#endif /* sti could live here when we don't switch page tables below. */ CR4_PV32_RESTORE movq 8(%rsp),%rax /* Restore %rax. */ --- a/xen/arch/x86/x86_64/entry.S +++ b/xen/arch/x86/x86_64/entry.S @@ -236,9 +236,7 @@ iret_exit_to_guest: * %ss must be saved into the space left by the trampoline. */ ENTRY(lstar_enter) -#ifdef CONFIG_XEN_SHSTK ALTERNATIVE "", "setssbsy", X86_FEATURE_XEN_SHSTK -#endif /* sti could live here when we don't switch page tables below. */ movq 8(%rsp),%rax /* Restore %rax. */ movq $FLAT_KERNEL_SS,8(%rsp) @@ -272,9 +270,7 @@ ENTRY(lstar_enter) jmp test_all_events ENTRY(sysenter_entry) -#ifdef CONFIG_XEN_SHSTK ALTERNATIVE "", "setssbsy", X86_FEATURE_XEN_SHSTK -#endif /* sti could live here when we don't switch page tables below. */ pushq $FLAT_USER_SS pushq $0 --- a/xen/include/asm-x86/asm-defns.h +++ b/xen/include/asm-x86/asm-defns.h @@ -8,6 +8,12 @@ .endm #endif +#ifndef CONFIG_HAS_AS_CET_SS +.macro setssbsy + .byte 0xf3, 0x0f, 0x01, 0xe8 +.endm +#endif + .macro INDIRECT_BRANCH insn:req arg:req /* * Create an indirect branch. insn is one of call/jmp, arg is a single