|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH v10 06/11] x86/entry: Organise the clobbering of the RSB/RAS on entry to Xen
>>> On 24.01.18 at 14:12, <andrew.cooper3@xxxxxxxxxx> wrote:
> --- a/xen/include/asm-x86/spec_ctrl_asm.h
> +++ b/xen/include/asm-x86/spec_ctrl_asm.h
> @@ -74,6 +74,43 @@
> * - SPEC_CTRL_EXIT_TO_GUEST
> */
>
> +.macro DO_OVERWRITE_RSB
> +/*
> + * Requires nothing
> + * Clobbers %rax, %rcx
> + *
> + * Requires 256 bytes of stack space, but %rsp has no net change. Based on
> + * Google's performance numbers, the loop is unrolled to 16 iterations and
> two
> + * calls per iteration.
> + *
> + * The call filling the RSB needs a nonzero displacement. A nop would do,
> but
> + * we use "1: pause, jmp 1b" to safely contains any ret-based speculation,
> + * even if the loop is speculatively executed prematurely.
> + *
> + * %rsp is preserved by using an extra GPR because a) we've got plenty spare,
> + * b) the two movs are shorter to encode than `add $32*8, %rsp`, and c) can
> be
> + * optimised with mov-elimination in modern cores.
> + */
> + mov $16, %ecx /* 16 iterations, two calls per loop */
> + mov %rsp, %rax /* Store the current %rsp */
> +
> +.L\@_fill_rsb_loop:
> +
> + .irp n, 1, 2 /* Unrolled twice. */
> + call .L\@_insert_rsb_entry_\n /* Create an RSB entry. */
> +
> +.L\@_capture_speculation_\n:
> + pause
> + jmp .L\@_capture_speculation_\n /* Capture rogue speculation. */
Have you seen Linux commit 28d437d550e1e39f805d99f9f8ac399c778827b7
("x86/retpoline: Add LFENCE to the retpoline/RSB filling RSB
macros")? I think we want to have the same, to please AMD. I'd
suggest to use alternative patching though (except again on the
IST paths), but then again maybe in a follow-up patch.
Jan
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |