[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v3 5/7] x86: guard against straight-line speculation past RET


  • To: Jan Beulich <jbeulich@xxxxxxxx>
  • From: Roger Pau Monné <roger.pau@xxxxxxxxxx>
  • Date: Wed, 11 Nov 2020 15:19:50 +0100
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=zIuRIBYUodhU7YjxRg4obkkTosdRqYr++JOcSlXvKcs=; b=nUZ/xWzB5cKdsdMkSGmJhw0elw0OO8hhjfTyhZHgfBknK5c9/mnFUlONI8YuT6eDEPIzLg6PQfeBfhhgmd7T7utupLp7iorQ6ODsWEkez2NxPNAn0CeqnvGXKmxsMQz65z1MNLYtF07nxlJIGIgw5vlbYu7G/+JMyzXKtAVtwC0/rVjtuGf9MO5MMhHxenRwH2Ke9cQgPP3jp4RFzOTVLegIYxGACVF2Vtkhl20SNw1tAgzYDI6pQZ5NNkAySh6XApMnc67ehkJUrYvDFXVzS9Ft6RvMuaFzz3xikebPhelR7V22BAV3OGBQz03iBNHT0Xg+VfzgyqU55J1WCcZ6LQ==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=oFaQkV0V9i+gZ2jMmjOK+P3QOJvk/vrPuKG9rHL+vCDIxaJEN5SB7yw6rEDOtJijewriRJCfRX74ldx/OQOEUVCmitvyf/pjyI7kSiH+15j7VY2QMl6CgckaEC8t7C2MUKyYatrnQR5svW2fmpk0GjyhIZb7LjDiOCgBW6li1i1XTsqbUzmXO0fHh0fYTCDYRU3rssmB0kT9z9pNrYSx3Od+ql43hcSdZBd6Ivuwbd9NJgYSrKefdAgC0Ql7FSu9hWRoy8DOgXWXn+FA39OX25rj4wFvOneRx971JhgTLghIdVGSitgWpk1KF8K/YvgY/m7xwRm0Kg2mnkKGokFj3Q==
  • Authentication-results: esa2.hc3370-68.iphmx.com; dkim=pass (signature verified) header.i=@citrix.onmicrosoft.com
  • Cc: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, "Andrew Cooper" <andrew.cooper3@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>
  • Delivery-date: Wed, 11 Nov 2020 14:21:32 +0000
  • Ironport-sdr: qhiZWmqMcktUGflrEsoQv5rNE7TL6FUVRRe3KjwCkMkv9xIFld5SguRitlv0gM7ad/BUvV+H8s gR5jitW1eKq5xdi7wBuqknORRhqZyaFu1LGrUwkOKTmzU+swncgBhBdATTnuofvxHqANf/S1Ib 7u9t4i8mRu9Qb6oaABLWtUM4Ku477rcZDlQixFe6mgpW89Hd3sf/wG2xS8x8tFLrv9TkyOznPT dEuXe8SDUDe6AsqF+5gZ6OrLxKtF6Ct36JajuyzROACoUF4Y0Khaepo0DY7DtKKShQ28URyqO9 Ew4=
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On Wed, Nov 11, 2020 at 02:33:34PM +0100, Jan Beulich wrote:
> On 11.11.2020 12:15, Roger Pau Monné wrote:
> > On Fri, Oct 23, 2020 at 10:38:04AM +0200, Jan Beulich wrote:
> >> Under certain conditions CPUs can speculate into the instruction stream
> >> past a RET instruction. Guard against this just like 3b7dab93f240
> >> ("x86/spec-ctrl: Protect against CALL/JMP straight-line speculation")
> >> did - by inserting an "INT $3" insn. It's merely the mechanics of how to
> >> achieve this that differ: A set of macros gets introduced to post-
> >> process RET insns issued by the compiler (or living in assembly files).
> >>
> >> Unfortunately for clang this requires further features their built-in
> >> assembler doesn't support: We need to be able to override insn mnemonics
> >> produced by the compiler (which may be impossible, if internally
> >> assembly mnemonics never get generated), and we want to use \(text)
> >> escaping / quoting in the auxiliary macro.
> >>
> >> Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
> >> Acked-by: Roger Pau Monné <roger.pau@xxxxxxxxxx>
> >> ---
> >> TBD: Would be nice to avoid the additions in .init.text, but a query to
> >>      the binutils folks regarding the ability to identify the section
> >>      stuff is in (by Peter Zijlstra over a year ago:
> >>      https://sourceware.org/pipermail/binutils/2019-July/107528.html)
> >>      has been left without helpful replies.
> >> ---
> >> v3: Use .byte 0xc[23] instead of the nested macros.
> >> v2: Fix build with newer clang. Use int3 mnemonic. Also override retq.
> >>
> >> --- a/xen/Makefile
> >> +++ b/xen/Makefile
> >> @@ -145,7 +145,15 @@ t2 = $(call as-insn,$(CC) -I$(BASEDIR)/i
> >>  # https://bugs.llvm.org/show_bug.cgi?id=36110
> >>  t3 = $(call as-insn,$(CC),".macro FOO;.endm"$(close); asm volatile 
> >> $(open)".macro FOO;.endm",-no-integrated-as)
> >>  
> >> -CLANG_FLAGS += $(call or,$(t1),$(t2),$(t3))
> >> +# Check whether \(text) escaping in macro bodies is supported.
> >> +t4 = $(call as-insn,$(CC),".macro m ret:req; \\(ret) $$\\ret; .endm; m 
> >> 8",,-no-integrated-as)
> >> +
> >> +# Check whether macros can override insn mnemonics in inline assembly.
> >> +t5 = $(call as-insn,$(CC),".macro ret; .error; .endm; .macro retq; 
> >> .error; .endm",-no-integrated-as)
> > 
> > I was going over this to post a bug report to LLVM, but it seems like
> > gcc also doesn't overwrite ret when using the above snippet:
> > 
> > https://godbolt.org/z/oqsPTv
> 
> I can't see what's different from
> 
> void test(void) {
>       asm volatile (".macro ret; .error; .endm; .macro retq; .error; .endm");
> }
> 
> but this one produces "Error: .error directive invoked in source file"
> for me with both old and new gcc.

You are right, I think godbolt is somehow busted?

I can reproduce your results with my version of gcc, so will just
report to LLVM.

Roger.



 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.