[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v4] xen/arm64: Place a speculation barrier following an ret instruction

  • To: Julien Grall <julien@xxxxxxx>
  • From: Bertrand Marquis <Bertrand.Marquis@xxxxxxx>
  • Date: Mon, 19 Apr 2021 14:13:00 +0000
  • Accept-language: en-GB, en-US
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=pptalEV3k+fmXr4wxakCQXvd6uX8C5aeE2ux0ApGNTA=; b=fQ62jR+nPtJLaH8M06ttKoGp8iFnOz9D/wCAMv76+6oNH1vFPzICuTtP9oC7gkz3LN+yzoGMRNxHAA8M4HLO4V9x0a2IzNZlmLTBh+hhIzuhw4K9WesBG5wf5zIxLjX5MNYK7SRQbQpoVNEsyE5Ef2zXPw74tNhLJq75SsCv+G2kiQZPb+VnCGRxLkpNTwP2NJl6UibwE8YamtGj8nkrxvmkt14QBsxNW0JOMGMIfRg5ETaTgQ+mDfHqNQV2sqzvoXztxDcWrLqYDIwhMI8jyOyyTsU0jMAvrvLQ8eug10ADe/SnbXkMfHTnYLeGOXzldOwEwlqpDSMLa57PLoCkJg==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=B4Eu3X5d/2EZ85/+URIfUmnSnDbv//ZYUj4mvr1cpRza/lwz12jZ1XFC/BZwzkpsgYjvFy16u0ipTPHACFDXMV6EB1gr8d2IcPEZjyc+W2IdKVyKsxnqX0kV64SiY8NkCLvfMAi3Pks/QGO5+jty62wB/prHvKqKW4bxXWC3iCpgtDH10LVnwdgPDbSD3nZ3NWj13yiIZoRYJN7iG9Z83htSJMmIM4O02tjNgKyazX8Igq9vOePD5tuxFOnEHK2irmGF5Zi1UnDl0zQi4E1R39KyPx4ZY5RXFyx0LKZXd8fNoZ5W9zz8feBujNNJaDlgG9acL0tHVUJfqrIqfVetiw==
  • Authentication-results-original: xen.org; dkim=none (message not signed) header.d=none;xen.org; dmarc=none action=none header.from=arm.com;
  • Cc: Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Julien Grall <jgrall@xxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>
  • Delivery-date: Mon, 19 Apr 2021 14:13:45 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Nodisclaimer: true
  • Original-authentication-results: xen.org; dkim=none (message not signed) header.d=none;xen.org; dmarc=none action=none header.from=arm.com;
  • Thread-index: AQHXNH0siWlslQGzzkGg4Th8zeJ9hKq74zoA
  • Thread-topic: [PATCH v4] xen/arm64: Place a speculation barrier following an ret instruction
Hi Julien,

> On 18 Apr 2021, at 19:03, Julien Grall <julien@xxxxxxx> wrote:
> 
> From: Julien Grall <jgrall@xxxxxxxxxx>
> 
> Some CPUs can speculate past a RET instruction and potentially perform
> speculative accesses to memory before processing the return.
> 
> There is no known gadget available after the RET instruction today.
> However some of the registers (such as in check_pending_guest_serror())
> may contain a value provided by the guest.
> 
> In order to harden the code, it would be better to add a speculation
> barrier after each RET instruction. The performance impact is meant to
> be negligeable as the speculation barrier is not meant to be
> architecturally executed.
> 
> Rather than manually inserting a speculation barrier, use a macro
> which overrides the mnemonic RET and replace with RET + SB. We need to
> use the opcode for RET to prevent any macro recursion.
> 
> This patch is only covering the assembly code. C code would need to be
> covered separately using the compiler support.
> 
> Note that the definition of the macros sb needs to be moved earlier in
> asm-arm/macros.h so it can be used by the new macro.
> 
> This is part of the work to mitigate straight-line speculation.
> 
> Signed-off-by: Julien Grall <jgrall@xxxxxxxxxx>
Reviewed-by: Bertrand Marquis <bertrand.marquis@xxxxxxx>

Cheers
Bertrand

> 
> ---
> 
> It is not clear to me whether Armv7 (we don't officially support 32-bit
> hypervisor on Armv8) is also affected by straight-line speculation.
> The LLVM website suggests it is: https://reviews.llvm.org/D92395
> 
> For now only focus on arm64.
> 
>    Changes in v4:
>        - Remove Bertand's reviewed-by
>        - Use /* ... */ rather than // for comments
>        - Remove arm32 changes
>        - Explain why the macro sb is moved around
> 
>    Changes in v3:
>        -  Add Bertrand's reviewed-by
> 
>    Changes in v2:
>        - Use a macro rather than inserting the speculation barrier
>        manually
>        - Remove mitigation for arm32
> ---
> xen/include/asm-arm/arm64/macros.h |  6 ++++++
> xen/include/asm-arm/macros.h       | 18 +++++++++---------
> 2 files changed, 15 insertions(+), 9 deletions(-)
> 
> diff --git a/xen/include/asm-arm/arm64/macros.h 
> b/xen/include/asm-arm/arm64/macros.h
> index f981b4f43e84..5ad66efd6ba4 100644
> --- a/xen/include/asm-arm/arm64/macros.h
> +++ b/xen/include/asm-arm/arm64/macros.h
> @@ -21,6 +21,12 @@
>     ldr     \dst, [\dst, \tmp]
>     .endm
> 
> +    .macro  ret
> +        /* ret opcode */
> +        .inst 0xd65f03c0
> +        sb
> +    .endm
> +
> /*
>  * Register aliases.
>  */
> diff --git a/xen/include/asm-arm/macros.h b/xen/include/asm-arm/macros.h
> index 4833671f4ced..1aa373760f98 100644
> --- a/xen/include/asm-arm/macros.h
> +++ b/xen/include/asm-arm/macros.h
> @@ -5,6 +5,15 @@
> # error "This file should only be included in assembly file"
> #endif
> 
> +    /*
> +     * Speculative barrier
> +     * XXX: Add support for the 'sb' instruction
> +     */
> +    .macro sb
> +    dsb nsh
> +    isb
> +    .endm
> +
> #if defined (CONFIG_ARM_32)
> # include <asm/arm32/macros.h>
> #elif defined(CONFIG_ARM_64)
> @@ -20,13 +29,4 @@
>     .endr
>     .endm
> 
> -    /*
> -     * Speculative barrier
> -     * XXX: Add support for the 'sb' instruction
> -     */
> -    .macro sb
> -    dsb nsh
> -    isb
> -    .endm
> -
> #endif /* __ASM_ARM_MACROS_H */
> -- 
> 2.17.1
>

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.