Xen project Mailing List

Re: [PATCH v2] x86: guard synthetic feature and bug enumerators

To: Jan Beulich <jbeulich@xxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>

From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>

Date: Thu, 8 Jan 2026 18:12:43 +0000

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=yIV0UM0RSzqyDTOYO61g2uqGwOb1ENaSUjQ5Ywx9RHQ=; b=OBqPHJJ1o4Ia1YeL3E0mNqp6XFsf4H6nNEkprstUtS4mGcEg3aeQnvz3GwGpxWD3yb8ACYhML/lCD0Ok9I/sAJpWgVq9HR/PTW3Rexb0fsqpExAruV9ytuOuqb8eeJ8rTk2v16P89rUBHvezxyMGRaMa2Qj2IL5sGJb5cS79qiZN37wl+mBw++qkHIaKH63JsXYlYFVkepPk9oSU+evQ7CpKvphvxpTfaCRScLHCctFhquCW8uTvRo1ipsuKJzj+mwLrRaW4JrQbjOOyklYEychD/fncvzAp5x2CRVFW02fnDChbyyLnFMqwCsgB0a8shSLV+YIFQVvukYx33lzsbQ==

Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=Bn4f7H8nA+kp6zRNvc9CcE5dZ9w3gXca+Fja/xEQS1kUBQoI1k4f3DkNVrjT9AcJyN016kY8iFqcTd495qiDNgw+qePFca6/Sqsa0VJ1WI0u028XC1XgqMgR3E6OBI4+pSLoG7rRvGGRcYPMm5RUkJnAfhNvWBgMWwRmUpTwo2SYzRy73YokSptLRAmFZFiPJyKts0OY/9dd3d6O+JausZ6JZHBW9GKnoldtqZXneMf3+hVdGFySPOn2hOaUBSouoBMzNY3bjztHMe/OWlYQEPQPcKdej56NjFL34BKSd86Ras3KDQqcKdysi5UJQxWSKvgVd7XSk9LsX3i8mifVVQ==

Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=citrix.com;

Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Jason Andryuk <jason.andryuk@xxxxxxx>

Delivery-date: Thu, 08 Jan 2026 18:13:02 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 07/01/2026 2:11 pm, Jan Beulich wrote: > While adding new enumerators one may overlook the (rare) need to bump > X86_NR_{SYNTH,BUG}. Guard against that happening by adding respective > checking. The use of BUILD_BUG_ON_ZERO(), however, entails a number of > other changes, as the expansion may not appear in the assembly produced. > Furthermore inputs to file-scope asm() are only supported in gcc15 (or > newer). > > No difference in generated code (debug info, however, grows quite a bit). > > An implication from the changes is that users of the alternatives patching > macros may not use unnamed asm() input operands anymore, as the "injected" > new operands would break numbering expectations. > > Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx> > --- > v2: Fix shim build. Use named label operand in pdx.h. I'm pretty sure that will be rejected by Eclair as a Rule R20.12 violation (using a parameter as a regular value, and stringised), and is a blocking rule. But more generally... I see why you want a guard rail here, I can't help feeling that the cure is worse than the poison. Updating every alternative is very invasive, and this in particular > --- a/xen/arch/x86/include/asm/spec_ctrl.h > +++ b/xen/arch/x86/include/asm/spec_ctrl.h > @@ -73,7 +73,7 @@ static always_inline void spec_ctrl_new_ > > /* (ab)use alternative_input() to specify clobbers. */ > alternative_input("", "DO_OVERWRITE_RSB xu=%=", X86_BUG_IBPB_NO_RET, > - : "rax", "rcx"); > + "i" (0) : "rax", "rcx"); > } > without even an explanation of why, is an immediate red flag. Could we not split X86_SYNTH()/BUG() to take a leaf/bit pair, similar to how we express regular features as a*32+b? That would at least make it more obvious than currently when a new leaf is needed, and contained it to a single header. ~Andrew

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.