1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
|
From 2b8f72a6b40dafc3fb40bce100cd62c4a377535a Mon Sep 17 00:00:00 2001
From: Andrew Cooper <andrew.cooper3@citrix.com>
Date: Fri, 3 Mar 2023 08:14:57 +0100
Subject: [PATCH 30/61] xen: Work around Clang-IAS macro \@ expansion bug
https://github.com/llvm/llvm-project/issues/60792
It turns out that Clang-IAS does not expand \@ uniquely in a translaition
unit, and the XSA-426 change tickles this bug:
<instantiation>:4:1: error: invalid symbol redefinition
.L1_fill_rsb_loop:
^
make[3]: *** [Rules.mk:247: arch/x86/acpi/cpu_idle.o] Error 1
Extend DO_OVERWRITE_RSB with an optional parameter so C callers can mix %= in
too, which Clang does seem to expand properly.
Fixes: 63305e5392ec ("x86/spec-ctrl: Mitigate Cross-Thread Return Address Predictions")
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
master commit: a2adacff0b91cc7b977abb209dc419a2ef15963f
master date: 2023-02-24 17:44:29 +0000
---
xen/include/asm-x86/spec_ctrl.h | 4 ++--
xen/include/asm-x86/spec_ctrl_asm.h | 23 ++++++++++++++---------
2 files changed, 16 insertions(+), 11 deletions(-)
diff --git a/xen/include/asm-x86/spec_ctrl.h b/xen/include/asm-x86/spec_ctrl.h
index 391973ef6a..a431fea587 100644
--- a/xen/include/asm-x86/spec_ctrl.h
+++ b/xen/include/asm-x86/spec_ctrl.h
@@ -83,7 +83,7 @@ static always_inline void spec_ctrl_new_guest_context(void)
wrmsrl(MSR_PRED_CMD, PRED_CMD_IBPB);
/* (ab)use alternative_input() to specify clobbers. */
- alternative_input("", "DO_OVERWRITE_RSB", X86_BUG_IBPB_NO_RET,
+ alternative_input("", "DO_OVERWRITE_RSB xu=%=", X86_BUG_IBPB_NO_RET,
: "rax", "rcx");
}
@@ -172,7 +172,7 @@ static always_inline void spec_ctrl_enter_idle(struct cpu_info *info)
*
* (ab)use alternative_input() to specify clobbers.
*/
- alternative_input("", "DO_OVERWRITE_RSB", X86_FEATURE_SC_RSB_IDLE,
+ alternative_input("", "DO_OVERWRITE_RSB xu=%=", X86_FEATURE_SC_RSB_IDLE,
: "rax", "rcx");
}
diff --git a/xen/include/asm-x86/spec_ctrl_asm.h b/xen/include/asm-x86/spec_ctrl_asm.h
index 9eb4ad9ab7..b61a5571ae 100644
--- a/xen/include/asm-x86/spec_ctrl_asm.h
+++ b/xen/include/asm-x86/spec_ctrl_asm.h
@@ -117,11 +117,16 @@
.L\@_done:
.endm
-.macro DO_OVERWRITE_RSB tmp=rax
+.macro DO_OVERWRITE_RSB tmp=rax xu
/*
* Requires nothing
* Clobbers \tmp (%rax by default), %rcx
*
+ * xu is an optional parameter to add eXtra Uniqueness. It is intended for
+ * passing %= in from an asm() block, in order to work around
+ * https://github.com/llvm/llvm-project/issues/60792 where Clang-IAS doesn't
+ * expand \@ uniquely.
+ *
* Requires 256 bytes of {,shadow}stack space, but %rsp/SSP has no net
* change. Based on Google's performance numbers, the loop is unrolled to 16
* iterations and two calls per iteration.
@@ -137,31 +142,31 @@
mov $16, %ecx /* 16 iterations, two calls per loop */
mov %rsp, %\tmp /* Store the current %rsp */
-.L\@_fill_rsb_loop:
+.L\@_fill_rsb_loop\xu:
.irp n, 1, 2 /* Unrolled twice. */
- call .L\@_insert_rsb_entry_\n /* Create an RSB entry. */
+ call .L\@_insert_rsb_entry\xu\n /* Create an RSB entry. */
-.L\@_capture_speculation_\n:
+.L\@_capture_speculation\xu\n:
pause
lfence
- jmp .L\@_capture_speculation_\n /* Capture rogue speculation. */
+ jmp .L\@_capture_speculation\xu\n /* Capture rogue speculation. */
-.L\@_insert_rsb_entry_\n:
+.L\@_insert_rsb_entry\xu\n:
.endr
sub $1, %ecx
- jnz .L\@_fill_rsb_loop
+ jnz .L\@_fill_rsb_loop\xu
mov %\tmp, %rsp /* Restore old %rsp */
#ifdef CONFIG_XEN_SHSTK
mov $1, %ecx
rdsspd %ecx
cmp $1, %ecx
- je .L\@_shstk_done
+ je .L\@_shstk_done\xu
mov $64, %ecx /* 64 * 4 bytes, given incsspd */
incsspd %ecx /* Restore old SSP */
-.L\@_shstk_done:
+.L\@_shstk_done\xu:
#endif
.endm
--
2.40.0
|
GitWeb