xenbits.xensource.com Git - xen.git/commit

author	Andrew Cooper <andrew.cooper3@citrix.com>
	Fri, 22 Mar 2024 11:41:41 +0000 (11:41 +0000)
committer	Andrew Cooper <andrew.cooper3@citrix.com>
	Tue, 9 Apr 2024 15:48:19 +0000 (16:48 +0100)
commit	05f6fe7c39fe0c44807a51f6aa1d8ee1a38de197
tree	5ba967dbdad68d047d1d186b0d582afc8ced2a32	tree
parent	164c69bcee159b6f5c9f58d49fd3b715be75146f	commit \| diff

x86/spec-ctrl: Rework conditional safety for SPEC_CTRL_ENTRY_*

Right now, we have a mix of safety strategies in different blocks, making the
logic fragile and hard to follow.

Start addressing this by having a safety LFENCE at the end of the blocks,
which can be patched out if other safety criteria are met.  This will allow us
to simplify the sub-blocks.  For SPEC_CTRL_ENTRY_FROM_IST, simply leave an
LFENCE unconditionally at the end; the IST path is not a fast-path by any
stretch of the imagination.

For SPEC_CTRL_ENTRY_FROM_INTR, the existing description was incorrect.  The
IRET #GP path is non-fatal but can occur with the guest's choice of
MSR_SPEC_CTRL.  It is safe to skip the flush/barrier-like protections when
interrupting Xen, but we must run DO_SPEC_CTRL_ENTRY irrespective.

This will skip RSB stuffing which was previously unconditional even when
interrupting Xen.

AFAICT, this is a missing cleanup from commit 3fffaf9c13e9 ("x86/entry: Avoid
using alternatives in NMI/#MC paths") where we split the IST entry path out of
the main INTR entry path.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Acked-by: Roger Pau Monné <roger.pau@citrix.com>
(cherry picked from commit 94896de1a98c4289fe6fef9e16ef99fc6ef2efc4)

xen/arch/x86/hvm/vmx/entry.S		diff \| blob \| blame \| history
xen/arch/x86/include/asm/cpufeatures.h		diff \| blob \| blame \| history
xen/arch/x86/include/asm/spec_ctrl_asm.h		diff \| blob \| blame \| history
xen/arch/x86/spec_ctrl.c		diff \| blob \| blame \| history