From 4648cba0a60a660e7ecb06bc552e785250b38b45 Mon Sep 17 00:00:00 2001 From: Andrew Cooper Date: Fri, 24 Apr 2020 14:19:52 +0100 Subject: [PATCH] x86/spec-ctrl: Adjust DO_OVERWRITE_RSB to be shadow stack compatible The 32 calls need dropping from the shadow stack as well as the regular stack. To shorten the code, we can use the 32bit forms of RDSSP/INCSSP, but need to double up the input to INCSSP to counter the operand size based multiplier. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/include/asm-x86/spec_ctrl_asm.h | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/xen/include/asm-x86/spec_ctrl_asm.h b/xen/include/asm-x86/spec_ctrl_asm.h index c60093b090..cb34299a86 100644 --- a/xen/include/asm-x86/spec_ctrl_asm.h +++ b/xen/include/asm-x86/spec_ctrl_asm.h @@ -83,9 +83,9 @@ * Requires nothing * Clobbers \tmp (%rax by default), %rcx * - * Requires 256 bytes of stack space, but %rsp has no net change. Based on - * Google's performance numbers, the loop is unrolled to 16 iterations and two - * calls per iteration. + * Requires 256 bytes of {,shadow}stack space, but %rsp/SSP has no net + * change. Based on Google's performance numbers, the loop is unrolled to 16 + * iterations and two calls per iteration. * * The call filling the RSB needs a nonzero displacement. A nop would do, but * we use "1: pause; lfence; jmp 1b" to safely contains any ret-based @@ -114,6 +114,16 @@ sub $1, %ecx jnz .L\@_fill_rsb_loop mov %\tmp, %rsp /* Restore old %rsp */ + +#ifdef CONFIG_XEN_SHSTK + mov $1, %ecx + rdsspd %ecx + cmp $1, %ecx + je .L\@_shstk_done + mov $64, %ecx /* 64 * 4 bytes, given incsspd */ + incsspd %ecx /* Restore old SSP */ +.L\@_shstk_done: +#endif .endm .macro DO_SPEC_CTRL_ENTRY_FROM_HVM -- 2.39.5