File xsa456-0l.patch of Package xen.34726
# Commit 9607aeb6602b8ed9962404de3f5f90170ffddb66
# Date 2024-04-09 16:37:30 +0100
# Author Andrew Cooper <andrew.cooper3@citrix.com>
# Committer Andrew Cooper <andrew.cooper3@citrix.com>
x86/spec_ctrl: Hold SCF in %ebx across SPEC_CTRL_ENTRY_{PV,INTR}
... as we do in the exit paths too. This will allow simplification to the
sub-blocks.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
--- a/xen/arch/x86/x86_64/compat/entry.S
+++ b/xen/arch/x86/x86_64/compat/entry.S
@@ -20,7 +20,7 @@ ENTRY(entry_int82)
GET_STACK_END(14)
- SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */
+ SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %r14=end, %rdx=0, Clob: abcd */
/* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */
sti
@@ -223,7 +223,7 @@ ENTRY(cstar_enter)
GET_STACK_END(14)
- SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */
+ SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %r14=end, %rdx=0, Clob: abcd */
/* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */
mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rcx
--- a/xen/arch/x86/x86_64/entry.S
+++ b/xen/arch/x86/x86_64/entry.S
@@ -256,7 +256,7 @@ ENTRY(lstar_enter)
GET_STACK_END(14)
- SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */
+ SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %r14=end, %rdx=0, Clob: abcd */
/* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */
mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rcx
@@ -295,7 +295,7 @@ GLOBAL(sysenter_eflags_saved)
GET_STACK_END(14)
- SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */
+ SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %r14=end, %rdx=0, Clob: abcd */
/* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */
/* PUSHF above has saved EFLAGS.IF clear (the caller had it set). */
@@ -348,7 +348,7 @@ ENTRY(int80_direct_trap)
GET_STACK_END(14)
- SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */
+ SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %r14=end, %rdx=0, Clob: abcd */
/* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */
mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rcx
@@ -628,7 +628,7 @@ ENTRY(common_interrupt)
GET_STACK_END(14)
- SPEC_CTRL_ENTRY_FROM_INTR /* Req: %rsp=regs, %r14=end, %rdx=0, Clob: acd */
+ SPEC_CTRL_ENTRY_FROM_INTR /* Req: %rsp=regs, %r14=end, %rdx=0, Clob: abcd */
/* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */
mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rcx
@@ -661,7 +661,7 @@ GLOBAL(handle_exception)
GET_STACK_END(14)
- SPEC_CTRL_ENTRY_FROM_INTR /* Req: %rsp=regs, %r14=end, %rdx=0, Clob: acd */
+ SPEC_CTRL_ENTRY_FROM_INTR /* Req: %rsp=regs, %r14=end, %rdx=0, Clob: abcd */
/* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */
mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rcx
--- a/xen/include/asm-x86/spec_ctrl_asm.h
+++ b/xen/include/asm-x86/spec_ctrl_asm.h
@@ -263,9 +263,11 @@
*/
.macro SPEC_CTRL_ENTRY_FROM_PV
/*
- * Requires %rsp=regs/cpuinfo, %rdx=0
- * Clobbers %rax, %rcx, %rdx
+ * Requires %rsp=regs/cpuinfo, %r14=stack_end, %rdx=0
+ * Clobbers %rax, %rbx, %rcx, %rdx
*/
+ movzbl STACK_CPUINFO_FIELD(scf)(%r14), %ebx
+
ALTERNATIVE "", __stringify(DO_SPEC_CTRL_COND_IBPB maybexen=0), \
X86_FEATURE_IBPB_ENTRY_PV
@@ -289,8 +291,10 @@
.macro SPEC_CTRL_ENTRY_FROM_INTR
/*
* Requires %rsp=regs, %r14=stack_end, %rdx=0
- * Clobbers %rax, %rcx, %rdx
+ * Clobbers %rax, %rbx, %rcx, %rdx
*/
+ movzbl STACK_CPUINFO_FIELD(scf)(%r14), %ebx
+
testb $3, UREGS_cs(%rsp)
jz .L\@_skip
