On 22.04.2024 20:14, Andrew Cooper wrote:
> --- a/xen/arch/x86/hvm/vmx/entry.S
> +++ b/xen/arch/x86/hvm/vmx/entry.S
> @@ -62,12 +62,12 @@ ENTRY(vmx_asm_vmexit_handler)
> * Clear the BHB to mitigate BHI. Used on eIBRS parts, and uses RETs
> * itself so must be after we've perfomed all the RET-safety we can.
> */
> - testb $SCF_entry_bhb, CPUINFO_scf(%rsp)
> - jz .L_skip_bhb
> - ALTERNATIVE_2 "", \
> - "call clear_bhb_loops", X86_SPEC_BHB_LOOPS, \
> - "call clear_bhb_tsx", X86_SPEC_BHB_TSX
> -.L_skip_bhb:
> + .macro VMX_BHB_SEQ fn:req
> + DO_COND_BHB_SEQ \fn scf=CPUINFO_scf(%rsp)
> + .endm
> + ALTERNATIVE_2 "", \
> + "VMX_BHB_SEQ fn=clear_bhb_loops", X86_SPEC_BHB_LOOPS, \
> + "VMX_BHB_SEQ fn=clear_bhb_tsx", X86_SPEC_BHB_TSX
Oh, and just to mention it since we were discussing this before: The variant
of this that I had been thinking of without decode-lite would have been to
transform this (readable)
testb $SCF_entry_bhb, CPUINFO_scf(%rsp)
ALTERNATIVE_2 "jmp .L_skip_bhb", \
"jz .L_skip_bhb", X86_SPEC_BHB_LOOPS, \
"jz .L_skip_bhb", X86_SPEC_BHB_TSX
ALTERNATIVE_2 "", \
"call clear_bhb_loops", X86_SPEC_BHB_LOOPS, \
"call clear_bhb_tsx", X86_SPEC_BHB_TSX
.L_skip_bhb:
into (untested, and hence perhaps slightly off) the (less readable)
testb $SCF_entry_bhb, CPUINFO_scf(%rsp)
ALTERNATIVE_2 ".byte 0xeb" /* jmp */, \
".byte 0x74" /* jz */, X86_SPEC_BHB_LOOPS, \
".byte 0x74" /* jz */, X86_SPEC_BHB_TSX
.byte .L_skip_bhb - (. + 1)
ALTERNATIVE_2 "", \
"call clear_bhb_loops", X86_SPEC_BHB_LOOPS, \
"call clear_bhb_tsx", X86_SPEC_BHB_TSX
.L_skip_bhb:
Of course yours (dropping the branch altogether) is better, but also comes
at a higher price.
Jan
