From: "Roger Pau Monné" <roger.pau@citrix.com>
To: Andrew Cooper <andrew.cooper3@citrix.com>
Cc: Wei Liu <wei.liu2@citrix.com>, Jan Beulich <JBeulich@suse.com>,
Xen-devel <xen-devel@lists.xen.org>
Subject: Re: [PATCH 5/7] x86/alt: Support for automatic padding calculations
Date: Mon, 12 Feb 2018 18:09:53 +0000 [thread overview]
Message-ID: <20180212180953.n4qa3nsgabsicmpm@MacBook-Pro-de-Roger.local> (raw)
In-Reply-To: <1518434587-22827-6-git-send-email-andrew.cooper3@citrix.com>
On Mon, Feb 12, 2018 at 11:23:05AM +0000, Andrew Cooper wrote:
> The correct amount of padding in an origin patch site can be calculated
> automatically, based on the relative lengths of the replacements.
>
> This requires a bit of trickery to calculate correctly, especially in the
> ALTENRATIVE_2 case where a branchless max() calculation in needed. The
> calculation is further complicated because GAS's idea of true is -1 rather
> than 1, which is why the extra negations are required.
>
> Additionally, have apply_alternatives() attempt to optimise the padding nops.
>
> Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
LGTM, just a couple of nits:
Reviewed-by: Roger Pau Monné <roger.pau@citrix.com>
> ---
> CC: Jan Beulich <JBeulich@suse.com>
> CC: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
> CC: Roger Pau Monné <roger.pau@citrix.com>
> CC: Wei Liu <wei.liu2@citrix.com>
> ---
> xen/arch/x86/alternative.c | 32 ++++++++++++++++++++++++----
> xen/include/asm-x86/alternative-asm.h | 40 +++++++++++++++++++++++++++--------
> xen/include/asm-x86/alternative.h | 39 ++++++++++++++++++++++++++--------
> 3 files changed, 89 insertions(+), 22 deletions(-)
>
> diff --git a/xen/arch/x86/alternative.c b/xen/arch/x86/alternative.c
> index f8ddab5..ec87ff4 100644
> --- a/xen/arch/x86/alternative.c
> +++ b/xen/arch/x86/alternative.c
> @@ -180,13 +180,37 @@ void init_or_livepatch apply_alternatives(const struct alt_instr *start,
> uint8_t *orig = ALT_ORIG_PTR(a);
> uint8_t *repl = ALT_REPL_PTR(a);
> uint8_t buf[MAX_PATCH_LEN];
> + unsigned int total_len = a->orig_len + a->pad_len;
>
> - BUG_ON(a->repl_len > a->orig_len);
> - BUG_ON(a->orig_len > sizeof(buf));
> + BUG_ON(a->repl_len > total_len);
> + BUG_ON(total_len > sizeof(buf));
> BUG_ON(a->cpuid >= NCAPINTS * 32);
>
> if ( !boot_cpu_has(a->cpuid) )
> + {
> + unsigned int i;
> +
> + /* No replacement to make, but try to optimise any padding. */
> + if ( a->pad_len <= 1 )
> + continue;
> +
> + /* Search the padding area for any byte which isn't a nop. */
> + for ( i = a->orig_len; i < total_len; ++i )
> + if ( orig[i] != 0x90 )
Maybe better to compare against ASM_NOP1?
> + break;
> +
> + /*
> + * Only make any changes if all padding bytes are unoptimised
> + * nops. With multiple alternatives over the same origin site, we
> + * may have already made a replacement, or optimised the nops.
> + */
> + if ( i != total_len )
> + continue;
> +
> + add_nops(buf, a->pad_len);
> + text_poke(orig + a->orig_len, buf, a->pad_len);
> continue;
> + }
>
> memcpy(buf, repl, a->repl_len);
>
> @@ -194,8 +218,8 @@ void init_or_livepatch apply_alternatives(const struct alt_instr *start,
> if ( a->repl_len >= 5 && (*buf & 0xfe) == 0xe8 )
> *(s32 *)(buf + 1) += repl - orig;
>
> - add_nops(buf + a->repl_len, a->orig_len - a->repl_len);
> - text_poke(orig, buf, a->orig_len);
> + add_nops(buf + a->repl_len, total_len - a->repl_len);
> + text_poke(orig, buf, total_len);
> }
> }
>
> diff --git a/xen/include/asm-x86/alternative-asm.h b/xen/include/asm-x86/alternative-asm.h
> index 150bd1a..f7e37cb 100644
> --- a/xen/include/asm-x86/alternative-asm.h
> +++ b/xen/include/asm-x86/alternative-asm.h
> @@ -9,30 +9,41 @@
> * enough information for the alternatives patching code to patch an
> * instruction. See apply_alternatives().
> */
> -.macro altinstruction_entry orig repl feature orig_len repl_len
> +.macro altinstruction_entry orig repl feature orig_len repl_len pad_len
> .long \orig - .
> .long \repl - .
> .word \feature
> .byte \orig_len
> .byte \repl_len
> + .byte \pad_len
> .endm
>
> #define orig_len (.L\@_orig_e - .L\@_orig_s)
> +#define pad_len (.L\@_orig_p - .L\@_orig_e)
> +#define total_len (.L\@_orig_p - .L\@_orig_s)
> #define repl_len(nr) (.L\@_repl_e\()nr - .L\@_repl_s\()nr)
> #define decl_repl(insn, nr) .L\@_repl_s\()nr: insn; .L\@_repl_e\()nr:
> +#define gas_max(a, b) ((a) ^ (((a) ^ (b)) & -(-((a) < (b)))))
That seems to work fine at least on newish versions of clang, so I'm
not sure the g prefix is required (as_max).
>
> .macro ALTERNATIVE oldinstr, newinstr, feature
> .L\@_orig_s:
> \oldinstr
> .L\@_orig_e:
> + .skip (-((repl_len(1) - orig_len) > 0) * (repl_len(1) - orig_len)), 0x90
> +.L\@_orig_p:
>
> .pushsection .altinstructions, "a", @progbits
> altinstruction_entry .L\@_orig_s, .L\@_repl_s1, \feature, \
> - orig_len, repl_len(1)
> + orig_len, repl_len(1), pad_len
>
> .section .discard, "a", @progbits
> - /* Assembler-time check that \newinstr isn't longer than \oldinstr. */
> - .byte 0xff + repl_len(1) - orig_len
> + /*
> + * Assembler-time checks:
> + * - total_len <= 255
> + * - \newinstr <= total_len
> + */
> + .byte total_len
> + .byte 0xff + repl_len(1) - total_len
>
> .section .altinstr_replacement, "ax", @progbits
>
> @@ -45,18 +56,26 @@
> .L\@_orig_s:
> \oldinstr
> .L\@_orig_e:
> + .skip (-((gas_max(repl_len(1), repl_len(2)) - orig_len) > 0) * \
> + (gas_max(repl_len(1), repl_len(2)) - orig_len)), 0x90
> +.L\@_orig_p:
>
> .pushsection .altinstructions, "a", @progbits
>
> altinstruction_entry .L\@_orig_s, .L\@_repl_s1, \feature1, \
> - orig_len, repl_len(1)
> + orig_len, repl_len(1), pad_len
> altinstruction_entry .L\@_orig_s, .L\@_repl_s2, \feature2, \
> - orig_len, repl_len(2)
> + orig_len, repl_len(2), pad_len
>
> .section .discard, "a", @progbits
> - /* Assembler-time check that \newinstr{1,2} aren't longer than \oldinstr. */
> - .byte 0xff + repl_len(1) - orig_len
> - .byte 0xff + repl_len(2) - orig_len
> + /*
> + * Assembler-time checks:
> + * - total_len <= 255
> + * - \newinstr* <= total_len
> + */
> + .byte total_len
> + .byte 0xff + repl_len(1) - total_len
> + .byte 0xff + repl_len(2) - total_len
>
> .section .altinstr_replacement, "ax", @progbits
>
> @@ -66,8 +85,11 @@
> .popsection
> .endm
>
> +#undef gas_max
> #undef decl_repl
> #undef repl_len
> +#undef total_len
> +#undef pad_len
> #undef orig_len
>
> #endif /* __ASSEMBLY__ */
> diff --git a/xen/include/asm-x86/alternative.h b/xen/include/asm-x86/alternative.h
> index 1e5cfbd..20dea22 100644
> --- a/xen/include/asm-x86/alternative.h
> +++ b/xen/include/asm-x86/alternative.h
> @@ -8,12 +8,13 @@
> #include <xen/stringify.h>
> #include <xen/types.h>
>
> -struct alt_instr {
> +struct __packed alt_instr {
> int32_t orig_offset; /* original instruction */
> int32_t repl_offset; /* offset to replacement instruction */
> uint16_t cpuid; /* cpuid bit set for replacement */
> uint8_t orig_len; /* length of original instruction */
> - uint8_t repl_len; /* length of new instruction, <= instrlen */
> + uint8_t repl_len; /* length of new instruction */
> + uint8_t pad_len; /* length of build-time padding */
> };
>
> #define __ALT_PTR(a,f) ((u8 *)((void *)&(a)->f + (a)->f))
> @@ -26,44 +27,64 @@ extern void apply_alternatives(const struct alt_instr *start,
> const struct alt_instr *end);
> extern void alternative_instructions(void);
>
> -#define OLDINSTR(oldinstr) ".L%=_orig_s:\n\t" oldinstr "\n.L%=_orig_e:\n"
> -
> #define repl_s(num) ".L%=_repl_s"#num
> #define repl_e(num) ".L%=_repl_e"#num
>
> #define alt_orig_len "(.L%=_orig_e - .L%=_orig_s)"
> +#define alt_pad_len "(.L%=_orig_p - .L%=_orig_e)"
> +#define alt_total_len "(.L%=_orig_p - .L%=_orig_s)"
> #define alt_repl_len(num) "(" repl_e(num) " - " repl_s(num) ")"
> +#define gas_max(a, b) \
> + "((" a ") ^ (((" a ") ^ (" b ")) & -(-((" a ") < (" b ")))))"
> +
> +#define OLDINSTR_1(oldinstr, n1) \
> + ".L%=_orig_s:\n\t" oldinstr "\n .L%=_orig_e:\n\t" \
> + ".skip (-(("alt_repl_len(n1)"-"alt_orig_len") > 0) * " \
> + "("alt_repl_len(n1)"-"alt_orig_len")), 0x90\n\t" \
ASM_NOP1 instead of 0x90?
Thanks, Roger.
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
next prev parent reply other threads:[~2018-02-12 18:09 UTC|newest]
Thread overview: 52+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-02-12 11:23 [PATCH 0/7] x86/alternatives: Support for automatic padding calculations Andrew Cooper
2018-02-12 11:23 ` [PATCH 1/7] x86/alt: Drop unused alternative infrastructure Andrew Cooper
2018-02-12 12:30 ` Wei Liu
2018-02-12 15:56 ` Roger Pau Monné
2018-02-12 15:58 ` Andrew Cooper
2018-02-13 14:22 ` Jan Beulich
2018-02-13 14:41 ` Andrew Cooper
2018-02-13 15:33 ` Jan Beulich
2018-02-14 10:02 ` Jan Beulich
2018-02-12 11:23 ` [PATCH 2/7] x86/alt: Clean up struct alt_instr and its users Andrew Cooper
2018-02-12 12:30 ` Wei Liu
2018-02-12 16:52 ` Roger Pau Monné
2018-02-12 17:18 ` Wei Liu
2018-02-12 17:53 ` Andrew Cooper
2018-02-13 14:26 ` Jan Beulich
2018-02-21 21:22 ` Konrad Rzeszutek Wilk
2018-02-12 11:23 ` [PATCH 3/7] x86/alt: Clean up the assembly used to generate alternatives Andrew Cooper
2018-02-12 12:30 ` Wei Liu
2018-02-12 17:26 ` Roger Pau Monné
2018-02-12 17:54 ` Andrew Cooper
2018-02-13 14:37 ` Jan Beulich
2018-02-23 14:03 ` Andrew Cooper
2018-02-23 15:12 ` Jan Beulich
2018-02-23 16:24 ` Andrew Cooper
2018-02-23 17:28 ` Jan Beulich
2018-02-12 11:23 ` [PATCH 4/7] x86/asm: Remove opencoded uses of altinstruction_entry Andrew Cooper
2018-02-12 12:30 ` Wei Liu
2018-02-12 12:34 ` Andrew Cooper
2018-02-13 9:56 ` Jan Beulich
2018-02-13 10:07 ` Andrew Cooper
2018-02-13 11:10 ` Jan Beulich
2018-02-12 12:52 ` Wei Liu
2018-02-12 17:46 ` Roger Pau Monné
2018-02-12 17:59 ` Andrew Cooper
2018-02-14 9:53 ` Jan Beulich
2018-02-12 11:23 ` [PATCH 5/7] x86/alt: Support for automatic padding calculations Andrew Cooper
2018-02-12 14:39 ` Wei Liu
2018-02-12 15:04 ` Andrew Cooper
2018-02-12 18:41 ` Roger Pau Monné
2018-02-12 18:45 ` Andrew Cooper
2018-02-12 18:09 ` Roger Pau Monné [this message]
2018-02-13 9:45 ` Roger Pau Monné
2018-02-13 10:09 ` Andrew Cooper
2018-02-13 10:26 ` Roger Pau Monné
2018-02-14 9:46 ` Jan Beulich
2018-02-12 11:23 ` [PATCH 6/7] x86/alt: Drop explicit padding of origin sites Andrew Cooper
2018-02-12 14:39 ` Wei Liu
2018-02-12 18:12 ` Roger Pau Monné
2018-02-14 9:53 ` Jan Beulich
2018-02-12 11:23 ` [PATCH 7/7] x86/build: Use new .nop directive when available Andrew Cooper
2018-02-12 14:40 ` Wei Liu
2018-02-13 11:08 ` Roger Pau Monné
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180212180953.n4qa3nsgabsicmpm@MacBook-Pro-de-Roger.local \
--to=roger.pau@citrix.com \
--cc=JBeulich@suse.com \
--cc=andrew.cooper3@citrix.com \
--cc=wei.liu2@citrix.com \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.