xen/wait: Describe RSB safety

It turns out that we do in fact have RSB safety here, but not for obvious reasons. Signed-off-by: Andrew Cooper <[email protected]> Reviewed-by: Jan Beulich <[email protected]>
nexec · Aug 5, 2022 · da74c95 · da74c95
1 parent e570e8d
commit da74c95
Showing 1 changed file with 21 additions and 0 deletions.
diff --git a/xen/common/wait.c b/xen/common/wait.c
@@ -209,6 +209,27 @@ void check_wakeup_from_wait(void)
             do_softirq();
     }
 
+    /*
+     * We are about to jump into a deeper call tree.  In principle, this risks
+     * executing more RET than CALL instructions, and underflowing the RSB.
+     *
+     * However, we are pinned to the same CPU as previously.  Therefore,
+     * either:
+     *
+     *   1) We've scheduled another vCPU in the meantime, and the context
+     *      switch path has (by default) issued IBPB which flushes the RSB, or
+     *
+     *   2) We're still in the same context.  Returning back to the deeper
+     *      call tree is resuming the execution path we left, and remains
+     *      balanced as far as that logic is concerned.
+     *
+     *      In fact, the path through the scheduler will execute more CALL
+     *      than RET instructions, making the RSB unbalanced in the safe
+     *      direction.
+     *
+     * Therefore, no actions are necessary here to maintain RSB safety.
+     */
+
     /*
      * Hand-rolled longjmp().
      *