lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <aYyjw0FxDfNqgPDn@google.com>
Date: Wed, 11 Feb 2026 07:44:03 -0800
From: Sean Christopherson <seanjc@...gle.com>
To: Andrew Cooper <andrew.cooper3@...rix.com>
Cc: David Laight <david.laight.linux@...il.com>, ubizjak@...il.com, bp@...en8.de, 
	dave.hansen@...ux.intel.com, hpa@...or.com, kvm@...r.kernel.org, 
	linux-kernel@...r.kernel.org, mingo@...nel.org, pbonzini@...hat.com, 
	tglx@...nel.org, x86@...nel.org
Subject: Re: [PATCH 1/2] KVM: VMX: Drop obsolete branch hint prefixes from
 inline asm

On Wed, Feb 11, 2026, Andrew Cooper wrote:
> On 11/02/2026 1:43 pm, David Laight wrote:
> > On Wed, 11 Feb 2026 10:57:31 +0000
> > Andrew Cooper <andrew.cooper3@...rix.com> wrote:
> >
> >>> Remove explicit branch hint prefixes (.byte 0x2e / 0x3e) from VMX
> >>> inline assembly sequences.
> >>>
> >>> These prefixes (CS/DS segment overrides used as branch hints on
> >>> very old x86 CPUs) have been ignored by modern processors for a
> >>> long time. Keeping them provides no measurable benefit and only
> >>> enlarges the generated code.  
> >> It's actually worse than this.
> >>
> >> The branch-taken hint has new meaning in Lion Cove cores and later,
> >> along with a warning saying "performance penalty for misuse".
> >>
> >> i.e. "only insert this prefix after profiling".
> > Don't they really have much the same meaning as before?
> 
> Architecturally yes, microarchitecturally very much not.
> 
> For a branch known to the predictor, there is no effect.  If a branch
> unknown to the predictor gets decoded, it triggers a frontend flush and
> resteer.
> 
> It is only useful for programs large enough to exceed the working set of
> the conditional predictor, and for which certain branches are known to
> be ~always taken.
> 
> Putting the prefix on a branch that isn't ~always taken is worse than
> not having the prefix in the first place, hence the warning.

These branches indeed ~always follow the hinted path (not taken in this case).

So it sounds like this definitely isn't stable@ material, and maybe even begs
the question if dropping the hints is a net positive?

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ