Xen project Mailing List

[PATCH 2/2] xen/x86: address violations of Rule 11.3

Date: Mon, 23 Jun 2025 17:20:15 -0700

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=lists.xenproject.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0)

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=nIkRL+KmS9tOBKdPslWRWd6541u4H2gTXTX/zlKIRfg=; b=ahX68Ba2Dm2hYFicJMGAVA7EQPQ+klOzohDubbOhajIy1XbfhMwLhz31j42657H4N+mTwBjM+ktgFi31O8ltPUZFr+HZrlkir9PzHIu7Mnpl12fFh3pUtqEmGCq3oCZJQ1YNFf4sl9vlWChb5K5sNM8kiWUV7GxasMHTkjCYEJb/mi3Mmlfyu6fszkvyNmQXs1PnKjhsfwLe1ydhL9p1LzXxH8fFjS37f1syMEruABc3loZ2SPuWDNFplqBNhIxvLPjA3z6gzvfVowiRlJb1NKISFUSHgfwVfe8x2xriGy8cCNMu/HGrsavN2Spj4sA33vwQ7SV4jJFtl4zmRne5Aw==

Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=BFhSRqPbdYwNsMLopKaXtnMOmDEHpz7nuH5d00K9AS9re7WMpdyTdtazNUzPJDFN+FMwdhbkMl4Sw9Ic7x5JZaIbCXjq+fycw+y+QKb09rMKYW8ATPtiI5rr29tAsA2RMbEjJbw94nCOYN/CxOMsHD/1phz3PEvULTt9qh7Lo4EEmFzjMen3dkLwc09S3yShvb6JwH0tS4vxI33SS0GV/2iZk7BM38raJmAofhKE0bDLsMaB2AUYsNucisYgBxDOynq1JjhBMK5/nHQWS8KpzbfvmTaC8nDYN9sKPICIwrf4V5DKAv5MDLet3grVQmbSTIMk26btkhi9stgIex6V4w==

Cc: Nicola Vetrini <nicola.vetrini@xxxxxxxxxxx>, Victor Lira <victorm.lira@xxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, "Anthony PERARD" <anthony.perard@xxxxxxxxxx>, Michal Orzel <michal.orzel@xxxxxxx>, "Jan Beulich" <jbeulich@xxxxxxxx>, Julien Grall <julien@xxxxxxx>, Roger Pau MonnÃ© <roger.pau@xxxxxxxxxx>, "Stefano Stabellini" <sstabellini@xxxxxxxxxx>, Federico Serafini <federico.serafini@xxxxxxxxxxx>, Bertrand Marquis <bertrand.marquis@xxxxxxx>

Delivery-date: Tue, 24 Jun 2025 00:20:45 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

From: Nicola Vetrini <nicola.vetrini@xxxxxxxxxxx> Use {get,put}_unaligned_t to ensure that reads and writes are safe to perform even on potentially misaligned pointers. Signed-off-by: Nicola Vetrini <nicola.vetrini@xxxxxxxxxxx> Signed-off-by: Victor Lira <victorm.lira@xxxxxxx> --- Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> Cc: Anthony PERARD <anthony.perard@xxxxxxxxxx> Cc: Michal Orzel <michal.orzel@xxxxxxx> Cc: Jan Beulich <jbeulich@xxxxxxxx> Cc: Julien Grall <julien@xxxxxxx> Cc: Roger Pau MonnÃ© <roger.pau@xxxxxxxxxx> Cc: Stefano Stabellini <sstabellini@xxxxxxxxxx> Cc: Nicola Vetrini <nicola.vetrini@xxxxxxxxxxx> Cc: Federico Serafini <federico.serafini@xxxxxxxxxxx> Cc: Bertrand Marquis <bertrand.marquis@xxxxxxx> --- xen/arch/x86/alternative.c | 12 ++++++++---- xen/arch/x86/hvm/emulate.c | 8 ++++---- xen/arch/x86/include/asm/hvm/vlapic.h | 5 +++-- xen/arch/x86/setup.c | 2 +- xen/drivers/passthrough/amd/iommu_init.c | 2 +- 5 files changed, 17 insertions(+), 12 deletions(-) diff --git a/xen/arch/x86/alternative.c b/xen/arch/x86/alternative.c index d4fe56b3da..200cf2e44c 100644 --- a/xen/arch/x86/alternative.c +++ b/xen/arch/x86/alternative.c @@ -17,6 +17,7 @@ #include <asm/nmi.h> #include <asm/nops.h> #include <xen/livepatch.h> +#include <xen/unaligned.h> #define MAX_PATCH_LEN (255-1) @@ -168,7 +169,7 @@ void *place_ret(void *ptr) BUG_ON((int32_t)disp != disp); *p++ = 0xe9; - *(int32_t *)p = disp; + put_unaligned_t(int32_t, disp, p); p += 4; } else @@ -345,8 +346,11 @@ static int init_or_livepatch _apply_alternatives(struct alt_instr *start, /* 0xe8/0xe9 are relative branches; fix the offset. */ if ( a->repl_len >= 5 && (*buf & 0xfe) == 0xe8 ) - *(int32_t *)(buf + 1) += repl - orig; + { + int32_t val = get_unaligned_t(int32_t, buf + 1); + put_unaligned_t(int32_t, val + repl - orig, buf + 1); + } a->priv = 1; add_nops(buf + a->repl_len, total_len - a->repl_len); @@ -388,7 +392,7 @@ static int init_or_livepatch apply_alt_calls( return -EINVAL; } - disp = *(int32_t *)(orig + 2); + disp = get_unaligned_t(int32_t, orig + 2); dest = *(const void **)(orig + 6 + disp); if ( dest ) @@ -420,7 +424,7 @@ static int init_or_livepatch apply_alt_calls( buf[0] = 0x2e; buf[1] = 0xe8; - *(int32_t *)(buf + 2) = disp; + put_unaligned_t(int32_t, disp, buf + 2); } else { diff --git a/xen/arch/x86/hvm/emulate.c b/xen/arch/x86/hvm/emulate.c index 91f004d233..3b644eed12 100644 --- a/xen/arch/x86/hvm/emulate.c +++ b/xen/arch/x86/hvm/emulate.c @@ -68,17 +68,17 @@ static void hvmtrace_io_assist(const ioreq_t *p) else event = p->dir ? TRC_HVM_IOPORT_READ : TRC_HVM_IOPORT_WRITE; - *(uint64_t *)buffer = p->addr; - size = (p->addr != (u32)p->addr) ? 8 : 4; + put_unaligned_t(uint64_t, p->addr, buffer); + size = (p->addr != (uint32_t)p->addr) ? 8 : 4; if ( size == 8 ) event |= TRC_64_FLAG; if ( !p->data_is_ptr ) { if ( size == 4 ) - *(uint32_t *)&buffer[size] = p->data; + put_unaligned_t(uint32_t, p->data, &buffer[size]); else - *(uint64_t *)&buffer[size] = p->data; + put_unaligned_t(uint64_t, p->data, &buffer[size]); size *= 2; } diff --git a/xen/arch/x86/include/asm/hvm/vlapic.h b/xen/arch/x86/include/asm/hvm/vlapic.h index c388551198..c7a26c0a0f 100644 --- a/xen/arch/x86/include/asm/hvm/vlapic.h +++ b/xen/arch/x86/include/asm/hvm/vlapic.h @@ -10,6 +10,7 @@ #define __ASM_X86_HVM_VLAPIC_H__ #include <xen/tasklet.h> +#include <xen/unaligned.h> #include <asm/hvm/vpt.h> #define vcpu_vlapic(x) (&(x)->arch.hvm.vlapic) @@ -85,13 +86,13 @@ struct vlapic { static inline uint32_t vlapic_get_reg(const struct vlapic *vlapic, uint32_t reg) { - return *((uint32_t *)(&vlapic->regs->data[reg])); + return get_unaligned_t(uint32_t, &vlapic->regs->data[reg]); } static inline void vlapic_set_reg( struct vlapic *vlapic, uint32_t reg, uint32_t val) { - *((uint32_t *)(&vlapic->regs->data[reg])) = val; + put_unaligned_t(uint32_t, val, &vlapic->regs->data[reg]); } void vlapic_reg_write(struct vcpu *v, unsigned int reg, uint32_t val); diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c index 1f5cb67bd0..5919e94f5b 100644 --- a/xen/arch/x86/setup.c +++ b/xen/arch/x86/setup.c @@ -1249,7 +1249,7 @@ void asmlinkage __init noreturn __start_xen(void) (caps & 2) ? " V2" : "", !(caps & 3) ? " none" : ""); printk("EDID transfer time: %d seconds\n", caps >> 8); - if ( *(u32 *)bootsym(boot_edid_info) == 0x13131313 ) + if ( get_unaligned_t(u32, bootsym(boot_edid_info)) == 0x13131313 ) { printk(" EDID info not retrieved because "); if ( !(caps & 3) ) diff --git a/xen/drivers/passthrough/amd/iommu_init.c b/xen/drivers/passthrough/amd/iommu_init.c index bb25b55c85..c00aa64983 100644 --- a/xen/drivers/passthrough/amd/iommu_init.c +++ b/xen/drivers/passthrough/amd/iommu_init.c @@ -562,7 +562,7 @@ static void cf_check parse_event_log_entry(struct amd_iommu *iommu, u32 entry[]) unsigned int device_id = MASK_EXTR(entry[0], IOMMU_EVENT_DEVICE_ID_MASK); unsigned int domain_id = MASK_EXTR(entry[1], IOMMU_EVENT_DOMAIN_ID_MASK); unsigned int flags = MASK_EXTR(entry[1], IOMMU_EVENT_FLAGS_MASK); - uint64_t addr = *(uint64_t *)(entry + 2); + uint64_t addr = get_unaligned_t(uint64_t, entry + 2); printk(XENLOG_ERR "AMD-Vi: %s: %pp d%u addr %016"PRIx64 " flags %#x%s%s%s%s%s%s%s%s%s%s\n", -- 2.25.1

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.