Xen project Mailing List

Re: [PATCH 2/2] xen/x86: address violations of Rule 11.3

From: Stefano Stabellini <stefano.stabellini@xxxxxxx>

Date: Mon, 14 Jul 2025 18:12:57 -0700

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=suse.com smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0)

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=lJ+lptSqUrbtp+5wW2ny2AN0PGzda3o5syg6RrYmcRg=; b=GarpTBcWXi5TQmg1oCxU4hAk9NaEnjbLJ7CxqfnCV56dB8Vu6zc/xRdRkVlHn5kf7/RtebrVuxgiFxOiIeThVN7wBvPS5NJc0+E4ThigPM2t1Qsegku+oqKmKqr1Tfv0LeVCLaLdx5RJLJsKmtphiM0wjORTIlzKSHg9qfo89N9e77259n8gfMevUEQ/12g2uB2FId73kyyz0hCauz14uMDr1GlLuOIKKMlnYGmGd3nqSxItcoVsndEmahje3O/ehnVHoGA65zqxvQciG5sta86B4ekk2TjG6l1nLi4mZ/FLRmAvrH5KZdWfWbthhs4E9OJvgJQ9jpv0UzQome2FNw==

Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=KJnUq711r5k5gQzRia6JlPYaTRthoEihzuGSEtCEX4iwS8DcV0rwrUpAFm5gwkOOFa9muQmojgegGMGaI8WX99/Uh5hGcH68MgjEfKjPa7IAcUKvLVovkI3cBP9QK4Qmc1n+XVuIjREwtIGviWhzUUw4QSwgORzXuRiLh5q3v84t53xQSsh5i8Z42RZilXc4wxMTbCLOSWYQzXoop0FTduemAGfCV9INrWLI7WU+9KAaUtr30SKGLGb/GjqQVpoENhuTVjj2TSoaNBn8NVaFV0qInqmLsak0QboSnc12+jGiKtG2DuWqV8XIhbmBniZ8emP87v2C61L9XojEE4RZ4A==

Cc: Stefano Stabellini <sstabellini@xxxxxxxxxx>, <victorm.lira@xxxxxxx>, Nicola Vetrini <nicola.vetrini@xxxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Anthony PERARD <anthony.perard@xxxxxxxxxx>, Michal Orzel <michal.orzel@xxxxxxx>, Julien Grall <julien@xxxxxxx>, Roger Pau MonnÃ© <roger.pau@xxxxxxxxxx>, "Federico Serafini" <federico.serafini@xxxxxxxxxxx>, Bertrand Marquis <bertrand.marquis@xxxxxxx>, <xen-devel@xxxxxxxxxxxxxxxxxxxx>

Delivery-date: Tue, 15 Jul 2025 01:13:25 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Hi Jan, I apologize for the confusion. I initially believed this patch would reduce the outstanding violations to zero on x86, but in reality, there are still 1,415 remaining. https://gitlab.com/xen-project/people/sstabellini/xen/-/jobs/10660702979 Given this, I believe we should consider globally deviating the rule on x86, or at least apply it opportunistically, as we have done with other rules. In such cases, the rule is accepted but not actively scanned with ECLAIR, and we provide alternatives, such as using GCC ASAN, along with an explanation that misaligned access typically does not lead to crashes on x86. On Thu, 10 Jul 2025, Jan Beulich wrote: > On 10.07.2025 02:35, Stefano Stabellini wrote: > > On Wed, 9 Jul 2025, Jan Beulich wrote: > >>> What fine grained deviation do you have in mind? > >> > >> Ones for almost(?) everything that is having actual code changes right now > >> in this series. > > > > We could easily deviate alternative.c based on the file name alone. But > > for the rest: > > > > emulate.c: casts from unsigned char* (byte aligned) to uint64_t* (8 bytes > > aligned) > > This one may indeed be fine to patch. > > > vlapic.h: casts from uint8_t* (byte aligned) to uint32_t* (4 bytes aligned) > > These only give the impression of increasing alignment. struct > hvm_hw_lapic_regs > is containing solely an uint8_t[1024] array, and all instances (created from > vlapic_init()) actually end up at page boundaries. What I don't know is > whether > adding __aligned(PAGE_SIZE) to the struct vlapic field declaration would > convince Eclair of there being no issue here. Probably not, as the array index > used in both of the accesses isn't known (to it) to be 16-byte aligned. > > > setup.c: games with symbols > > The change here may again be acceptable; better may be to use memchr_inv() > there, as being less obfuscating _and_ eliminating the cast there altogether. > > > iommu_init.c: cast from uint32_t* (4 bytes aligned) to uint64_t* (8 bytes > > aligned) > > This imo would better be done by reconstructing the 64-bit value from the > two involved 32-bit array elements. > > > How would you deviate these in general terms? Or are you suggesting to > > use SAF tags for each of them? > > If no other solution can be found for the vlapic.h issue, "yes" there. For > all others I suggested alternative approaches. Subject to other x86 folks > possibly objecting, though. > > Jan >

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.