From nobody Sun Apr 28 23:22:38 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=linaro.org Return-Path: Received: from lists.gnu.org (209.51.188.17 [209.51.188.17]) by mx.zohomail.com with SMTPS id 1552908660347525.7967602353885; Mon, 18 Mar 2019 04:31:00 -0700 (PDT) Received: from localhost ([127.0.0.1]:39816 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1h5qTj-0000eC-BI for importer@patchew.org; Mon, 18 Mar 2019 07:30:51 -0400 Received: from eggs.gnu.org ([209.51.188.92]:58653) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1h5qSe-0000KW-Hi for qemu-devel@nongnu.org; Mon, 18 Mar 2019 07:29:45 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1h5qSd-0001fu-Gh for qemu-devel@nongnu.org; Mon, 18 Mar 2019 07:29:44 -0400 Received: from mail-wr1-x441.google.com ([2a00:1450:4864:20::441]:36332) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1h5qSd-0001ck-4R for qemu-devel@nongnu.org; Mon, 18 Mar 2019 07:29:43 -0400 Received: by mail-wr1-x441.google.com with SMTP id y13so12087272wrd.3 for ; Mon, 18 Mar 2019 04:29:42 -0700 (PDT) Received: from orth.archaic.org.uk (orth.archaic.org.uk. [81.2.115.148]) by smtp.gmail.com with ESMTPSA id s13sm6329028wrw.47.2019.03.18.04.29.39 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 18 Mar 2019 04:29:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=e5cTE68w6WTk8T71CU71nMuIhX9QqmcHCNwBSeReoZc=; b=bs9w+x8HhW9hXFoP9/bghTvwgRDVqVvZ+mG0hpwisisp9E1Nk+2Ab+69Jpce7TwM9d vTcUgGrTmxNiFedY04IlcYCzvDsoAY6b0Bfa4mX1P10XMNc81ZIIF67rDE9USiohtlsO 0OF2Xn2XZ1UiXTfbWAC6XSKRo2axN9+xNnlNse3tmySSZV5vfPpjbpXxSpuZafQpV4z5 dpID2tru3sqY+cgCRPL9KPjyz7CgGOmHPdllLYXi9eK78CazBORFPfKzKr2bKrIRy5gJ /oI9tNtQpOLwJKPT3czhREbvmzzX+KPwA2VzPOSyLx7Hj3O6ac8LZzn5mEVtP5PH4gg1 iT8Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=e5cTE68w6WTk8T71CU71nMuIhX9QqmcHCNwBSeReoZc=; b=KGaRWgMxtMKbuOMDJnEyw5nL7Z4KplHprU3m/pxigctsu9N0KOihdEg4NBormsY5NB Bww3TdQNWSoV8mXieqGwklGyotacS97UAfIA33K2BMVKV2Dmjw6zGuwtG6oDdSm/3ZjP ftuTCPzKWKLJ6B/NFWtqVnK7JHcw02llZ2hlfKs7nOlpl1ps5KDyYK1p5LpvIW5nJq64 Efrbupqxrvqoe7BC6MuFQtzfJlACJjXDbyik33PwJPsceLVJGJOjKNCCQZ+P7I9I+nVd OssbP2HL8uNfj+eRtsNwlYkuYw6SwUmLciuFq1jWztguKPEa7vqBDoZs0oGpgIeC+abz 5OEA== X-Gm-Message-State: APjAAAWeYhTOIf1KkZJTlTkzMq92DE5BpuT+NZrftx960DstrZEMKWax YgsSFnkzZlwhrqBZEt4/WHFZOeZfUUg= X-Google-Smtp-Source: APXvYqwA+mRV2X3kr9Dc6b6H5bfCEBzbMxXN7WO8fmX072SG4vw7yVhDKiVurHoObAmDduvelYFwwg== X-Received: by 2002:adf:9cc4:: with SMTP id h4mr11212061wre.327.1552908581199; Mon, 18 Mar 2019 04:29:41 -0700 (PDT) From: Peter Maydell To: qemu-devel@nongnu.org Date: Mon, 18 Mar 2019 11:29:38 +0000 Message-Id: <20190318112938.8298-1-peter.maydell@linaro.org> X-Mailer: git-send-email 2.20.1 MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2a00:1450:4864:20::441 Subject: [Qemu-devel] [PATCH for-4.0] include/qemu/bswap.h: Use __builtin_memcpy() in accessor functions X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Paolo Bonzini , =?UTF-8?q?Fernando=20Casas=20Sch=C3=B6ssow?= , Richard Henderson , Stefan Hajnoczi , patches@linaro.org Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) In the accessor functions ld*_he_p() and st*_he_p() we use memcpy() to perform a load or store to a pointer which might not be aligned for the size of the type. We rely on the compiler to optimize this memcpy() into an efficient load or store instruction where possible. This is required for good performance, but at the moment it is also required for correct operation, because some users of these functions require that the access is atomic if the pointer is aligned, which will only be the case if the compiler has optimized out the memcpy(). (The particular example where we discovered this is the virtio vring_avail_idx() which calls virtio_lduw_phys_cached() which eventually ends up calling lduw_he_p().) Unfortunately some compile environments, such as the fortify-source setup used in Alpine Linux, define memcpy() to a wrapper function in a way that inhibits this compiler optimization. The correct long-term fix here is to add a set of functions for doing atomic accesses into AddressSpaces (and to other relevant families of accessor functions like the virtio_*_phys_cached() ones), and make sure that callsites which want atomic behaviour use the correct functions. In the meantime, switch to using __builtin_memcpy() in the bswap.h accessor functions. This will make us robust against things like this fortify library in the short term. In the longer term it will mean that we don't end up with these functions being really badly-performing even if the semantics of the out-of-line memcpy() are correct. Reported-by: Fernando Casas Sch=C3=B6ssow Signed-off-by: Peter Maydell Reviewed-by: Richard Henderson --- include/qemu/bswap.h | 26 ++++++++++++++++---------- 1 file changed, 16 insertions(+), 10 deletions(-) diff --git a/include/qemu/bswap.h b/include/qemu/bswap.h index 5a70f78c0ba..2a9f3fe783e 100644 --- a/include/qemu/bswap.h +++ b/include/qemu/bswap.h @@ -316,51 +316,57 @@ static inline void stb_p(void *ptr, uint8_t v) *(uint8_t *)ptr =3D v; } =20 -/* Any compiler worth its salt will turn these memcpy into native unaligned - operations. Thus we don't need to play games with packed attributes, or - inline byte-by-byte stores. */ +/* + * Any compiler worth its salt will turn these memcpy into native unaligned + * operations. Thus we don't need to play games with packed attributes, or + * inline byte-by-byte stores. + * Some compilation environments (eg some fortify-source implementations) + * may intercept memcpy() in a way that defeats the compiler optimization, + * though, so we use __builtin_memcpy() to give ourselves the best chance + * of good performance. + */ =20 static inline int lduw_he_p(const void *ptr) { uint16_t r; - memcpy(&r, ptr, sizeof(r)); + __builtin_memcpy(&r, ptr, sizeof(r)); return r; } =20 static inline int ldsw_he_p(const void *ptr) { int16_t r; - memcpy(&r, ptr, sizeof(r)); + __builtin_memcpy(&r, ptr, sizeof(r)); return r; } =20 static inline void stw_he_p(void *ptr, uint16_t v) { - memcpy(ptr, &v, sizeof(v)); + __builtin_memcpy(ptr, &v, sizeof(v)); } =20 static inline int ldl_he_p(const void *ptr) { int32_t r; - memcpy(&r, ptr, sizeof(r)); + __builtin_memcpy(&r, ptr, sizeof(r)); return r; } =20 static inline void stl_he_p(void *ptr, uint32_t v) { - memcpy(ptr, &v, sizeof(v)); + __builtin_memcpy(ptr, &v, sizeof(v)); } =20 static inline uint64_t ldq_he_p(const void *ptr) { uint64_t r; - memcpy(&r, ptr, sizeof(r)); + __builtin_memcpy(&r, ptr, sizeof(r)); return r; } =20 static inline void stq_he_p(void *ptr, uint64_t v) { - memcpy(ptr, &v, sizeof(v)); + __builtin_memcpy(ptr, &v, sizeof(v)); } =20 static inline int lduw_le_p(const void *ptr) --=20 2.20.1