Not exactly overlapping accesses to objects on the left and right hand
sides of an assignment are generally UB, and hence disallowed by Misra.
While in the specific cases we're talking about here no actual UB can
result as long as the compiler doesn't act actively "maliciously", let's
still switch to using casts combined with exactly overlapping accesses.
Signed-off-by: Jan Beulich <jbeulich@suse.com>
---
Oddly enough in my (release) build using gcc12 I actually see emulator
code shrink by about 40 bytes. Diff-ing the disassembly I can't really
attribute this to the particular changes, but instead it looks like
certain scheduling, inlining, and code folding decisions are done
differently.
--- a/xen/arch/x86/hvm/hvm.c
+++ b/xen/arch/x86/hvm/hvm.c
@@ -3860,7 +3860,7 @@ void hvm_ud_intercept(struct cpu_user_re
/* Zero the upper 32 bits of %rip if not in 64bit mode. */
if ( !(hvm_long_mode_active(cur) && cs->l) )
- regs->rip = regs->eip;
+ regs->rip = (uint32_t)regs->rip;
add_taint(TAINT_HVM_FEP);
--- a/xen/arch/x86/hvm/svm/svm.c
+++ b/xen/arch/x86/hvm/svm/svm.c
@@ -1420,7 +1420,7 @@ static void cf_check svm_inject_event(co
*/
if ( !((vmcb_get_efer(vmcb) & EFER_LMA) && vmcb->cs.l) )
{
- regs->rip = regs->eip;
+ regs->rip = (uint32_t)regs->rip;
vmcb->nextrip = (uint32_t)vmcb->nextrip;
}
--- a/xen/arch/x86/hvm/vmx/vmx.c
+++ b/xen/arch/x86/hvm/vmx/vmx.c
@@ -4760,7 +4760,7 @@ out:
regs->rip = (long)(regs->rip << (64 - VADDR_BITS)) >>
(64 - VADDR_BITS);
else
- regs->rip = regs->eip;
+ regs->rip = (uint32_t)regs->rip;
}
else
domain_crash(v->domain);
--- a/xen/arch/x86/x86_emulate/x86_emulate.c
+++ b/xen/arch/x86/x86_emulate/x86_emulate.c
@@ -503,8 +503,8 @@ static inline void put_loop_count(
if ( mode_64bit() && ad_bytes == 4 ) \
{ \
_regs.r(cx) = 0; \
- if ( using_si ) _regs.r(si) = _regs.esi; \
- if ( using_di ) _regs.r(di) = _regs.edi; \
+ if ( using_si ) _regs.r(si) = (uint32_t)_regs.r(si); \
+ if ( using_di ) _regs.r(di) = (uint32_t)_regs.r(di); \
} \
goto complete_insn; \
} \
@@ -1984,9 +1984,9 @@ x86_emulate(
case 0x98: /* cbw/cwde/cdqe */
switch ( op_bytes )
{
- case 2: _regs.ax = (int8_t)_regs.al; break; /* cbw */
+ case 2: _regs.ax = (int8_t)_regs.ax; break; /* cbw */
case 4: _regs.r(ax) = (uint32_t)(int16_t)_regs.ax; break; /* cwde */
- case 8: _regs.r(ax) = (int32_t)_regs.eax; break; /* cdqe */
+ case 8: _regs.r(ax) = (int32_t)_regs.r(ax); break; /* cdqe */
}
break;
@@ -8377,7 +8377,7 @@ x86_emulate(
/* Zero the upper 32 bits of %rip if not in 64-bit mode. */
if ( !mode_64bit() )
- _regs.r(ip) = _regs.eip;
+ _regs.r(ip) = (uint32_t)_regs.r(ip);
/* Should a singlestep #DB be raised? */
if ( rc == X86EMUL_OKAY && singlestep && !ctxt->retire.mov_ss )On 17/07/2023 3:13 pm, Jan Beulich wrote: > Not exactly overlapping accesses to objects on the left and right hand > sides of an assignment are generally UB, and hence disallowed by Misra. > While in the specific cases we're talking about here no actual UB can > result as long as the compiler doesn't act actively "maliciously", let's > still switch to using casts combined with exactly overlapping accesses. > > Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
© 2016 - 2024 Red Hat, Inc.