[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH for-4.16 v2] efi: fix alignment of function parameters in compat mode

  • To: Jan Beulich <jbeulich@xxxxxxxx>
  • From: Roger Pau Monné <roger.pau@xxxxxxxxxx>
  • Date: Thu, 18 Nov 2021 11:20:38 +0100
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=VlgMutMQb+2IUHmemPA9szW1fAYLAb1w4VIV8ymViM8=; b=a1vq/2VihPRMeFBmaxPo+r4EOB7pMZOrG+4hZBugc/uoVUDkYqGWEO5wSWHxJh8q92Ivd/rQRFtSaEy6F2cg3zuzfdFU0cJ+vFxJ12b8OJCnY31pvTX1HnbmmqSdjVlUENcWT6RF7+cisaDxssaRmaeVlHCDshZtGK4N2gYlWPvfZ4wBPkDCSyaqvQiWHfkW1NPngMsWCOD64B0NpZspO9Gdwk/nfPoWdd1wsb5n6bAfmZ4i1H7FKtzqzCo2fvX6gemT+lkladJBMxhvC5E80WA2GOEhm4fymJ8kpoQvgUFVHgOTBMiKZocbIHBo8vA4vALDoXYGxSUoa7wEBZhlFg==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=CfDIAcPYzf5FgfjcurvhCHbZF+Ou+uBMsXYhVs38kumWuFP0cb9AHKiMB1Njqsmn7/YfTCfi4H5gVIJW6OZelb1F7dFQkCmWIORurtNFjac4J+qW1b5VLati9oPYbMnpEj5BwZlhnT7mScj5ekBhGTjxbmVHSJDsW/wgJ2XaEg3BKaiDl0EzPKIdyBMbbc4iXQgCKD9tIFoPNDs9Bf3PWDL/5f3saMeUgb/nafYU+3fSltwb7Wkgs5C/SeTGQOcC9jR1TVCzhOiqcWZluLkY2NFlv8JEQpt/b7o8NTT6Wrdo6U9PDQIx/vl+nvFYUSiFYOaheNdnQzd3Ju3Ybke2AQ==
  • Authentication-results: esa3.hc3370-68.iphmx.com; dkim=pass (signature verified) header.i=@citrix.onmicrosoft.com
  • Cc: Ian Jackson <iwj@xxxxxxxxxxxxxx>, <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • Delivery-date: Thu, 18 Nov 2021 10:21:25 +0000
  • Ironport-data: A9a23:4b4J+qiTxj9crl8tyHmhVvyEX161hxcKZh0ujC45NGQN5FlHY01je htvCDuDM/iPa2H8Ld51at+09BgD7ZbUm98yTlRoqS5mEC8b9cadCdqndUqhZCn6wu8v7a5EA 2fyTvGacajYm1eF/k/F3oAMKRCQ7InQLlbGILes1htZGEk0F0/NtTo5w7Rg29cx0YDja++wk YiaT/P3aQfNNwFcagr424rbwP+4lK2v0N+wlgVWicFj5DcypVFMZH4sDfjZw0/DaptVBoaHq 9Prl9lVyI97EyAFUbtJmp6jGqEDryW70QKm0hK6UID66vROS7BbPg/W+5PwZG8O4whlkeydx /0Up5mTdCR3N5Tsxu8yXiBXMmJ/DO5vreqvzXiX6aR/zmXDenrohf5vEFs3LcsT/eMf7WNmr KJCbmpXN1ba2rzwkOnTpupE36zPKOHxO4wSoDd4xCzxBvc6W5HTBa7N4Le02R9t1pkVRq2GN qL1bxJpUzbtPCBLIWw9Ea4QoNyvvFSuWj1x/Qf9Sa0fvDGIkV0ZPKLWGMrYfJmGSNtYmm6cp 3na5CLpDxcCLtudxDGZtHW2iYfnnDz5cJIfEqWi8fxni0HVwXYcYDUUX1ampfiyimalRslSb UcT/0ITQbMarRLxCIOnBlvh/SDC7kV0t8ds//MSsROI6Zf3vQ+gJjYPYTN4Z/1ltf51bGl/v rOWpO/BCTtqubyTbHuS8LaIsD+/URQowX8+iTwsFlVcvYS6yG0npleWF4s4Tvbp5jHgMWiom 2jikcQou1kEYSfnPY2f9EuPvT+jr4OhouUdtlSOBTLNAu+UieeYi22UBbrzsaYowGWxFADpU J04dy62trxm4XalznLlfQn1NOv1j8tpyRWF6bKVI7Ev9i6251modp1K7Td1KS9Ba5hfJma2P BKP6V4Bvve/2UdGi4ctP+pd7Oxwk8Dd+SnNDKiIPrKinLAvHON4wM2eTRHJhD28+KTduao+J Y2aYa6R4YUyUsxaIM6Nb75Fi9cDn3lmrUuKHMyT50n3gNK2OS/OIZ9YYQTmUwzMxP7dyOkj2 40EbJXiJtQ2eLCWXxQ7BqZPdw1XdiZiWsitwyGVH8baSjdb9KgaI6a56ZsqepB/nrQTkeHN/ 3qnXVRfxka5jnrCQThmoFg5AF82dZog/389IwI2OlOkhyoqbYq1tf9NfJorZ7g3sudkyKcsH fUCfsyBBNVJSyjGpGtBPcWs8tQ6eUT5nx+KMgqkfCM7I8xqSTvW94K2ZQDo7iQPUHa67JNsv 7262wrHapMfXAA+Xt3OYfeiwgrp73gQke5/RWXSJdxXdBm++YRmMXWp3PQ2P9sNOVPIwT7Dj 1SaBhIRpO/spY4p8YaW2fDY/tnxS+YnRxhUBWjW67qyJBL2xGv7zN8SSvuMcBDcSHjwpPeoa 9JKwqyuK/YAhltL7dZxSu450aIk6tLzjLZG1QA4Tm7TZlGmB748cHmL2c5D6v9EyrND4FbkX 0uO/p9ROKmTOdOjG1kUfVJ3YuOG3PASuz/T8fVqfxmquH4ppOKKARdIIh2BqC1BN78kYooqz NAotNMS9wHi2AEhNcyLj3wM+mmBRpDav37Lan3O7FfXtzcW
  • Ironport-hdrordr: A9a23:IAy/fKmNcOmMfj1CadAj7OHMAk3pDfIo3DAbv31ZSRFFG/Fw8P re+8jztCWE7Ar5PUtKpTnuAsW9qB/nmqKdgrNwAV7BZmfbUQKTRekJgLcKqAeAJwTOssJbyK d8Y+xfJbTLfD1HZB/BkWqF+gAbsbu6zJw=
  • Ironport-sdr: j8bf7tjGWMINYw/cB5mB43JSKtf78ZpxjfpjXkFk8qk/BhM9kG1kBUsE3xKehdz/kOLR+7XZ6K i5WXWs7YX/8v/1reek2uvaQpWblgDqbb/XmkZBR6/JiEopT5BRylH+fkmsZiqsPDRb5hl4EpKz VfI5muV7JGuk0EYwCPe8/eh1qui1/2F4jVeXWGJbsBkdUEzFkB5X4S2DQIAZQfEgtuYFPVXjJR 3QGwt/U5mnPhZE0PovIxEqY27klsXzkxdJDT5MV5zHVOEm0IwacWLu6S2wPrtq5oKi6BGMnMH2 01we4MOlzNKuDCYGYAtx686c
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On Thu, Nov 18, 2021 at 10:46:32AM +0100, Jan Beulich wrote:
> On 18.11.2021 09:28, Roger Pau Monne wrote:
> > Currently the max_store_size, remain_store_size and max_size in
> > compat_pf_efi_runtime_call are 4 byte aligned, which makes clang
> > 13.0.0 complain with:
> > 
> > In file included from compat.c:30:
> > ./runtime.c:646:13: error: passing 4-byte aligned argument to 8-byte 
> > aligned parameter 2 of 'QueryVariableInfo' may result in an unaligned 
> > pointer access [-Werror,-Walign-mismatch]
> >             &op->u.query_variable_info.max_store_size,
> >             ^
> > ./runtime.c:647:13: error: passing 4-byte aligned argument to 8-byte 
> > aligned parameter 3 of 'QueryVariableInfo' may result in an unaligned 
> > pointer access [-Werror,-Walign-mismatch]
> >             &op->u.query_variable_info.remain_store_size,
> >             ^
> > ./runtime.c:648:13: error: passing 4-byte aligned argument to 8-byte 
> > aligned parameter 4 of 'QueryVariableInfo' may result in an unaligned 
> > pointer access [-Werror,-Walign-mismatch]
> >             &op->u.query_variable_info.max_size);
> >             ^
> > Fix this by bouncing the variables on the stack in order for them to
> > be 8 byte aligned.
> > 
> > Note this could be done in a more selective manner to only apply to
> > compat code calls, but given the overhead of making an EFI call doing
> > an extra copy of 3 variables doesn't seem to warrant the special
> > casing.
> > 
> > Signed-off-by: Roger Pau Monné <roger.pau@xxxxxxxxxx>
> > Release-Acked-by: Ian Jackson <iwj@xxxxxxxxxxxxxx>
> 
> The code change looks correct to me, so it could have my R-b, but I'd
> like to ask for some clarification first.
> 
> > --- a/xen/common/efi/runtime.c
> > +++ b/xen/common/efi/runtime.c
> > @@ -607,6 +607,9 @@ int efi_runtime_call(struct xenpf_efi_runtime_call *op)
> >      break;
> >  
> >      case XEN_EFI_query_variable_info:
> > +    {
> > +        uint64_t max_store_size, remain_store_size, max_size;
> > +
> >          if ( op->misc & ~XEN_EFI_VARINFO_BOOT_SNAPSHOT )
> >              return -EINVAL;
> >  
> > @@ -638,16 +641,34 @@ int efi_runtime_call(struct xenpf_efi_runtime_call 
> > *op)
> >  
> >          if ( !efi_enabled(EFI_RS) || (efi_rs->Hdr.Revision >> 16) < 2 )
> >              return -EOPNOTSUPP;
> > +
> > +        /*
> > +         * Bounce the variables onto the stack to make them 8 byte aligned 
> > when
> > +         * called from the compat handler, as their placement in
> > +         * compat_pf_efi_runtime_call will make them 4 byte aligned 
> > instead and
> > +         * clang will complain.
> 
> I expect future gcc would also complain; I'm actually surprised it
> doesn't already, as I recall work in that direction was done for one
> of the more recent releases. Hence while I'm fine with referring to
> clang specifically in the description, I'd prefer the comment here
> to be more generic. E.g. "... and compilers may validly complain."

Sure.

> > +         * Note we do this regardless of whether called from the compat 
> > handler
> > +         * or not, as it's not worth the extra logic to differentiate.
> > +         */
> > +        max_store_size = op->u.query_variable_info.max_store_size;
> > +        remain_store_size = op->u.query_variable_info.remain_store_size;
> > +        max_size = op->u.query_variable_info.max_size;
> 
> All three are OUT only as per the EFI spec. I'm not going to insist
> on dropping these assignments, but their presence wants justifying
> in the comment if you want to retain them. E.g. "While the function
> parameters are OUT only, copy the values here anyway just in case."
> Obviously if the assignments here were dropped, the local variables
> would need to gain initializers to avoid leaking hypervisor stack
> data.

I think it's important to do the copy in order to prevent changes in
behavior. Even if explicitly listed as OUT I won't be surprised if
there where quirks that passed something in.

What about replacing the last paragraph with:

"Note that while the function parameters are OUT only, copy the values
here anyway just in case. This is done regardless of whether called
from the compat handler or not, as it's not worth the extra logic to
differentiate."

> If you agree with the suggested comment adjustments (and don't want
> to e.g. go the route of dropping the assignments), I'd be happy to
> make such adjustments while committing alongside adding my R-b. For
> anything else I'd like to ask for a v3 submission.

Sure.

Thanks, Roger.

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.