Xen project Mailing List

Re: [PATCH] x86/altcall: use an union as register type for function parameters

From: Roger Pau Monné <roger.pau@xxxxxxxxxx>

Date: Thu, 22 Feb 2024 09:33:37 +0100

Cc: Jan Beulich <jbeulich@xxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>

Delivery-date: Thu, 22 Feb 2024 08:33:48 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On Wed, Feb 21, 2024 at 06:03:31PM +0100, Roger Pau Monne wrote: > The current code for alternative calls uses the caller parameter types as the > types for the register variables that serve as function parameters: > > uint8_t foo; > [...] > alternative_call(myfunc, foo); > > Would expand roughly into: > > register unint8_t a1_ asm("rdi") = foo; > register unsigned long a2_ asm("rsi"); > [...] > asm volatile ("call *%c[addr](%%rip)"...); > > However under certain circumstances clang >= 16.0.0 with -O2 can generate > incorrect code, given the following example: > > unsigned int func(uint8_t t) > { > return t; > } > > static void bar(uint8_t b) > { > int ret_; > register uint8_t di asm("rdi") = b; > register unsigned long si asm("rsi"); > register unsigned long dx asm("rdx"); > register unsigned long cx asm("rcx"); > register unsigned long r8 asm("r8"); > register unsigned long r9 asm("r9"); > register unsigned long r10 asm("r10"); > register unsigned long r11 asm("r11"); > > asm volatile ( "call %c[addr]" > : "+r" (di), "=r" (si), "=r" (dx), > "=r" (cx), "=r" (r8), "=r" (r9), > "=r" (r10), "=r" (r11), "=a" (ret_) > : [addr] "i" (&(func)), "g" (func) > : "memory" ); > } > > void foo(unsigned int a) > { > bar(a); > } > > Clang generates the following code: > > func: # @func > movl %edi, %eax > retq > foo: # @foo > callq func > retq > > Note the truncation of the unsigned int parameter 'a' of foo() to uint8_t when > passed into bar() is lost. > > The above can be worked around by using an union when defining the register > variables, so that `di` becomes: > > register union { > uint8_t e; > unsigned long r; > } di asm("rdi") = { .e = b }; > > Which results in following code generated for `foo()`: > > foo: # @foo > movzbl %dil, %edi > callq func > retq > > So the truncation is not longer lost. > This is missing: Reported-by: Matthew Grooms <mgrooms@xxxxxxxxx> Link: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=277200 Link: https://github.com/llvm/llvm-project/issues/82598 Last one is the bug report against llvm. Thanks, Roger.

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.