[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Eclair false positive] Re: [PATCH] x86/msr: Rework wrmsr_safe() using asm goto()

  • To: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
  • From: Nicola Vetrini <nicola.vetrini@xxxxxxxxxxx>
  • Date: Wed, 21 May 2025 21:21:18 +0200
  • Arc-authentication-results: i=1; bugseng.com; arc=none smtp.remote-ip=162.55.131.47
  • Arc-message-signature: i=1; d=bugseng.com; s=openarc; a=rsa-sha256; c=relaxed/relaxed; t=1747855278; h=DKIM-Signature:MIME-Version:Date:From:To:Cc:Subject:In-Reply-To: References:Message-ID:X-Sender:Organization:Content-Type: Content-Transfer-Encoding; bh=ZraXWh/iQ3lNhXXC1xKcadFz6sINU0JgNn4VFrkMYL8=; b=ZJgQQL20o1vedpFCeFzvk27UBS5LjBtYDfA3kk3WFEsrrFS+6eoGvvou/2S1l8rLsV2T DZQKimTxIXWV6B8evj6EjscXwNKJ+KCvxvHv/bb2CatMcWlzhDSpRpUA4/LVyGxgWXuW3 1L7fCh+ffybfQ21ZbS+8ujMOkl39r5WDeNBFx+dVIoyrf5ypiU8R2pI476IkCbLpH5JxC sbTaApjaM1/BU2rXsSXsV/Mvn4oXqDqFRbnyLkB+OVLX5mQA0ahEHFzO5L+4tDOQ+/Day /JE3N0krhDjAoagYRUVCg2IeyVLOQxSkNU4S/N2UMpSqhHHOpBhvXvbI1IMC9wRcXjF6W NmewFTanGj7Oy8me3q6nQUk8s42Sk9PxsCRJVhHpLpnzK6yxxJFHN71MoGEBP1ao5jZ2I WS2NstnBlVTqFdNiy9Fs9XQ9gW5t8s/4eDuyLbL3fFrVOIpy1gDm3b0er4FuZyR5AKGRh uQM637gEg0bdpPXkxc4fk5A/10w16xEmFhatzc7jwiDluffeYDxHHGpEsu4GwyOqo3UMz Tl8hv/Lzk3NhE6BLFTve3TyddrV8pVFDZSnz3DSRfPwg9g9ONuv24+iC3DYPLKyzRKjrm 4z1UOzVVLVbrR+HZPjNYpTs1psyBKyJqCpLL8iOaacz2YiomTHY5musfyuKa4IU=
  • Arc-seal: i=1; d=bugseng.com; s=openarc; a=rsa-sha256; cv=none; t=1747855278; b=LUctiTTGH2+3XzTGk9rizEELeyVu/FbqqsAG2V+413ub7cezO1DS8WAfpQpOefHxykfl md8fJhP0+v+APOuo6aAgUBf6MBlYe5QZhhkSqxblgXR2diFmHip/9j1VJMVMcT3KWtsDZ ht6WMv/nHsUDJcRtpaPoyGa3dYOS16Q7NY3Yyv1jUNvLMuSPJZILMyCmWSD57CDdxr6eW WQ/DDZAN2PJqzL1nszxNfnwO9YrxaRxiyUkes/qvg6ee4PbnEYQt4NEWupSNRznx7poFX c+yDS9BoKVOl62iW+oYXnTpBrWNU+oXk/hRDhKjsIlNORBPrBJkIAg8gXJbzWfXmwEbH5 c7xqHxLXg56cj0MKmDyBSb7P8Hbj02U4KWHurKV6FZXHlgnTClegvPcHarp8C8xSx0Q9N Cf8i4/zmKloB/nkLMAD4QouGqnSbfyhcJKl2y/GrFvOeg6dIKZLh10rd5C+BcsU2E913c mf1CZ3y7mRo7/143PXMal3CMEYoeeqduXJoDmputG6nMDa1X41qtji/cra/SYREIQjsbT n589xsPYDx0I0VhvDOYBEa6jx31CMPl6mxQqQbXh6PiNbxkidzbTM67izpaDyTTeXuJUt gecOChMTdr5lBX4LQJKNv/CEOTPtxPu0ehejQpLvgOwv0BohLaBmImHtOp/tZAg=
  • Authentication-results: bugseng.com; arc=none smtp.remote-ip=162.55.131.47
  • Cc: Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Jan Beulich <JBeulich@xxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, consulting@xxxxxxxxxxx, Stefano Stabellini <sstabellini@xxxxxxxxxx>
  • Delivery-date: Wed, 21 May 2025 19:21:36 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 2025-05-21 20:00, Andrew Cooper wrote:

On 21/05/2025 3:36 pm, Andrew Cooper wrote:
diff --git a/xen/arch/x86/include/asm/msr.h b/xen/arch/x86/include/asm/msr.h 
index 0d3b1d637488..4c4f18b3a54d 100644
--- a/xen/arch/x86/include/asm/msr.h
+++ b/xen/arch/x86/include/asm/msr.h
@@ -69,20 +69,20 @@ static inline void wrmsr_ns(uint32_t msr, uint32_t lo, uint32_t hi) 
 /* wrmsr with exception handling */
 static inline int wrmsr_safe(unsigned int msr, uint64_t val)
 {
-    int rc;
-    uint32_t lo, hi;
-    lo = (uint32_t)val;
-    hi = (uint32_t)(val >> 32);
-
-    __asm__ __volatile__(
-        "1: wrmsr\n2:\n"
-        ".section .fixup,\"ax\"\n"
-        "3: movl %5,%0\n; jmp 2b\n"
-        ".previous\n"
-        _ASM_EXTABLE(1b, 3b)
-        : "=&r" (rc)
-        : "c" (msr), "a" (lo), "d" (hi), "0" (0), "i" (-EFAULT));
-    return rc;
+    uint32_t lo = val, hi = val >> 32;
+
+    asm_inline goto (
+        "1: wrmsr\n\t"
+        _ASM_EXTABLE(1b, %l[fault])
+        :
+        : "a" (lo), "c" (msr), "d" (hi)
+        :
+        : fault );
+
+    return 0;
+
+ fault:
+    return -EFAULT;
 }
It turns out this is the first piece of Eclair-scanned code using asm goto. 

https://gitlab.com/xen-project/hardware/xen-staging/-/jobs/10108558677
(The run also contained an equivalent change to xsetbv())

We're getting R1.1 and R2.6 violations.
R1.1 complains about [STD.adrslabl] "label address" not being valid C99. 

R2.6 complains about unused labels.
I expect this means that Eclair doesn't know how to interpret asm goto() 
yet.  The labels listed are reachable from inside the asm block.

From a qualification point of view, this allows for some extensive
optimisations dropping emitted code.



Hi Andrew,
R1.1 is easy to fix, I'll send a patch myself. On R2.6 you are probably right. I suggest marking the rule not clean to unblock while we investigate. It should not be hard to fix this FP. 

Thanks,
 Nicola

~Andrew


--
Nicola Vetrini, B.Sc.
Software Engineer
BUGSENG (https://bugseng.com)
LinkedIn: https://www.linkedin.com/in/nicola-vetrini-a42471253

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.