[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH] misra: avoid unsafe cast of __init_begin
- To: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>
- From: Dmytro Prokopchuk1 <dmytro_prokopchuk1@xxxxxxxx>
- Date: Tue, 28 Oct 2025 17:45:34 +0000
- Accept-language: en-US, uk-UA, ru-RU
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=epam.com; dmarc=pass action=none header.from=epam.com; dkim=pass header.d=epam.com; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=pCM7+BDwMCQjjBuvX0PQk2J+goZfyq9dQeQ+3u5GIh4=; b=QIc7meDs0S9vG9eKm0aE3JvOOHWi7KWDGyCyQeU9L5QyJtRXRQEcLniQ4/Bb6K9u3h4OVezLT3OYuMBc38yfkJ6eR7SWYwnwI1gp4T5s9vKOCTJewoV2+twUE/mccMSBkETCDKOTPIikKhlp18i44Btgyp0+CyahQpnx6fDl3AMP8gZrBZ5VH8q2PUhFwc+UTwimy/h6nHhUODFx2WNJvId+XKK/GYod1a+7R7W0HC+5z+7KA9F6CsQkEeh1vGg2dtoLzhNWPRQq4ZrS1GlTrlnL6FDF4sgGK2AWzF/XqS3aygwAkEUpRKpeX8lwEb+1Uc0wXUMCj9ttxZR6NHkt+Q==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=TX6urfmFGCS1p6jz6MB79rWW90cVarvzr0BBc+wCYlhkrujUO413t5qeQthabcnpFzigqbtyJAHe/F1wr77VuYSNoFY/z8z3sW3MAyDn0bku3UVE188Ngzhkf2zv3RhaaeaM+Abej8SE4rzUNtnhzX7528r709Z8yc7DWBtjRVlGCqoytl03FAA9OIVTigWjoxVs6vOBkI9UO4SFeePK2gzPNK6Crfcd1DrPYhk304oiD6X13H2xfumlZ2GaQf2vh687jJTCzygAx2imu8iF8UiGLABW+D+y29ANAauiYtMhuA5117vEVBRB5ShydmeB36r6Ystc03zA5h10KP2mbQ==
- Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=epam.com;
- Cc: Dmytro Prokopchuk1 <dmytro_prokopchuk1@xxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Bertrand Marquis <bertrand.marquis@xxxxxxx>, Michal Orzel <michal.orzel@xxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>
- Delivery-date: Tue, 28 Oct 2025 17:45:54 +0000
- List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
- Thread-index: AQHcSDKpkOVNAuGy6k6B2JYhgXsvqQ==
- Thread-topic: [PATCH] misra: avoid unsafe cast of __init_begin
MISRA Rule 11.3 prohibits casting between pointers to different object
types (except for char types). The violation with '__init_begin' in
the original code was that it was being cast directly to a 'uint32_t *'
pointer.
To resolve this, replace the direct cast of '__init_begin' to 'uint32_t *'
with a cast to 'uint8_t *', and use 'memcpy()' to write the instruction
value. Using 'memcpy()' avoids undefined behavior related to alignment
and type-punning, and is guaranteed to be safe by the C standard.
No functional changes.
Signed-off-by: Dmytro Prokopchuk <dmytro_prokopchuk1@xxxxxxxx>
---
Second possible solution (I hope) is using SAF comment.
The '__init_begin' is defined in linker script and has proper alignment,
so it's safe to cast it to 'uint32_t *' pointer type.
Test CI pipeline:
https://gitlab.com/xen-project/people/dimaprkp4k/xen/-/pipelines/2125897167
---
xen/arch/arm/mmu/setup.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/xen/arch/arm/mmu/setup.c b/xen/arch/arm/mmu/setup.c
index eb8ed19ca1..00c4c8832d 100644
--- a/xen/arch/arm/mmu/setup.c
+++ b/xen/arch/arm/mmu/setup.c
@@ -481,7 +481,7 @@ void free_init_memory(void)
unsigned long len = __init_end - __init_begin;
uint32_t insn;
unsigned int i, nr = len / sizeof(insn);
- uint32_t *p;
+ uint8_t *p;
int rc;
rc = modify_xen_mappings((unsigned long)__init_begin,
@@ -501,9 +501,11 @@ void free_init_memory(void)
#else
insn = AARCH64_BREAK_FAULT;
#endif
- p = (uint32_t *)__init_begin;
for ( i = 0; i < nr; i++ )
- *(p + i) = insn;
+ {
+ p = (uint8_t *)__init_begin + i * sizeof(insn);
+ memcpy(p, &insn, sizeof(insn));
+ }
rc = destroy_xen_mappings((unsigned long)__init_begin,
(unsigned long)__init_end);
--
2.43.0
|
