[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] misra: avoid unsafe cast of __init_begin

  • To: Dmytro Prokopchuk1 <dmytro_prokopchuk1@xxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
  • Date: Tue, 28 Oct 2025 19:57:12 +0000
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=6IIgSA0kMWtXWV/F+EtIK0Whz55JWtvAEip39HJMEx8=; b=q14mZyyVa/Fiayuz+/NvesbdwBV4E+PxyjLJNV5HJbtBsB+ibQVjJUANH7ULj6GV0vWrgcKCB9/Nx3Gp1+MkYztos4Ih7DAyXqs5i8SC0pk8TN7SblgnzIZn0Rfuen8d/ZuMOsOix8ifRvtn1FM2P4izmKd8c+9mOzWYTFImrL0lHGJvx9A4Xnv3ISGzB5wwtVK3KG0uVQNv1Ybo+MPJKB5zmCdQhDXGWFNBYzq/XsDUnWW/vHPBBHc1t99eYmS+B+1eDbuqYzE8rxBBfP20RMIbhDAVz499qyWN1HXly6rGSC1I2P9k+HVdEVDGQsySXh1NXiGW6d/ETSu9qCNshw==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=GcCIo762WZi4EV0AgY35X8NANa1GyAt7HboR6ndni5np2Dctyt2QUR2ZL24f0vXF2tayMI5hMdMoNuEZsAb5v/36Ov8SbGxt+LVB8UdzcLvtc2iDq5AQqiXtUOVTAQS0TO8dJYgYgJFfA8PIlHvLC6s6dYEsvHaZAZI2/Wq5Vd319p+YfoMzJLDYa4NzO5p+22/DV8RTR7ixEOFQk8K5zDH9PkfEoItqSvpPhCsIQgoTKQkIUwylhsAQ73yUxn4lhoVeXTOgrhaD8eFc10fksrQdbBOAN7F/Qld/E+i8JQ9f1eTskUbQILzkeKA46p+cW/uzicZD8wQE78QzyyakCA==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=citrix.com;
  • Cc: Stefano Stabellini <sstabellini@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Bertrand Marquis <bertrand.marquis@xxxxxxx>, Michal Orzel <michal.orzel@xxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>
  • Delivery-date: Tue, 28 Oct 2025 19:57:31 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 28/10/2025 5:45 pm, Dmytro Prokopchuk1 wrote:
> diff --git a/xen/arch/arm/mmu/setup.c b/xen/arch/arm/mmu/setup.c
> index eb8ed19ca1..00c4c8832d 100644
> --- a/xen/arch/arm/mmu/setup.c
> +++ b/xen/arch/arm/mmu/setup.c
> @@ -481,7 +481,7 @@ void free_init_memory(void)
>      unsigned long len = __init_end - __init_begin;
>      uint32_t insn;
>      unsigned int i, nr = len / sizeof(insn);
> -    uint32_t *p;
> +    uint8_t *p;
>      int rc;
>  
>      rc = modify_xen_mappings((unsigned long)__init_begin,
> @@ -501,9 +501,11 @@ void free_init_memory(void)
>  #else
>      insn = AARCH64_BREAK_FAULT;
>  #endif
> -    p = (uint32_t *)__init_begin;
>      for ( i = 0; i < nr; i++ )
> -        *(p + i) = insn;
> +    {
> +        p = (uint8_t *)__init_begin + i * sizeof(insn);
> +        memcpy(p, &insn, sizeof(insn));
> +    }
>  
>      rc = destroy_xen_mappings((unsigned long)__init_begin,
>                                (unsigned long)__init_end);

I'm in agreement with Eclair, this is horrible code.

Putting an undefined instruction here is pretty useless.  By the time
destroy_xen_mappings() completes, you'll suffer a pagefault from trying
to execute there, rather than actually getting to execute code.

On x86 we simply zero the memory and then hand it back to the heap
allocator.  ARM doesn't seem to do this yet.

Irrespective, it either wants zeroing, or maybe SCRUB_PATTERN as we use
for other invalid memory.

Both of these can be done with a simple memset(), which simplifies
everything.

~Andrew

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.