From: "Daniel P. Berrangé" <berrange@redhat.com>
To: qemu-devel@nongnu.org
Cc: "Philippe Mathieu-Daudé" <philmd@linaro.org>,
"Michael S. Tsirkin" <mst@redhat.com>,
"Peter Maydell" <peter.maydell@linaro.org>,
qemu-block@nongnu.org, "Stefan Hajnoczi" <stefanha@redhat.com>,
"Kevin Wolf" <kwolf@redhat.com>,
"Daniel P. Berrangé" <berrange@redhat.com>
Subject: [PATCH 01/31] include/qemu/compiler: add QEMU_UNINITIALIZED attribute macro
Date: Tue, 10 Jun 2025 13:36:39 +0100 [thread overview]
Message-ID: <20250610123709.835102-2-berrange@redhat.com> (raw)
In-Reply-To: <20250610123709.835102-1-berrange@redhat.com>
From: Stefan Hajnoczi <stefanha@redhat.com>
The QEMU_UNINITIALIZED macro is to be used to skip the default compiler
variable initialization done by -ftrivial-auto-var-init=zero.
Use this in cases where there a method in the device I/O path (or other
important hot paths), that has large variables on the stack. A rule of
thumb is that "large" means a method with 4kb data in the local stack
frame. Any variables which are KB in size, should be annotated with this
attribute, to pre-emptively eliminate any potential overhead from the
compiler zero'ing memory.
Given that this turns off a security hardening feature, when using this
to flag variables, it is important that the code is double-checked to
ensure there is no possible use of uninitialized data in the method.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
[DB: split off patch & rewrite guidance on when to use the annotation]
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---
include/qemu/compiler.h | 20 ++++++++++++++++++++
1 file changed, 20 insertions(+)
diff --git a/include/qemu/compiler.h b/include/qemu/compiler.h
index 496dac5ac1..65b89958d3 100644
--- a/include/qemu/compiler.h
+++ b/include/qemu/compiler.h
@@ -207,6 +207,26 @@
# define QEMU_USED
#endif
+/*
+ * Disable -ftrivial-auto-var-init on a local variable.
+ *
+ * Use this in cases where there a method in the device I/O path (or other
+ * important hot paths), that has large variables on the stack. A rule of
+ * thumb is that "large" means a method with 4kb data in the local stack
+ * frame. Any variables which are KB in size, should be annotated with this
+ * attribute, to pre-emptively eliminate any potential overhead from the
+ * compiler's implicit zero'ing of memory.
+ *
+ * Given that this turns off a security hardening feature, when using this
+ * to flag variables, it is important that the code is double-checked to
+ * ensure there is no possible use of uninitialized data in the method.
+ */
+#if __has_attribute(uninitialized)
+# define QEMU_UNINITIALIZED __attribute__((uninitialized))
+#else
+# define QEMU_UNINITIALIZED
+#endif
+
/*
* http://clang.llvm.org/docs/ThreadSafetyAnalysis.html
*
--
2.49.0
next prev parent reply other threads:[~2025-06-10 12:39 UTC|newest]
Thread overview: 42+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-06-10 12:36 [PATCH 00/31] Skip automatic zero-init of large arrays / structs in I/O paths Daniel P. Berrangé
2025-06-10 12:36 ` Daniel P. Berrangé [this message]
2025-06-10 12:36 ` [PATCH 02/31] hw/virtio/virtio: avoid cost of -ftrivial-auto-var-init in hot path Daniel P. Berrangé
2025-06-10 12:36 ` [PATCH 03/31] block: skip automatic zero-init of large array in ioq_submit Daniel P. Berrangé
2025-06-10 12:36 ` [PATCH 04/31] chardev/char-fd: skip automatic zero-init of large array Daniel P. Berrangé
2025-06-10 12:36 ` [PATCH 05/31] chardev/char-pty: " Daniel P. Berrangé
2025-06-10 12:36 ` [PATCH 06/31] chardev/char-socket: " Daniel P. Berrangé
2025-06-10 12:36 ` [PATCH 07/31] hw/audio/ac97: skip automatic zero-init of large arrays Daniel P. Berrangé
2025-06-10 12:36 ` [PATCH 08/31] hw/audio/cs4231a: " Daniel P. Berrangé
2025-06-10 12:36 ` [PATCH 09/31] hw/audio/es1370: skip automatic zero-init of large array Daniel P. Berrangé
2025-06-10 12:36 ` [PATCH 10/31] hw/audio/gus: " Daniel P. Berrangé
2025-06-10 12:36 ` [PATCH 11/31] " Daniel P. Berrangé
2025-06-10 14:23 ` Daniel P. Berrangé
2025-06-10 12:36 ` [PATCH 12/31] hw/audio/sb16: " Daniel P. Berrangé
2025-06-10 12:36 ` [PATCH 13/31] hw/audio/via-ac97: " Daniel P. Berrangé
2025-06-10 12:36 ` [PATCH 14/31] hw/char/sclpconsole-lm: " Daniel P. Berrangé
2025-06-10 12:36 ` [PATCH 15/31] hw/dma/xlnx_csu_dma: " Daniel P. Berrangé
2025-06-10 12:36 ` [PATCH 16/31] hw/display/vmware_vga: skip automatic zero-init of large struct Daniel P. Berrangé
2025-06-10 12:36 ` [PATCH 17/31] hw/hyperv/syndbg: skip automatic zero-init of large array Daniel P. Berrangé
2025-06-10 12:36 ` [PATCH 18/31] hw/misc/aspeed_hace: " Daniel P. Berrangé
2025-06-10 12:36 ` [PATCH 19/31] hw/net/rtl8139: " Daniel P. Berrangé
2025-06-10 12:36 ` [PATCH 20/31] hw/net/tulip: " Daniel P. Berrangé
2025-06-10 12:36 ` [PATCH 21/31] hw/net/virtio-net: skip automatic zero-init of large arrays Daniel P. Berrangé
2025-06-10 12:37 ` [PATCH 22/31] hw/net/xgamc: skip automatic zero-init of large array Daniel P. Berrangé
2025-06-10 12:37 ` [PATCH 23/31] hw/nvme/ctrl: skip automatic zero-init of large arrays Daniel P. Berrangé
2025-06-11 8:55 ` Klaus Jensen
2025-06-10 12:37 ` [PATCH 24/31] hw/ppc/pnv_occ: skip automatic zero-init of large struct Daniel P. Berrangé
2025-06-11 9:09 ` Harsh Prateek Bora
2025-06-10 12:37 ` [PATCH 25/31] hw/ppc/spapr_tpm_proxy: skip automatic zero-init of large arrays Daniel P. Berrangé
2025-06-11 9:20 ` Harsh Prateek Bora
2025-06-10 12:37 ` [PATCH 26/31] hw/usb/hcd-ohci: skip automatic zero-init of large array Daniel P. Berrangé
2025-06-10 12:37 ` [PATCH 27/31] hw/scsi/lsi53c895a: " Daniel P. Berrangé
2025-06-10 12:37 ` [PATCH 28/31] hw/scsi/megasas: skip automatic zero-init of large arrays Daniel P. Berrangé
2025-06-10 12:37 ` [PATCH 29/31] hw/ufs/lu: skip automatic zero-init of large array Daniel P. Berrangé
2025-06-10 12:37 ` [PATCH 30/31] net/socket: " Daniel P. Berrangé
2025-06-10 12:37 ` [PATCH 31/31] net/stream: " Daniel P. Berrangé
2025-06-10 12:49 ` [PATCH 00/31] Skip automatic zero-init of large arrays / structs in I/O paths Philippe Mathieu-Daudé
2025-06-10 12:56 ` Daniel P. Berrangé
2025-06-10 15:00 ` Philippe Mathieu-Daudé
2025-06-10 15:56 ` Daniel P. Berrangé
2025-06-10 14:04 ` Stefan Hajnoczi
2025-06-11 19:19 ` Stefan Hajnoczi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250610123709.835102-2-berrange@redhat.com \
--to=berrange@redhat.com \
--cc=kwolf@redhat.com \
--cc=mst@redhat.com \
--cc=peter.maydell@linaro.org \
--cc=philmd@linaro.org \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
--cc=stefanha@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.