From: "Daniel P. Berrangé" <berrange@redhat.com>
To: qemu-devel@nongnu.org
Cc: "Philippe Mathieu-Daudé" <philmd@linaro.org>,
"Michael S. Tsirkin" <mst@redhat.com>,
"Peter Maydell" <peter.maydell@linaro.org>,
qemu-block@nongnu.org, "Stefan Hajnoczi" <stefanha@redhat.com>,
"Kevin Wolf" <kwolf@redhat.com>,
"Daniel P. Berrangé" <berrange@redhat.com>
Subject: [PATCH 01/31] include/qemu/compiler: add QEMU_UNINITIALIZED attribute macro
Date: Tue, 10 Jun 2025 13:36:39 +0100 [thread overview]
Message-ID: <20250610123709.835102-2-berrange@redhat.com> (raw)
In-Reply-To: <20250610123709.835102-1-berrange@redhat.com>
From: Stefan Hajnoczi <stefanha@redhat.com>
The QEMU_UNINITIALIZED macro is to be used to skip the default compiler
variable initialization done by -ftrivial-auto-var-init=zero.
Use this in cases where there a method in the device I/O path (or other
important hot paths), that has large variables on the stack. A rule of
thumb is that "large" means a method with 4kb data in the local stack
frame. Any variables which are KB in size, should be annotated with this
attribute, to pre-emptively eliminate any potential overhead from the
compiler zero'ing memory.
Given that this turns off a security hardening feature, when using this
to flag variables, it is important that the code is double-checked to
ensure there is no possible use of uninitialized data in the method.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
[DB: split off patch & rewrite guidance on when to use the annotation]
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---
include/qemu/compiler.h | 20 ++++++++++++++++++++
1 file changed, 20 insertions(+)
diff --git a/include/qemu/compiler.h b/include/qemu/compiler.h
index 496dac5ac1..65b89958d3 100644
--- a/include/qemu/compiler.h
+++ b/include/qemu/compiler.h
@@ -207,6 +207,26 @@
# define QEMU_USED
#endif
+/*
+ * Disable -ftrivial-auto-var-init on a local variable.
+ *
+ * Use this in cases where there a method in the device I/O path (or other
+ * important hot paths), that has large variables on the stack. A rule of
+ * thumb is that "large" means a method with 4kb data in the local stack
+ * frame. Any variables which are KB in size, should be annotated with this
+ * attribute, to pre-emptively eliminate any potential overhead from the
+ * compiler's implicit zero'ing of memory.
+ *
+ * Given that this turns off a security hardening feature, when using this
+ * to flag variables, it is important that the code is double-checked to
+ * ensure there is no possible use of uninitialized data in the method.
+ */
+#if __has_attribute(uninitialized)
+# define QEMU_UNINITIALIZED __attribute__((uninitialized))
+#else
+# define QEMU_UNINITIALIZED
+#endif
+
/*
* http://clang.llvm.org/docs/ThreadSafetyAnalysis.html
*
--
2.49.0
next prev parent reply other threads:[~2025-06-10 12:39 UTC|newest]
Thread overview: 42+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-06-10 12:36 [PATCH 00/31] Skip automatic zero-init of large arrays / structs in I/O paths Daniel P. Berrangé
2025-06-10 12:36 ` Daniel P. Berrangé [this message]
2025-06-10 12:36 ` [PATCH 02/31] hw/virtio/virtio: avoid cost of -ftrivial-auto-var-init in hot path Daniel P. Berrangé
2025-06-10 12:36 ` [PATCH 03/31] block: skip automatic zero-init of large array in ioq_submit Daniel P. Berrangé
2025-06-10 12:36 ` [PATCH 04/31] chardev/char-fd: skip automatic zero-init of large array Daniel P. Berrangé
2025-06-10 12:36 ` [PATCH 05/31] chardev/char-pty: " Daniel P. Berrangé
2025-06-10 12:36 ` [PATCH 06/31] chardev/char-socket: " Daniel P. Berrangé
2025-06-10 12:36 ` [PATCH 07/31] hw/audio/ac97: skip automatic zero-init of large arrays Daniel P. Berrangé
2025-06-10 12:36 ` [PATCH 08/31] hw/audio/cs4231a: " Daniel P. Berrangé
2025-06-10 12:36 ` [PATCH 09/31] hw/audio/es1370: skip automatic zero-init of large array Daniel P. Berrangé
2025-06-10 12:36 ` [PATCH 10/31] hw/audio/gus: " Daniel P. Berrangé
2025-06-10 12:36 ` [PATCH 11/31] " Daniel P. Berrangé
2025-06-10 14:23 ` Daniel P. Berrangé
2025-06-10 12:36 ` [PATCH 12/31] hw/audio/sb16: " Daniel P. Berrangé
2025-06-10 12:36 ` [PATCH 13/31] hw/audio/via-ac97: " Daniel P. Berrangé
2025-06-10 12:36 ` [PATCH 14/31] hw/char/sclpconsole-lm: " Daniel P. Berrangé
2025-06-10 12:36 ` [PATCH 15/31] hw/dma/xlnx_csu_dma: " Daniel P. Berrangé
2025-06-10 12:36 ` [PATCH 16/31] hw/display/vmware_vga: skip automatic zero-init of large struct Daniel P. Berrangé
2025-06-10 12:36 ` [PATCH 17/31] hw/hyperv/syndbg: skip automatic zero-init of large array Daniel P. Berrangé
2025-06-10 12:36 ` [PATCH 18/31] hw/misc/aspeed_hace: " Daniel P. Berrangé
2025-06-10 12:36 ` [PATCH 19/31] hw/net/rtl8139: " Daniel P. Berrangé
2025-06-10 12:36 ` [PATCH 20/31] hw/net/tulip: " Daniel P. Berrangé
2025-06-10 12:36 ` [PATCH 21/31] hw/net/virtio-net: skip automatic zero-init of large arrays Daniel P. Berrangé
2025-06-10 12:37 ` [PATCH 22/31] hw/net/xgamc: skip automatic zero-init of large array Daniel P. Berrangé
2025-06-10 12:37 ` [PATCH 23/31] hw/nvme/ctrl: skip automatic zero-init of large arrays Daniel P. Berrangé
2025-06-11 8:55 ` Klaus Jensen
2025-06-10 12:37 ` [PATCH 24/31] hw/ppc/pnv_occ: skip automatic zero-init of large struct Daniel P. Berrangé
2025-06-11 9:09 ` Harsh Prateek Bora
2025-06-10 12:37 ` [PATCH 25/31] hw/ppc/spapr_tpm_proxy: skip automatic zero-init of large arrays Daniel P. Berrangé
2025-06-11 9:20 ` Harsh Prateek Bora
2025-06-10 12:37 ` [PATCH 26/31] hw/usb/hcd-ohci: skip automatic zero-init of large array Daniel P. Berrangé
2025-06-10 12:37 ` [PATCH 27/31] hw/scsi/lsi53c895a: " Daniel P. Berrangé
2025-06-10 12:37 ` [PATCH 28/31] hw/scsi/megasas: skip automatic zero-init of large arrays Daniel P. Berrangé
2025-06-10 12:37 ` [PATCH 29/31] hw/ufs/lu: skip automatic zero-init of large array Daniel P. Berrangé
2025-06-10 12:37 ` [PATCH 30/31] net/socket: " Daniel P. Berrangé
2025-06-10 12:37 ` [PATCH 31/31] net/stream: " Daniel P. Berrangé
2025-06-10 12:49 ` [PATCH 00/31] Skip automatic zero-init of large arrays / structs in I/O paths Philippe Mathieu-Daudé
2025-06-10 12:56 ` Daniel P. Berrangé
2025-06-10 15:00 ` Philippe Mathieu-Daudé
2025-06-10 15:56 ` Daniel P. Berrangé
2025-06-10 14:04 ` Stefan Hajnoczi
2025-06-11 19:19 ` Stefan Hajnoczi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250610123709.835102-2-berrange@redhat.com \
--to=berrange@redhat.com \
--cc=kwolf@redhat.com \
--cc=mst@redhat.com \
--cc=peter.maydell@linaro.org \
--cc=philmd@linaro.org \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
--cc=stefanha@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).