diff options
| author | Stefan Hajnoczi <stefanha@redhat.com> | 2025-06-10 13:36:39 +0100 |
|---|---|---|
| committer | Stefan Hajnoczi <stefanha@redhat.com> | 2025-06-12 13:39:07 -0400 |
| commit | c653b67d1863b7ebfa67f7c9f4aec209d7b5ced5 (patch) | |
| tree | accacdd8b9f096931719b551776f3f6caa78ce61 | |
| parent | d9ce74873a6a5a7c504379857461e4ae64fcf0cd (diff) | |
| download | qemu-c653b67d1863b7ebfa67f7c9f4aec209d7b5ced5.zip qemu-c653b67d1863b7ebfa67f7c9f4aec209d7b5ced5.tar.gz qemu-c653b67d1863b7ebfa67f7c9f4aec209d7b5ced5.tar.bz2 | |
include/qemu/compiler: add QEMU_UNINITIALIZED attribute macro
The QEMU_UNINITIALIZED macro is to be used to skip the default compiler
variable initialization done by -ftrivial-auto-var-init=zero.
Use this in cases where there a method in the device I/O path (or other
important hot paths), that has large variables on the stack. A rule of
thumb is that "large" means a method with 4kb data in the local stack
frame. Any variables which are KB in size, should be annotated with this
attribute, to pre-emptively eliminate any potential overhead from the
compiler zero'ing memory.
Given that this turns off a security hardening feature, when using this
to flag variables, it is important that the code is double-checked to
ensure there is no possible use of uninitialized data in the method.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-id: 20250610123709.835102-2-berrange@redhat.com
[DB: split off patch & rewrite guidance on when to use the annotation]
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
| -rw-r--r-- | include/qemu/compiler.h | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/include/qemu/compiler.h b/include/qemu/compiler.h index 496dac5..65b8995 100644 --- a/include/qemu/compiler.h +++ b/include/qemu/compiler.h @@ -208,6 +208,26 @@ #endif /* + * Disable -ftrivial-auto-var-init on a local variable. + * + * Use this in cases where there a method in the device I/O path (or other + * important hot paths), that has large variables on the stack. A rule of + * thumb is that "large" means a method with 4kb data in the local stack + * frame. Any variables which are KB in size, should be annotated with this + * attribute, to pre-emptively eliminate any potential overhead from the + * compiler's implicit zero'ing of memory. + * + * Given that this turns off a security hardening feature, when using this + * to flag variables, it is important that the code is double-checked to + * ensure there is no possible use of uninitialized data in the method. + */ +#if __has_attribute(uninitialized) +# define QEMU_UNINITIALIZED __attribute__((uninitialized)) +#else +# define QEMU_UNINITIALIZED +#endif + +/* * http://clang.llvm.org/docs/ThreadSafetyAnalysis.html * * TSA is available since clang 3.6-ish. |