Xen project Mailing List

Re: [Xen-devel] [PATCH 4/4] xen/public: arm: rework the macro set_xen_guest_handle_raw

To: Stefano Stabellini <stefano.stabellini@xxxxxxxxxxxxx>, Julien Grall <julien.grall@xxxxxxxxxx>

From: Ian Campbell <ian.campbell@xxxxxxxxxx>

Date: Tue, 3 Nov 2015 12:35:24 +0000

Cc: xen-devel@xxxxxxxxxxxxxxxxxxxx, Keir Fraser <keir@xxxxxxx>, Ian Jackson <ian.jackson@xxxxxxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Tim Deegan <tim@xxxxxxx>

Delivery-date: Tue, 03 Nov 2015 12:36:03 +0000

List-id: Xen developer discussion <xen-devel.lists.xen.org>

On Mon, 2015-11-02 at 15:55 +0000, Stefano Stabellini wrote: > > > +/* > > + * Macro to set a guest pointer in the handle. > > + * > > + * Note that it's not possible to implement safely a macro to retrieve the > > + * handle unless the guest is built with strict aliasing disabling. > > + * Hence, we don't provide a such macro in the public headers. > > + */ > > +#define set_xen_guest_handle_raw(hnd, val)ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ\ > > +ÂÂÂÂdo {ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ\ > > +ÂÂÂÂÂÂÂÂ/* Check if the handle is 64-bit (i.e 8-byte) */ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ\ > > +ÂÂÂÂÂÂÂÂ(void) sizeof(struct { int : -!!(sizeof (hnd) != 8); > > });ÂÂÂÂÂÂÂÂ\ > > +ÂÂÂÂÂÂÂÂ/* Check if the type of val is compatible with the handle > > */ÂÂÂÂ\ > > +ÂÂÂÂÂÂÂÂ(void) sizeof((val) != > > (hnd).p);ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ\ > > +ÂÂÂÂÂÂÂÂ(hnd).q = > > (uint64_t)(uintptr_t)(val);ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ\ > > ÂÂÂÂÂ} while ( 0 ) > > Honestly I would be OK with having a typeof in the public headers to > avoid this code, which is much harder to follow. I suppose your objection is to two things: +ÂÂÂÂÂÂÂ /* Check if the handle is 64-bit (i.e 8-byte) */ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ \ +ÂÂÂÂÂÂÂ (void) sizeof(struct { int : -!!(sizeof (hnd) != 8); });ÂÂÂÂÂÂÂ \ and +ÂÂÂÂÂÂÂ /* Check if the type of val is compatible with the handle */ÂÂÂ \ +ÂÂÂÂÂÂÂ (void) sizeof((val) != (hnd).p);ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ \ The first is really just an open coding of BUILD_BUG_ON, I suppose for some reason BUILD_BUG_ON cannot just be used here (I assume because this is itself a macro). Personally I think a comment referring back to BUILD_BUG_ON e.g.: /* BUILD_BUG_ON(sizeof(hnd) != 8); Cannot use real B_B_O in a macro */ would be sufficient. For the second I think the comparison of two pointers in this as a macro type safety check is a common enough idiom that it should be understood. But I wouldn't object to a more explicit comment explaining this, or explaining that sizeof is necessary to not evaluate hnd a second time in the macro. On the second though, Julien I think it needs to be (&val) since you need to compare the pointers to the types to trigger the compiler's "comparing distinct pointer types" warning/error. Also given this new usage I think it would be worth renaming p and q to something less opaque, value and type_check or something would be fine IMHO. > Why don't we do something like the following: Apart from Jan's comment about __asm__ and a question I have about whether it isn't even needed, how certain are you that this doesn't violate any of the C aliasing rules etc? BTW, Julien, I think it would be fine to also make this macro differ for arm32 and arm64, since the arm64 variant would then surely be simpler and the arm32 one might (or might not) be. > diff --git a/xen/include/public/arch-arm.h b/xen/include/public/arch- > arm.h > index 9a96401..e676ffb 100644 > --- a/xen/include/public/arch-arm.h > +++ b/xen/include/public/arch-arm.h > @@ -189,11 +189,12 @@ > Â#define __XEN_GUEST_HANDLE(name)ÂÂÂÂÂÂÂÂ__guest_handle_64_ ## name > Â#define XEN_GUEST_HANDLE(name)ÂÂÂÂÂÂÂÂÂÂ__XEN_GUEST_HANDLE(name) > Â#define XEN_GUEST_HANDLE_PARAM(name)ÂÂÂÂ__guest_handle_ ## name > +#define barrier()ÂÂÂÂÂ__asm__ __volatile__("": : :"memory") > Â#define set_xen_guest_handle_raw(hnd, val)ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ\ > ÂÂÂÂÂdo {ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ\ > -ÂÂÂÂÂÂÂÂtypeof(&(hnd)) _sxghr_tmp = &(hnd);ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ\ > -ÂÂÂÂÂÂÂÂ_sxghr_tmp->q = 0;ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ\ > -ÂÂÂÂÂÂÂÂ_sxghr_tmp->p = val;ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ\ > +ÂÂÂÂÂÂÂÂ*((uint64_aligned_t *)&(hnd)) = 0;ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ\ > +ÂÂÂÂÂÂÂÂbarrier();ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ\ > +ÂÂÂÂÂÂÂÂ(hnd).p = val;ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ\ > ÂÂÂÂÂ} while ( 0 ) > Â#ifdef __XEN_TOOLS__ > Â#define get_xen_guest_handle(val, hnd)ÂÂdo { val = (hnd).p; } while (0 _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.