Xen project Mailing List

Re: [PATCH v3 4/4] xen/x86: switch x86 to use generic implemetation of bug.h

To: Oleksii Kurochko <oleksii.kurochko@xxxxxxxxx>

Date: Mon, 27 Feb 2023 15:46:26 +0100

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=jdkh2oAG5nnCXQvMNmwAI6pYV0dsGBMjdClv8mL+7Ss=; b=WjTE3jrcXpBB3P3nd4aa89EM/buT5YcdqGvJAIfwPZ2iHUWa8ykrkTVVcRkaJ6Ze3HtywjWS4UWSxPAb06VO1IWDAapqkwC4eAgRmQgyvdHVbcHhSojgZedlO4sTA01w9xMeKoD2JEz0HGqOqfRDZakRe1pQZUvTo4wggIE7j1s3ePlNf9gKWwyCEvgLzcFwTApRwwVc0QvR5/KbksV9548Xd1ahWhUtbMPwAy0VhrRwIv06Oqcc0j3DM99NusBYPQ5m7/FERbF+gZIyyDx2Ao7OBa+RdCc9pcXmY+5ZZfFDoriUrP1GdNWHo42Ixbgw0Zq9tE28jcOXqsQmwO2f6g==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=YLEWDkXW58jvYvdyDFxA+tgP1Wlm9dgE/wEUsRTDZLvP5M7LrGpq6obV+0ev9rKRA72Q1OFUqDbWbNadpc6ZCrjqaV8H0aDRrrZM+yHW60NqDFCG295qBpxBqAi+HyHuuA4ICF5ChGexa8DpEQVt6kgaCtYMZFr7117L7scykk1LgLrMoILRyQ9wEwV7OTFyxFhoeuhOBGTnjqORUlSp0rlF33ozSAt8sRXIugUbV2pfzmEf5b2+8s41IYGiHu9m5dSjszFcWoKeVy60z+g0S08ltL8TjcWfpbVniIEuESIYOMo81u0FjQtnzRILOr/sCytv7Ok6y1ngHTW29Fn3cw==

Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;

Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Gianluca Guida <gianluca@xxxxxxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx

Delivery-date: Mon, 27 Feb 2023 14:46:32 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 24.02.2023 12:31, Oleksii Kurochko wrote: > The following changes were made: > * Make GENERIC_BUG_FRAME mandatory for X86 > * Update asm/bug.h using generic implementation in <xen/bug.h> > * Change prototype of debugger_trap_fatal() in asm/debugger.h > to align it with generic prototype in <xen/debugger.h>. > * Update do_invalid_op using generic do_bug_frame() > > Signed-off-by: Oleksii Kurochko <oleksii.kurochko@xxxxxxxxx> Hmm, there's the question of where to draw the boundary between patch 2 and the one here. Personally I'd say the earlier patch should drop everything that becomes redundant there. I can see the more minimalistic earlier change as viable, but then the description there needs to say why things are being kept which - in principle - could be dropped. > --- a/xen/arch/x86/include/asm/bug.h > +++ b/xen/arch/x86/include/asm/bug.h > @@ -3,75 +3,10 @@ > > #ifndef __ASSEMBLY__ > > -#define BUG_FRAME_STRUCT > +#define BUG_INSTR "ud2" > +#define BUG_ASM_CONST "c" > > -struct bug_frame { > - signed int loc_disp:BUG_DISP_WIDTH; > - unsigned int line_hi:BUG_LINE_HI_WIDTH; > - signed int ptr_disp:BUG_DISP_WIDTH; > - unsigned int line_lo:BUG_LINE_LO_WIDTH; > - signed int msg_disp[]; > -}; > - > -#define bug_loc(b) ((const void *)(b) + (b)->loc_disp) > -#define bug_ptr(b) ((const void *)(b) + (b)->ptr_disp) > -#define bug_line(b) (((((b)->line_hi + ((b)->loc_disp < 0)) & > \ > - ((1 << BUG_LINE_HI_WIDTH) - 1)) << > \ > - BUG_LINE_LO_WIDTH) + > \ > - (((b)->line_lo + ((b)->ptr_disp < 0)) & > \ > - ((1 << BUG_LINE_LO_WIDTH) - 1))) > -#define bug_msg(b) ((const char *)(b) + (b)->msg_disp[1]) > - > -#define _ASM_BUGFRAME_TEXT(second_frame) > \ > - ".Lbug%=: ud2\n" > \ > - ".pushsection .bug_frames.%c[bf_type], \"a\", @progbits\n" > \ > - ".p2align 2\n" > \ > - ".Lfrm%=:\n" > \ > - ".long (.Lbug%= - .Lfrm%=) + %c[bf_line_hi]\n" > \ > - ".long (%c[bf_ptr] - .Lfrm%=) + %c[bf_line_lo]\n" > \ > - ".if " #second_frame "\n" > \ > - ".long 0, %c[bf_msg] - .Lfrm%=\n" > \ > - ".endif\n" > \ > - ".popsection\n" > \ > - > -#define _ASM_BUGFRAME_INFO(type, line, ptr, msg) > \ > - [bf_type] "i" (type), > \ > - [bf_ptr] "i" (ptr), > \ > - [bf_msg] "i" (msg), > \ > - [bf_line_lo] "i" ((line & ((1 << BUG_LINE_LO_WIDTH) - 1)) > \ > - << BUG_DISP_WIDTH), > \ > - [bf_line_hi] "i" (((line) >> BUG_LINE_LO_WIDTH) << BUG_DISP_WIDTH) > - > -#define BUG_FRAME(type, line, ptr, second_frame, msg) do { > \ > - BUILD_BUG_ON((line) >> (BUG_LINE_LO_WIDTH + BUG_LINE_HI_WIDTH)); > \ > - BUILD_BUG_ON((type) >= BUGFRAME_NR); > \ > - asm volatile ( _ASM_BUGFRAME_TEXT(second_frame) > \ > - :: _ASM_BUGFRAME_INFO(type, line, ptr, msg) ); > \ > -} while (0) > - > - > -#define WARN() BUG_FRAME(BUGFRAME_warn, __LINE__, __FILE__, 0, NULL) > -#define BUG() do { \ > - BUG_FRAME(BUGFRAME_bug, __LINE__, __FILE__, 0, NULL); \ > - unreachable(); \ > -} while (0) > - > -/* > - * TODO: untangle header dependences, break BUILD_BUG_ON() out of xen/lib.h, > - * and use a real static inline here to get proper type checking of fn(). > - */ > -#define run_in_exception_handler(fn) \ > - do { \ > - (void)((fn) == (void (*)(struct cpu_user_regs *))NULL); \ > - BUG_FRAME(BUGFRAME_run_fn, 0, fn, 0, NULL); \ > - } while ( 0 ) > - > -#define assert_failed(msg) do { \ > - BUG_FRAME(BUGFRAME_assert, __LINE__, __FILE__, 1, msg); \ > - unreachable(); \ > -} while (0) > - > -#else /* !__ASSEMBLY__ */ > +#else While for new #ifdef-ary such comments can reasonably be omitted when the blocks are short, I'd recommend keeping existing comments (except in extreme cases) in the interest of reduced code churn. In the case here, considering that ... > @@ -113,6 +48,6 @@ struct bug_frame { > #define ASSERT_FAILED(msg) \ > BUG_FRAME BUGFRAME_assert, __LINE__, __FILE__, 1, msg > > -#endif /* !__ASSEMBLY__ */ > +#endif /* __ASSEMBLY__ */ ... you keep (but alter - please don't) the comment on the #endif, that's even more so a reason to also keep the comment on #else. > --- a/xen/arch/x86/include/asm/debugger.h > +++ b/xen/arch/x86/include/asm/debugger.h > @@ -14,9 +14,9 @@ > > /* Returns true if GDB handled the trap, or it is surviveable. */ > static inline bool debugger_trap_fatal( > - unsigned int vector, struct cpu_user_regs *regs) > + unsigned int vector, const struct cpu_user_regs *regs) > { > - int rc = __trap_to_gdb(regs, vector); > + int rc = __trap_to_gdb((struct cpu_user_regs *)regs, vector); I view casts in general as risky and hence preferable to avoid. Casting away const-ness is particularly problematic. I guess the least bad option is to drop const from the do_bug_frame()'s parameter again in patch 1. However, for a fatal trap (assuming that really _is_ fatal, i.e. execution cannot continue), not allowing register state to be altered makes kind of sense. So I wonder whether we couldn't push the casting into the gdbstub functions. But quite likely that's going to be too intrusive for re-work like you do here. Jan

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.