[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [PATCH v3 4/4] xen/x86: switch x86 to use generic implemetation of bug.h
On Mon, 2023-02-27 at 15:46 +0100, Jan Beulich wrote: > On 24.02.2023 12:31, Oleksii Kurochko wrote: > > The following changes were made: > > * Make GENERIC_BUG_FRAME mandatory for X86 > > * Update asm/bug.h using generic implementation in <xen/bug.h> > > * Change prototype of debugger_trap_fatal() in asm/debugger.h > > to align it with generic prototype in <xen/debugger.h>. > > * Update do_invalid_op using generic do_bug_frame() > > > > Signed-off-by: Oleksii Kurochko <oleksii.kurochko@xxxxxxxxx> > > Hmm, there's the question of where to draw the boundary between patch > 2 > and the one here. Personally I'd say the earlier patch should drop > everything that becomes redundant there. I can see the more > minimalistic > earlier change as viable, but then the description there needs to say > why things are being kept which - in principle - could be dropped. Then I'll update the comment message for patch 2. > > > --- a/xen/arch/x86/include/asm/bug.h > > +++ b/xen/arch/x86/include/asm/bug.h > > @@ -3,75 +3,10 @@ > > > > #ifndef __ASSEMBLY__ > > > > -#define BUG_FRAME_STRUCT > > +#define BUG_INSTR "ud2" > > +#define BUG_ASM_CONST "c" > > > > -struct bug_frame { > > - signed int loc_disp:BUG_DISP_WIDTH; > > - unsigned int line_hi:BUG_LINE_HI_WIDTH; > > - signed int ptr_disp:BUG_DISP_WIDTH; > > - unsigned int line_lo:BUG_LINE_LO_WIDTH; > > - signed int msg_disp[]; > > -}; > > - > > -#define bug_loc(b) ((const void *)(b) + (b)->loc_disp) > > -#define bug_ptr(b) ((const void *)(b) + (b)->ptr_disp) > > -#define bug_line(b) (((((b)->line_hi + ((b)->loc_disp < 0)) > > & \ > > - ((1 << BUG_LINE_HI_WIDTH) - 1)) > > << \ > > - BUG_LINE_LO_WIDTH) > > + \ > > - (((b)->line_lo + ((b)->ptr_disp < 0)) > > & \ > > - ((1 << BUG_LINE_LO_WIDTH) - 1))) > > -#define bug_msg(b) ((const char *)(b) + (b)->msg_disp[1]) > > - > > -#define > > _ASM_BUGFRAME_TEXT(second_frame) > > \ > > - ".Lbug%=: > > ud2\n" \ > > - ".pushsection .bug_frames.%c[bf_type], \"a\", > > @progbits\n" \ > > - ".p2align > > 2\n" \ > > - > > ".Lfrm%=:\n" > > \ > > - ".long (.Lbug%= - .Lfrm%=) + > > %c[bf_line_hi]\n" \ > > - ".long (%c[bf_ptr] - .Lfrm%=) + > > %c[bf_line_lo]\n" \ > > - ".if " #second_frame > > "\n" \ > > - ".long 0, %c[bf_msg] - > > .Lfrm%=\n" \ > > - > > ".endif\n" > > \ > > - > > ".popsection\n" > > \ > > - > > -#define _ASM_BUGFRAME_INFO(type, line, ptr, > > msg) \ > > - [bf_type] "i" > > (type), \ > > - [bf_ptr] "i" > > (ptr), \ > > - [bf_msg] "i" > > (msg), \ > > - [bf_line_lo] "i" ((line & ((1 << BUG_LINE_LO_WIDTH) - > > 1)) \ > > - << > > BUG_DISP_WIDTH), \ > > - [bf_line_hi] "i" (((line) >> BUG_LINE_LO_WIDTH) << > > BUG_DISP_WIDTH) > > - > > -#define BUG_FRAME(type, line, ptr, second_frame, msg) do > > { \ > > - BUILD_BUG_ON((line) >> (BUG_LINE_LO_WIDTH + > > BUG_LINE_HI_WIDTH)); \ > > - BUILD_BUG_ON((type) >= > > BUGFRAME_NR); \ > > - asm volatile ( > > _ASM_BUGFRAME_TEXT(second_frame) \ > > - :: _ASM_BUGFRAME_INFO(type, line, ptr, msg) > > ); \ > > -} while (0) > > - > > - > > -#define WARN() BUG_FRAME(BUGFRAME_warn, __LINE__, __FILE__, 0, > > NULL) > > -#define BUG() do { \ > > - BUG_FRAME(BUGFRAME_bug, __LINE__, __FILE__, 0, NULL); \ > > - unreachable(); \ > > -} while (0) > > - > > -/* > > - * TODO: untangle header dependences, break BUILD_BUG_ON() out of > > xen/lib.h, > > - * and use a real static inline here to get proper type checking > > of fn(). > > - */ > > -#define run_in_exception_handler(fn) \ > > - do { \ > > - (void)((fn) == (void (*)(struct cpu_user_regs *))NULL); \ > > - BUG_FRAME(BUGFRAME_run_fn, 0, fn, 0, NULL); \ > > - } while ( 0 ) > > - > > -#define assert_failed(msg) do { \ > > - BUG_FRAME(BUGFRAME_assert, __LINE__, __FILE__, 1, msg); \ > > - unreachable(); \ > > -} while (0) > > - > > -#else /* !__ASSEMBLY__ */ > > +#else > > While for new #ifdef-ary such comments can reasonably be omitted when > the blocks are short, I'd recommend keeping existing comments (except > in extreme cases) in the interest of reduced code churn. In the case > here, considering that ... Got it. > > > @@ -113,6 +48,6 @@ struct bug_frame { > > #define ASSERT_FAILED(msg) \ > > BUG_FRAME BUGFRAME_assert, __LINE__, __FILE__, 1, msg > > > > -#endif /* !__ASSEMBLY__ */ > > +#endif /* __ASSEMBLY__ */ > > ... you keep (but alter - please don't) the comment on the #endif, > that's even more so a reason to also keep the comment on #else. > > > --- a/xen/arch/x86/include/asm/debugger.h > > +++ b/xen/arch/x86/include/asm/debugger.h > > @@ -14,9 +14,9 @@ > > > > /* Returns true if GDB handled the trap, or it is surviveable. */ > > static inline bool debugger_trap_fatal( > > - unsigned int vector, struct cpu_user_regs *regs) > > + unsigned int vector, const struct cpu_user_regs *regs) > > { > > - int rc = __trap_to_gdb(regs, vector); > > + int rc = __trap_to_gdb((struct cpu_user_regs *)regs, vector); > > I view casts in general as risky and hence preferable to avoid. > Casting > away const-ness is particularly problematic. I guess the least bad > option is to drop const from the do_bug_frame()'s parameter again in > patch 1. However, for a fatal trap (assuming that really _is_ fatal, > i.e. execution cannot continue), not allowing register state to be > altered makes kind of sense. So I wonder whether we couldn't push the > casting into the gdbstub functions. But quite likely that's going to > be too intrusive for re-work like you do here. I am not sure that casting inside the gdbstub functions will help as do_bug_frame() calls debugger_trap_fatal() which has define regs without const. So it will still be compile issue as in do_bug_frame() regs are declared as const. So it looks like the best one issue now will be drop const from the do_bug_frame()... > > Jan ~ Oleksii
|
![]() |
Lists.xenproject.org is hosted with RackSpace, monitoring our |