[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 03/10] x86 setup: change bootstrap map to accept new boot module structures

  • To: "Daniel P. Smith" <dpsmith@xxxxxxxxxxxxxxxxxxxx>
  • From: Jan Beulich <jbeulich@xxxxxxxx>
  • Date: Thu, 27 Jul 2023 13:58:19 +0200
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=UmjArt7j1aO/KD8A+nQ2MfzfLHFly5OvmXbtyxJjLkQ=; b=cP5/Q4vYMg9Lvncq5VkvSNebwH/zkGgr1k8gLvddzma+MdXVgwanasGAzgnqxuSaavyp+me8nPzzNn/7y+L1lsa0Gs91h/xBDuqp0IqH0LAlfDPJ14Zko7rLUZqeYG4biitdEL0i175dVFP7bLvjBvdiiQ/ZcwZVyyAiaK4VcCWQ61EZRg225Mpj36kHffXNsYiJX8i/3Ods7aCJInHfZ1atcis+k5ZiYWCUIILrN0QG1RaiKAlDH7OKq9lrCTVLEf7q9QIReZhxISaUmAt8YQP66j2+YJUfg3qlO/GZVhfZ789KVitzzEiPZLcaixEboC/0y4dX04Oput60jJA/pg==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=i3+debvI/F75cR/uxHOwHijk+O6rqspygRytZb+w7t3bdWfsarL6Mz2O0bSi5w+i4IA9bxAauHETo5J1XwS+Em1xe2fIhoAwwGJlTwvEmIDLTfD5+43onlxFD6LUUxN+0yy7R/54tpn1MHUYp3EK8pCCSik9j06dOSr2dgVZ6TrEjYqAz9J0ej3AeSC/Y35IT0xoQpbdDgt45NwvgXqhupKNr9o92ToOeo/BWfGacsimPK7gsyxkVwYDIPG5GY7+4pWfy7TJFN1nVo9l7hcivm8/OklMWSgjPA2uivL0pxPbtuRs7uR6tDfOLtbsPVP3k8XdQ7HJ/A67M3asvhRSAQ==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;
  • Cc: xen-devel@xxxxxxxxxxxxxxxxxxxx, stefano.stabellini@xxxxxxx, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Wei Liu <wl@xxxxxxx>, Bertrand Marquis <bertrand.marquis@xxxxxxx>, Luca Fancellu <luca.fancellu@xxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>, Rich Persaud <persaur@xxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Christopher Clark <christopher.w.clark@xxxxxxxxx>
  • Delivery-date: Thu, 27 Jul 2023 11:58:33 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 27.07.2023 13:46, Daniel P. Smith wrote:
> 
> 
> On 7/21/23 02:14, Jan Beulich wrote:
>> On 21.07.2023 00:12, Christopher Clark wrote:
>>> On Thu, Jul 13, 2023 at 11:51 PM Christopher Clark <
>>> christopher.w.clark@xxxxxxxxx> wrote:
>>>
>>>>
>>>>
>>>> On Sat, Jul 8, 2023 at 11:47 AM Stefano Stabellini <sstabellini@xxxxxxxxxx>
>>>> wrote:
>>>>
>>>>> On Sat, 1 Jul 2023, Christopher Clark wrote:
>>>>>> To convert the x86 boot logic from multiboot to boot module structures,
>>>>>> change the bootstrap map function to accept a boot module parameter.
>>>>>>
>>>>>> To allow incremental change from multiboot to boot modules across all
>>>>>> x86 setup logic, provide a temporary inline wrapper that still accepts a
>>>>>> multiboot module parameter and use it where necessary. The wrapper is
>>>>>> placed in a new arch/x86 header <asm/boot.h> to avoid putting a static
>>>>>> inline function into an existing header that has no such functions
>>>>>> already. This new header will be expanded with additional functions in
>>>>>> subsequent patches in this series.
>>>>>>
>>>>>> No functional change intended.
>>>>>>
>>>>>> Signed-off-by: Christopher Clark <christopher.w.clark@xxxxxxxxx>
>>>>>> Signed-off-by: Daniel P. Smith <dpsmith@xxxxxxxxxxxxxxxxxxxx>
>>>>>>
>>>>>
>>>>> [...]
>>>>>
>>>>>> diff --git a/xen/include/xen/bootinfo.h b/xen/include/xen/bootinfo.h
>>>>>> index b72ae31a66..eb93cc3439 100644
>>>>>> --- a/xen/include/xen/bootinfo.h
>>>>>> +++ b/xen/include/xen/bootinfo.h
>>>>>> @@ -10,6 +10,9 @@
>>>>>>   #endif
>>>>>>
>>>>>>   struct boot_module {
>>>>>> +    paddr_t start;
>>>>>> +    size_t size;
>>>>>
>>>>> I think size should be paddr_t (instead of size_t) to make sure it is
>>>>> the right size on both 64-bit and 32-bit architectures that support
>>>>> 64-bit addresses.
>>>>>
>>>>
>>>> Thanks, that explanation does make sense - ack.
>>>>
>>>
>>> I've come back to reconsider this as it doesn't seem right to me to store a
>>> non-address value (which this will always be) in a type explicitly defined
>>> to hold an address: addresses may have architectural alignment requirements
>>> whereas a size value is just a number of bytes so will not. The point of a
>>> size_t value is that size_t is defined to be large enough to hold the size
>>> of any valid object in memory, so I think this was right as-is.
>>
>> "Any object in memory" implies virtual addresses (or more generally addresses
>> which can be used for accessing objects). This isn't the case when 
>> considering
>> physical addresses - there may be far more memory in a system than can be 
>> made
>> accessible all in one go.
> 
> That is not my understanding of it, but I could be wrong. My 
> understanding based on all the debates I have read online around this 
> topic is that the intent in the spec is that size_t has to be able to 
> hold a value that represents the largest object the CPU can manipulate 
> with general purpose operations. From which I understand to mean as 
> large as the largest register a CPU instruction may use for a size 
> argument to a general purpose instruction. On x86_64, that is a 64bit 
> register, as I don't believe the SSE/AVX registers are counted even 
> though the are used by compiler/libc implementations to optimize some 
> memory operations.

I can't see how this relates to my earlier remark.

>  From what I have seen for Xen, this is currently reflected in the x86 
> code base, as size_t is 32bits for the early 32bit code and 64bits for 
> Xen proper.
> 
> That aside, another objection I have to the use of paddr_t is that it is 
> type abuse. Types are meant to convey context to the intended use of the 
> variable and enable the ability to enforce proper usage of the variable, 
> otherwise we might as well just use u64/uint64_t and be done. The 
> field's purpose is to convey a size of an object,

You use "object" here again, when in physical address space (with paging
enabled) this isn't an appropriate term.

> and labeling it a type 
> that is intended for physical address objects violates both intents 
> behind declaring a type, it asserts an invalid context and enables 
> violations of type checking.

It is type abuse to a certain extent, yes, but what do you do? We could
invent psize_t, but that would (afaics) always match paddr_t. uint64_t
otoh may be too larger for 32-bit platforms which only know a 32-bit
wide physical address space.

Jan

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.