[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v2 01/22] x86/include/asm/intel-txt.h: constants and accessors for TXT registers and heap

On Mon, Jun 02, 2025 at 09:17:37AM +0200, Jan Beulich wrote:
> On 23.05.2025 21:51, Sergii Dmytruk wrote:
> > On Wed, May 21, 2025 at 05:19:57PM +0200, Jan Beulich wrote:
> >>> +/*
> >>> + * Secure Launch defined OS/MLE TXT Heap table
> >>> + */
> >>> +struct txt_os_mle_data {
> >>> +    uint32_t version;
> >>> +    uint32_t reserved;
> >>> +    uint64_t slrt;
> >>> +    uint64_t txt_info;
> >>> +    uint32_t ap_wake_block;
> >>> +    uint32_t ap_wake_block_size;
> >>> +    uint8_t mle_scratch[64];
> >>> +} __packed;
> >>
> >> This being x86-specific, what's the __packed intended to achieve here?
> >
> > This structure is passed to Xen by a bootloader, __packed makes sure the
> > structure has a compatible layout.
>
> And it won't have a compatible layout without the attribute?

It will, but presence of __packed makes it trivial to see.

> >>> +/*
> >>> + * TXT specification defined BIOS data TXT Heap table
> >>> + */
> >>> +struct txt_bios_data {
> >>> +    uint32_t version; /* Currently 5 for TPM 1.2 and 6 for TPM 2.0 */
> >>> +    uint32_t bios_sinit_size;
> >>> +    uint64_t reserved1;
> >>> +    uint64_t reserved2;
> >>> +    uint32_t num_logical_procs;
> >>> +    /* Versions >= 3 && < 5 */
> >>> +    uint32_t sinit_flags;
> >>> +    /* Versions >= 5 with updates in version 6 */
> >>> +    uint32_t mle_flags;
> >>> +    /* Versions >= 4 */
> >>> +    /* Ext Data Elements */
> >>> +} __packed;
> >>
> >> It does affect sizeof() here, which I'm unsure is going to matter.
> >
> > It doesn't hurt anything and makes sure offsets match those in the
> > specification.
>
> It similarly doesn't appear to hurt anything if the attribute was omitted.
> Imo we ought to use compiler extensions on when there is a need to do so.

I would argue that it hurts maintainability and code readability to some
extent:
 * when the attribute is used, there is no need to verify compatibility
   in any way (manually or using pahole) neither now nor on any future
   modification
 * when I see __packed, I immediately know the structure is defined
   externally and can't be changed at will
 * having the attribute only for some structures seems inconsistent

It would be nice if it was possible to verify the structure is packed
via a static assert using only standard C, but without such means I see
__packed as useful and harmless compiler extension.

I can of course drop unnecessary attributes if that's a standard
practice for Xen's sources, never thought it could be undesirable in
a context like this one.

> >>> +static inline uint64_t txt_bios_data_size(void *heap)
> >>
> >> Here, below, and in general: Please try to have code be const-correct, i.e.
> >> use pointers-to-const wherever applicable.
> >
> > I assume this doesn't apply to functions returning `void *`.  The
> > approach used in libc is to accept pointers-to-const but then cast the
> > constness away for the return value, but this header isn't a widely-used
> > code.
>
> Which is, from all I know, bad practice not only by my own view.
>
> Jan

I actually ended up doing that to have const-correctness in v3.  In the
absence of function overloads the casts have to be somewhere, can put
them in the calling code instead.

Regards

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.