Re: [PATCH for-4.14] mm: fix public declaration of struct xen_mem_acquire_resource

["Roger Pau Monné" <roger.pau@citrix.com>]

On Thu, Jun 25, 2020 at 11:05:52AM +0200, Roger Pau Monné wrote:
> On Wed, Jun 24, 2020 at 04:01:44PM +0200, Jan Beulich wrote:
> > On 24.06.2020 15:41, Julien Grall wrote:
> > > On 24/06/2020 11:12, Jan Beulich wrote:
> > >> On 23.06.2020 19:26, Roger Pau Monné wrote:
> > >>> I'm confused. Couldn't we switch from uint64_aligned_t to plain
> > >>> uint64_t (like it's currently on the Linux headers), and then use the
> > >>> compat layer in Xen to handle the size difference when called from
> > >>> 32bit environments?
> > >>
> > >> And which size would we use there? The old or the new one (breaking
> > >> future or existing callers respectively)? Meanwhile I think that if
> > >> this indeed needs to not be tools-only (which I still question),
> > > 
> > > I think we now agreed on a subthread that the kernel needs to know the 
> > > layout of the hypercall.
> > > 
> > >> then our only possible route is to add explicit padding for the
> > >> 32-bit case alongside the change you're already making.
> > > 
> > > AFAICT Linux 32-bit doesn't have this padding. So wouldn't it make 
> > > incompatible the two incompatible?
> > 
> > In principle yes. But they're putting the structure instance on the
> > stack, so there's not risk from Xen reading 4 bytes too many. I'd
> > prefer keeping the interface as is (i.e. with the previously
> > implicit padding made explicit) to avoid risking to break other
> > possible callers. But that's just my view on it, anyway ...
> 
> Adding the padding is cleaner because we don't need any compat stuff
> in order to access the structure from the caller, and we also keep the
> original layout currently present on Xen headers.
> 
> I can prepare a fix for the Linux kernel, if this approach is fine.

So I went over this, and I'm not sure the point of adding the padding
field at the end of the structure for 32bit x86.

The current situation is the following:

 - Linux will use a struct on 32bit x86 that doesn't have the 4byte
   padding at the end.
 - Xen will copy 4bytes of garbage in that case, since the struct on
   Linux is allocated on the stack.

So I suggest we take the approach found on this patch, that is remove
the 8byte alignment from the frame field, which will in turn remove
4bytes of padding from the tail of the structure on 32bit x86.

That would leave the following scenario:

 - The struct layout in Linux headers would be correct.
 - Xen already handles the struct size difference on x86 32bit vs
   64bit, as the compat layer is currently doing the copy in
   compat_memory_op taking into account the size of the compat
   structure.
 - Removing the padding will work for all use cases: Linux will
   already be using the correct layout on x86 32bits, so no change
   will be required there. Any consumers using the tail padded
   structure will continue to work without issues, as Xen simply won't
   copy the tailing 4bytes.

So I think the solution proposed in this patch is the correct one:
switch uint64_aligned_t to uint64_t, no tail padding added on x86
32bits. I will adjust the commit message and resubmit if that's fine.

Roger.