From: "Russell King (Oracle)" <linux@armlinux.org.uk>
To: Yury Norov <yury.norov@gmail.com>
Cc: Marc Zyngier <maz@kernel.org>, Luo Jie <quic_luoj@quicinc.com>,
Rasmus Villemoes <linux@rasmusvillemoes.dk>,
Julia Lawall <Julia.Lawall@inria.fr>,
Nicolas Palix <nicolas.palix@imag.fr>,
Catalin Marinas <catalin.marinas@arm.com>,
Will Deacon <will@kernel.org>,
Oliver Upton <oliver.upton@linux.dev>,
Joey Gouly <joey.gouly@arm.com>,
Suzuki K Poulose <suzuki.poulose@arm.com>,
Zenghui Yu <yuzenghui@huawei.com>,
linux-kernel@vger.kernel.org, cocci@inria.fr,
linux-arm-kernel@lists.infradead.org, kvmarm@lists.linux.dev,
andrew@lunn.ch, quic_kkumarcs@quicinc.com,
quic_linchen@quicinc.com, quic_leiwei@quicinc.com,
quic_suruchia@quicinc.com, quic_pavir@quicinc.com
Subject: Re: [cocci] [PATCH v3 4/6] arm64: nvhe: Convert the opencoded field modify
Date: Wed, 23 Apr 2025 20:11:18 +0100 [thread overview]
Message-ID: <aAk7VqNOLujcyZS0@shell.armlinux.org.uk> (raw)
In-Reply-To: <aAkw-tFctkk3xyS8@yury>
On Wed, Apr 23, 2025 at 02:27:06PM -0400, Yury Norov wrote:
> On Wed, Apr 23, 2025 at 06:48:34PM +0100, Russell King (Oracle) wrote:
> > On Fri, Apr 18, 2025 at 11:14:48AM -0400, Yury Norov wrote:
> > > On Thu, Apr 17, 2025 at 12:23:10PM +0100, Marc Zyngier wrote:
> > > > On Thu, 17 Apr 2025 11:47:11 +0100,
> > > > Luo Jie <quic_luoj@quicinc.com> wrote:
> > > > >
> > > > > Replaced below code with the wrapper FIELD_MODIFY(MASK, ®, val)
> > > > > - reg &= ~MASK;
> > > > > - reg |= FIELD_PREP(MASK, val);
> > > > > The semantic patch that makes this change is available
> > > > > in scripts/coccinelle/misc/field_modify.cocci.
> > > > >
> > > > > More information about semantic patching is available at
> > > > > https://coccinelle.gitlabpages.inria.fr/website
> > > > >
> > > > > Signed-off-by: Luo Jie <quic_luoj@quicinc.com>
> > > > > ---
> > > > > arch/arm64/kvm/hyp/include/nvhe/memory.h | 3 +--
> > > > > 1 file changed, 1 insertion(+), 2 deletions(-)
> > > > >
> > > > > diff --git a/arch/arm64/kvm/hyp/include/nvhe/memory.h b/arch/arm64/kvm/hyp/include/nvhe/memory.h
> > > > > index 34233d586060..b2af748964d0 100644
> > > > > --- a/arch/arm64/kvm/hyp/include/nvhe/memory.h
> > > > > +++ b/arch/arm64/kvm/hyp/include/nvhe/memory.h
> > > > > @@ -30,8 +30,7 @@ enum pkvm_page_state {
> > > > > static inline enum kvm_pgtable_prot pkvm_mkstate(enum kvm_pgtable_prot prot,
> > > > > enum pkvm_page_state state)
> > > > > {
> > > > > - prot &= ~PKVM_PAGE_STATE_PROT_MASK;
> > > > > - prot |= FIELD_PREP(PKVM_PAGE_STATE_PROT_MASK, state);
> > > > > + FIELD_MODIFY(PKVM_PAGE_STATE_PROT_MASK, &prot, state);
> > > > > return prot;
> > > > > }
> > > >
> > > > Following up on my suggestion to *not* add anything new, this patch
> > > > could be written as:
> > > >
> > > > diff --git a/arch/arm64/kvm/hyp/include/nvhe/memory.h b/arch/arm64/kvm/hyp/include/nvhe/memory.h
> > > > index 34233d5860607..08cb6ba0e0716 100644
> > > > --- a/arch/arm64/kvm/hyp/include/nvhe/memory.h
> > > > +++ b/arch/arm64/kvm/hyp/include/nvhe/memory.h
> > > > @@ -30,9 +30,8 @@ enum pkvm_page_state {
> > > > static inline enum kvm_pgtable_prot pkvm_mkstate(enum kvm_pgtable_prot prot,
> > > > enum pkvm_page_state state)
> > > > {
> > > > - prot &= ~PKVM_PAGE_STATE_PROT_MASK;
> > > > - prot |= FIELD_PREP(PKVM_PAGE_STATE_PROT_MASK, state);
> > > > - return prot;
> > > > + u64 p = prot;
> > > > + return u64_replace_bits(p, state, PKVM_PAGE_STATE_PROT_MASK);
> > > > }
> > >
> > > This is a great example where u64_replace_bit() should NOT be used.
> >
> > Why not? Explain it. Don't leave people in the dark, because right
> > now it looks like it's purely a religous fanaticism about what
> > should and should not be used. Where's the technical reasoning?
>
> Because enum is an integer, i.e. 32-bit type.
This statement is false, in this case.
The kernel currently uses -std=gnu11, and GNU tends to be more relaxed
about things, and while the C standard may say that enums are ints,
that isn't the case - gcc appears to follow C++ and allow enums that
are wider than ints.
$ aarch64-linux-gnu-gcc -S -o - -std=gnu99 -x c -
enum foo {
A = 1L << 0,
B = 1L << 53,
};
int main()
{ return sizeof(enum foo); }
Gives the following code:
main:
.LFB0:
.cfi_startproc
mov w0, 8
ret
.cfi_endproc
meaning that sizeof(enum foo) is 8 or 64-bit.
If B were 1L << 31, then sizeof(enum foo) is 4.
> Now, the snippet above
> typecasts it to 64-bit fixed size type, passes to 64-bit fixed-type
> function, and the returned value is typecasted back to 32-bit int.
In this case, the enum is defined using:
KVM_PGTABLE_PROT_X = BIT(0),
KVM_PGTABLE_PROT_W = BIT(1),
KVM_PGTABLE_PROT_R = BIT(2),
KVM_PGTABLE_PROT_DEVICE = BIT(3),
KVM_PGTABLE_PROT_NORMAL_NC = BIT(4),
KVM_PGTABLE_PROT_SW0 = BIT(55),
KVM_PGTABLE_PROT_SW1 = BIT(56),
KVM_PGTABLE_PROT_SW2 = BIT(57),
KVM_PGTABLE_PROT_SW3 = BIT(58),
As it contains bits beyond bit 31, and we use -std=gnu11 when building
the kernel, this enum is represented using a 64-bit integer type. So,
the casting to a u64 is not increasing the size of the enum, and the
return value is not getting truncated down to 32-bits.
> Doesn't sound the most efficient solution, right? On 32-bit arch it
> may double the function size, I guess.
Given that there's no inefficiency here, and that this is arm64 code
which is a 64-bit arch, both those points you mention seem to be
incorrect or not relevant.
> But the most important is that if we adopt this practice and spread it
> around, it will be really easy to overflow the 32-bit storage. The
> compiler will keep silence about that.
Given that in Marc's suggestion, "prot" is a 64-bit value, it's being
assigned to a u64, which is then being operated on by the u64 variant
of _replace_bits(), which returns the u64 result, which then gets
returned as a 64-bit enum, there is no issue here as far as I can see.
--
RMK's Patch system: https://www.armlinux.org.uk/developer/patches/
FTTP is here! 80Mbps down 10Mbps up. Decent connectivity at last!
WARNING: multiple messages have this Message-ID (diff)
From: "Russell King (Oracle)" <linux@armlinux.org.uk>
To: Yury Norov <yury.norov@gmail.com>
Cc: Marc Zyngier <maz@kernel.org>, Luo Jie <quic_luoj@quicinc.com>,
Rasmus Villemoes <linux@rasmusvillemoes.dk>,
Julia Lawall <Julia.Lawall@inria.fr>,
Nicolas Palix <nicolas.palix@imag.fr>,
Catalin Marinas <catalin.marinas@arm.com>,
Will Deacon <will@kernel.org>,
Oliver Upton <oliver.upton@linux.dev>,
Joey Gouly <joey.gouly@arm.com>,
Suzuki K Poulose <suzuki.poulose@arm.com>,
Zenghui Yu <yuzenghui@huawei.com>,
linux-kernel@vger.kernel.org, cocci@inria.fr,
linux-arm-kernel@lists.infradead.org, kvmarm@lists.linux.dev,
andrew@lunn.ch, quic_kkumarcs@quicinc.com,
quic_linchen@quicinc.com, quic_leiwei@quicinc.com,
quic_suruchia@quicinc.com, quic_pavir@quicinc.com
Subject: Re: [PATCH v3 4/6] arm64: nvhe: Convert the opencoded field modify
Date: Wed, 23 Apr 2025 20:11:18 +0100 [thread overview]
Message-ID: <aAk7VqNOLujcyZS0@shell.armlinux.org.uk> (raw)
In-Reply-To: <aAkw-tFctkk3xyS8@yury>
On Wed, Apr 23, 2025 at 02:27:06PM -0400, Yury Norov wrote:
> On Wed, Apr 23, 2025 at 06:48:34PM +0100, Russell King (Oracle) wrote:
> > On Fri, Apr 18, 2025 at 11:14:48AM -0400, Yury Norov wrote:
> > > On Thu, Apr 17, 2025 at 12:23:10PM +0100, Marc Zyngier wrote:
> > > > On Thu, 17 Apr 2025 11:47:11 +0100,
> > > > Luo Jie <quic_luoj@quicinc.com> wrote:
> > > > >
> > > > > Replaced below code with the wrapper FIELD_MODIFY(MASK, ®, val)
> > > > > - reg &= ~MASK;
> > > > > - reg |= FIELD_PREP(MASK, val);
> > > > > The semantic patch that makes this change is available
> > > > > in scripts/coccinelle/misc/field_modify.cocci.
> > > > >
> > > > > More information about semantic patching is available at
> > > > > https://coccinelle.gitlabpages.inria.fr/website
> > > > >
> > > > > Signed-off-by: Luo Jie <quic_luoj@quicinc.com>
> > > > > ---
> > > > > arch/arm64/kvm/hyp/include/nvhe/memory.h | 3 +--
> > > > > 1 file changed, 1 insertion(+), 2 deletions(-)
> > > > >
> > > > > diff --git a/arch/arm64/kvm/hyp/include/nvhe/memory.h b/arch/arm64/kvm/hyp/include/nvhe/memory.h
> > > > > index 34233d586060..b2af748964d0 100644
> > > > > --- a/arch/arm64/kvm/hyp/include/nvhe/memory.h
> > > > > +++ b/arch/arm64/kvm/hyp/include/nvhe/memory.h
> > > > > @@ -30,8 +30,7 @@ enum pkvm_page_state {
> > > > > static inline enum kvm_pgtable_prot pkvm_mkstate(enum kvm_pgtable_prot prot,
> > > > > enum pkvm_page_state state)
> > > > > {
> > > > > - prot &= ~PKVM_PAGE_STATE_PROT_MASK;
> > > > > - prot |= FIELD_PREP(PKVM_PAGE_STATE_PROT_MASK, state);
> > > > > + FIELD_MODIFY(PKVM_PAGE_STATE_PROT_MASK, &prot, state);
> > > > > return prot;
> > > > > }
> > > >
> > > > Following up on my suggestion to *not* add anything new, this patch
> > > > could be written as:
> > > >
> > > > diff --git a/arch/arm64/kvm/hyp/include/nvhe/memory.h b/arch/arm64/kvm/hyp/include/nvhe/memory.h
> > > > index 34233d5860607..08cb6ba0e0716 100644
> > > > --- a/arch/arm64/kvm/hyp/include/nvhe/memory.h
> > > > +++ b/arch/arm64/kvm/hyp/include/nvhe/memory.h
> > > > @@ -30,9 +30,8 @@ enum pkvm_page_state {
> > > > static inline enum kvm_pgtable_prot pkvm_mkstate(enum kvm_pgtable_prot prot,
> > > > enum pkvm_page_state state)
> > > > {
> > > > - prot &= ~PKVM_PAGE_STATE_PROT_MASK;
> > > > - prot |= FIELD_PREP(PKVM_PAGE_STATE_PROT_MASK, state);
> > > > - return prot;
> > > > + u64 p = prot;
> > > > + return u64_replace_bits(p, state, PKVM_PAGE_STATE_PROT_MASK);
> > > > }
> > >
> > > This is a great example where u64_replace_bit() should NOT be used.
> >
> > Why not? Explain it. Don't leave people in the dark, because right
> > now it looks like it's purely a religous fanaticism about what
> > should and should not be used. Where's the technical reasoning?
>
> Because enum is an integer, i.e. 32-bit type.
This statement is false, in this case.
The kernel currently uses -std=gnu11, and GNU tends to be more relaxed
about things, and while the C standard may say that enums are ints,
that isn't the case - gcc appears to follow C++ and allow enums that
are wider than ints.
$ aarch64-linux-gnu-gcc -S -o - -std=gnu99 -x c -
enum foo {
A = 1L << 0,
B = 1L << 53,
};
int main()
{ return sizeof(enum foo); }
Gives the following code:
main:
.LFB0:
.cfi_startproc
mov w0, 8
ret
.cfi_endproc
meaning that sizeof(enum foo) is 8 or 64-bit.
If B were 1L << 31, then sizeof(enum foo) is 4.
> Now, the snippet above
> typecasts it to 64-bit fixed size type, passes to 64-bit fixed-type
> function, and the returned value is typecasted back to 32-bit int.
In this case, the enum is defined using:
KVM_PGTABLE_PROT_X = BIT(0),
KVM_PGTABLE_PROT_W = BIT(1),
KVM_PGTABLE_PROT_R = BIT(2),
KVM_PGTABLE_PROT_DEVICE = BIT(3),
KVM_PGTABLE_PROT_NORMAL_NC = BIT(4),
KVM_PGTABLE_PROT_SW0 = BIT(55),
KVM_PGTABLE_PROT_SW1 = BIT(56),
KVM_PGTABLE_PROT_SW2 = BIT(57),
KVM_PGTABLE_PROT_SW3 = BIT(58),
As it contains bits beyond bit 31, and we use -std=gnu11 when building
the kernel, this enum is represented using a 64-bit integer type. So,
the casting to a u64 is not increasing the size of the enum, and the
return value is not getting truncated down to 32-bits.
> Doesn't sound the most efficient solution, right? On 32-bit arch it
> may double the function size, I guess.
Given that there's no inefficiency here, and that this is arm64 code
which is a 64-bit arch, both those points you mention seem to be
incorrect or not relevant.
> But the most important is that if we adopt this practice and spread it
> around, it will be really easy to overflow the 32-bit storage. The
> compiler will keep silence about that.
Given that in Marc's suggestion, "prot" is a 64-bit value, it's being
assigned to a u64, which is then being operated on by the u64 variant
of _replace_bits(), which returns the u64 result, which then gets
returned as a 64-bit enum, there is no issue here as far as I can see.
--
RMK's Patch system: https://www.armlinux.org.uk/developer/patches/
FTTP is here! 80Mbps down 10Mbps up. Decent connectivity at last!
next prev parent reply other threads:[~2025-04-24 8:55 UTC|newest]
Thread overview: 61+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-04-17 10:47 [cocci] [PATCH v3 0/6] Add FIELD_MODIFY() helper Luo Jie
2025-04-17 10:47 ` Luo Jie
2025-04-17 10:47 ` [cocci] [PATCH v3 1/6] bitfield: " Luo Jie
2025-04-17 10:47 ` Luo Jie
2025-04-18 17:11 ` [cocci] " Yury Norov
2025-04-18 17:11 ` Yury Norov
2025-04-23 13:05 ` [cocci] " Jie Luo
2025-04-23 13:05 ` Jie Luo
2025-04-17 10:47 ` [cocci] [PATCH v3 2/6] coccinelle: misc: Add field_modify script Luo Jie
2025-04-17 10:47 ` Luo Jie
2025-04-23 11:01 ` [cocci] " Markus Elfring
2025-04-23 13:04 ` Jie Luo
2025-04-23 16:35 ` Markus Elfring
2025-05-19 13:44 ` Luo Jie
2025-05-19 15:39 ` Julia Lawall
2025-04-17 10:47 ` [cocci] [PATCH v3 3/6] arm64: tlb: Convert the opencoded field modify Luo Jie
2025-04-17 10:47 ` Luo Jie
2025-04-17 18:11 ` [cocci] " Russell King (Oracle)
2025-04-17 18:11 ` Russell King (Oracle)
2025-04-23 13:15 ` [cocci] " Jie Luo
2025-04-23 13:15 ` Jie Luo
2025-04-24 15:24 ` [cocci] " Keller, Jacob E
2025-04-23 16:54 ` Keller, Jacob E
2025-04-17 10:47 ` [cocci] [PATCH v3 4/6] arm64: nvhe: " Luo Jie
2025-04-17 10:47 ` Luo Jie
2025-04-17 11:23 ` [cocci] " Marc Zyngier
2025-04-17 11:23 ` Marc Zyngier
2025-04-18 15:14 ` [cocci] " Yury Norov
2025-04-18 15:14 ` Yury Norov
2025-04-18 15:34 ` [cocci] " Marc Zyngier
2025-04-18 15:34 ` Marc Zyngier
2025-04-23 17:48 ` [cocci] " Russell King (Oracle)
2025-04-23 17:48 ` Russell King (Oracle)
2025-04-23 18:27 ` [cocci] " Yury Norov
2025-04-23 18:27 ` Yury Norov
2025-04-23 19:11 ` Russell King (Oracle) [this message]
2025-04-23 19:11 ` Russell King (Oracle)
2025-04-23 19:40 ` [cocci] " Yury Norov
2025-04-23 19:40 ` Yury Norov
2025-04-17 10:47 ` [cocci] [PATCH v3 5/6] arm64: kvm: " Luo Jie
2025-04-17 10:47 ` Luo Jie
2025-04-17 10:47 ` [cocci] [PATCH v3 6/6] arm64: mm: " Luo Jie
2025-04-17 10:47 ` Luo Jie
2025-04-17 11:10 ` [cocci] [PATCH v3 0/6] Add FIELD_MODIFY() helper Marc Zyngier
2025-04-17 11:10 ` Marc Zyngier
2025-04-17 17:22 ` [cocci] " Andrew Lunn
2025-04-17 17:22 ` Andrew Lunn
2025-04-17 17:45 ` [cocci] " Marc Zyngier
2025-04-17 17:45 ` Marc Zyngier
2025-04-18 15:08 ` [cocci] " Yury Norov
2025-04-18 15:08 ` Yury Norov
2025-04-18 15:35 ` [cocci] " Marc Zyngier
2025-04-18 15:35 ` Marc Zyngier
2025-04-18 17:04 ` [cocci] " Yury Norov
2025-04-18 17:04 ` Yury Norov
2025-04-23 13:19 ` [cocci] " Jie Luo
2025-04-23 13:19 ` Jie Luo
2025-04-23 17:44 ` [cocci] " Russell King (Oracle)
2025-04-23 17:44 ` Russell King (Oracle)
2025-04-23 18:44 ` [cocci] " Yury Norov
2025-04-23 18:44 ` Yury Norov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aAk7VqNOLujcyZS0@shell.armlinux.org.uk \
--to=linux@armlinux.org.uk \
--cc=Julia.Lawall@inria.fr \
--cc=andrew@lunn.ch \
--cc=catalin.marinas@arm.com \
--cc=cocci@inria.fr \
--cc=joey.gouly@arm.com \
--cc=kvmarm@lists.linux.dev \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux@rasmusvillemoes.dk \
--cc=maz@kernel.org \
--cc=nicolas.palix@imag.fr \
--cc=oliver.upton@linux.dev \
--cc=quic_kkumarcs@quicinc.com \
--cc=quic_leiwei@quicinc.com \
--cc=quic_linchen@quicinc.com \
--cc=quic_luoj@quicinc.com \
--cc=quic_pavir@quicinc.com \
--cc=quic_suruchia@quicinc.com \
--cc=suzuki.poulose@arm.com \
--cc=will@kernel.org \
--cc=yury.norov@gmail.com \
--cc=yuzenghui@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.