From: Michael Roth <michael.roth@amd.com>
To: Dave Hansen <dave.hansen@intel.com>
Cc: <x86@kernel.org>, Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
Dave Hansen <dave.hansen@linux.intel.com>,
"H . Peter Anvin" <hpa@zytor.com>,
"Tom Lendacky" <thomas.lendacky@amd.com>,
Joerg Roedel <jroedel@suse.de>, <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH v2] x86: Ensure input to pfn_to_kaddr() is treated as a 64-bit type
Date: Wed, 15 Nov 2023 16:42:31 -0600 [thread overview]
Message-ID: <20231115224231.xmxfktqcb4sls3fb@amd.com> (raw)
In-Reply-To: <e42524f9-87ef-47f4-9c79-bc06b4d71a58@intel.com>
On Wed, Nov 15, 2023 at 12:48:58PM -0800, Dave Hansen wrote:
> On 11/15/23 12:14, Michael Roth wrote:
> > While it might be argued that the issue is on the caller side, other
> > archs/macros have taken similar approaches to deal with instances like
> > this, such as commit e48866647b48 ("ARM: 8396/1: use phys_addr_t in
> > pfn_to_kaddr()").
>
> Gah, I really hope nobody is arguing that for real, or is even thinking
> about this as a valid argument.
Not that I'm aware, but I did have my own doubts initially, which is
why I thought it warranted a note in the commit just in case it came up
from someone else.
>
> The helper should, well, help the caller. It makes zero sense to me
> that every single call site would need to know if the argument's type
> was big enough to hold the _return_ value. This nonsense can only even
> happen with macros. Type promotion would just do the right thing for
> any sanely declared actual helper function.
My thought was that it is easier to expect developers to know the pitfalls
of bit-field types, since it is universally applicable to all C code,
whereas expecting developers to anticipate such issues when writing similar
macros is potentially harder to enforce/audit and could lead to similar
issues popping up as things are refactored over time and new macros get
added that don't take such usages into account.
But neither argument seems to hold up in reality. Experienced developers
obviously do fall victim to the subtleties of of bit-field types, and
kernel devs obviously do tend to address these instances in more robust
ways based on the various pfn-related macros I looked through.
-Mike
next prev parent reply other threads:[~2023-11-15 22:42 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-11-15 20:14 [PATCH v2] x86: Ensure input to pfn_to_kaddr() is treated as a 64-bit type Michael Roth
2023-11-15 20:48 ` Dave Hansen
2023-11-15 22:42 ` Michael Roth [this message]
2023-11-16 5:50 ` H. Peter Anvin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20231115224231.xmxfktqcb4sls3fb@amd.com \
--to=michael.roth@amd.com \
--cc=bp@alien8.de \
--cc=dave.hansen@intel.com \
--cc=dave.hansen@linux.intel.com \
--cc=hpa@zytor.com \
--cc=jroedel@suse.de \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=tglx@linutronix.de \
--cc=thomas.lendacky@amd.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox