xen-devel.lists.xenproject.org archive mirror
 help / color / mirror / Atom feed
* [PATCH] public/domctl: Fix the struct xen_domctl ABI in 32bit builds
@ 2020-07-28 10:15 Andrew Cooper
  2020-07-28 10:21 ` Julien Grall
  2020-07-28 18:00 ` Jan Beulich
  0 siblings, 2 replies; 3+ messages in thread
From: Andrew Cooper @ 2020-07-28 10:15 UTC (permalink / raw)
  To: Xen-devel
  Cc: Stefano Stabellini, Julien Grall, Wei Liu, Konrad Rzeszutek Wilk,
	George Dunlap, Andrew Cooper, Jan Beulich, Ian Jackson

The Xen domctl ABI currently relies on the union containing a field with
alignment of 8.

32bit projects which only copy the used subset of functionality end up with an
ABI breakage if they don't have at least one uint64_aligned_t field copied.

Insert explicit padding, and some build assertions to ensure it never changes
moving forwards.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
---
CC: George Dunlap <George.Dunlap@eu.citrix.com>
CC: Ian Jackson <ian.jackson@citrix.com>
CC: Jan Beulich <JBeulich@suse.com>
CC: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
CC: Stefano Stabellini <sstabellini@kernel.org>
CC: Wei Liu <wl@xen.org>
CC: Julien Grall <julien@xen.org>

Further proof that C isn't an appropriate way to desribe an ABI...
---
 xen/common/domctl.c         | 8 ++++++++
 xen/include/public/domctl.h | 1 +
 2 files changed, 9 insertions(+)

diff --git a/xen/common/domctl.c b/xen/common/domctl.c
index a69b3b59a8..20ef8399bd 100644
--- a/xen/common/domctl.c
+++ b/xen/common/domctl.c
@@ -959,6 +959,14 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl)
     return ret;
 }
 
+static void __init __maybe_unused build_assertions(void)
+{
+    struct xen_domctl d;
+
+    BUILD_BUG_ON(sizeof(d) != 16 /* header */ + 128 /* union */);
+    BUILD_BUG_ON(offsetof(typeof(d), u) != 16);
+}
+
 /*
  * Local variables:
  * mode: C
diff --git a/xen/include/public/domctl.h b/xen/include/public/domctl.h
index 59bdc28c89..9464a9058a 100644
--- a/xen/include/public/domctl.h
+++ b/xen/include/public/domctl.h
@@ -1222,6 +1222,7 @@ struct xen_domctl {
 #define XEN_DOMCTL_gdbsx_domstatus             1003
     uint32_t interface_version; /* XEN_DOMCTL_INTERFACE_VERSION */
     domid_t  domain;
+    uint16_t _pad[3];
     union {
         struct xen_domctl_createdomain      createdomain;
         struct xen_domctl_getdomaininfo     getdomaininfo;
-- 
2.11.0



^ permalink raw reply related	[flat|nested] 3+ messages in thread
* Re: [PATCH] public/domctl: Fix the struct xen_domctl ABI in 32bit builds
  2020-07-28 10:15 [PATCH] public/domctl: Fix the struct xen_domctl ABI in 32bit builds Andrew Cooper
@ 2020-07-28 10:21 ` Julien Grall
  2020-07-28 18:00 ` Jan Beulich
  1 sibling, 0 replies; 3+ messages in thread
From: Julien Grall @ 2020-07-28 10:21 UTC (permalink / raw)
  To: Andrew Cooper, Xen-devel
  Cc: Stefano Stabellini, Wei Liu, Konrad Rzeszutek Wilk,
	George Dunlap, Jan Beulich, Ian Jackson

Hi Andrew,

On 28/07/2020 11:15, Andrew Cooper wrote:
> The Xen domctl ABI currently relies on the union containing a field with
> alignment of 8.
> 
> 32bit projects which only copy the used subset of functionality end up with an
> ABI breakage if they don't have at least one uint64_aligned_t field copied.
> 
> Insert explicit padding, and some build assertions to ensure it never changes
> moving forwards.
> 
> Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Acked-by: Julien Grall <jgrall@amazon.com>

Cheers,

-- 
Julien Grall


^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [PATCH] public/domctl: Fix the struct xen_domctl ABI in 32bit builds
  2020-07-28 10:15 [PATCH] public/domctl: Fix the struct xen_domctl ABI in 32bit builds Andrew Cooper
  2020-07-28 10:21 ` Julien Grall
@ 2020-07-28 18:00 ` Jan Beulich
  1 sibling, 0 replies; 3+ messages in thread
From: Jan Beulich @ 2020-07-28 18:00 UTC (permalink / raw)
  To: Andrew Cooper
  Cc: Stefano Stabellini, Julien Grall, Wei Liu, Konrad Rzeszutek Wilk,
	George Dunlap, Ian Jackson, Xen-devel

On 28.07.2020 12:15, Andrew Cooper wrote:
> The Xen domctl ABI currently relies on the union containing a field with
> alignment of 8.
> 
> 32bit projects which only copy the used subset of functionality end up with an
> ABI breakage if they don't have at least one uint64_aligned_t field copied.

I'm entirely find with the change, but I'm struggling with this justification:
How can _any_ change to the header in our tree help people using custom
derivations (i.e. including those defining only some of the union members)?

> Further proof that C isn't an appropriate way to desribe an ABI...

Further proof that it requires more careful writing in C to serve as an ABI
description, I would say.

> --- a/xen/common/domctl.c
> +++ b/xen/common/domctl.c
> @@ -959,6 +959,14 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl)
>       return ret;
>   }
>   
> +static void __init __maybe_unused build_assertions(void)
> +{
> +    struct xen_domctl d;

Doesn't this also need __maybe_unused? Afaik ...

> +    BUILD_BUG_ON(sizeof(d) != 16 /* header */ + 128 /* union */);
> +    BUILD_BUG_ON(offsetof(typeof(d), u) != 16);
> +}

... neither sizeof() nor typeof() count as actual uses.

Jan


^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2020-07-28 18:00 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-07-28 10:15 [PATCH] public/domctl: Fix the struct xen_domctl ABI in 32bit builds Andrew Cooper
2020-07-28 10:21 ` Julien Grall
2020-07-28 18:00 ` Jan Beulich

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).