Let's say you're debugging tdg_vm_rd(). You suspect someone read the
spec wrong. You pull up the spec:
https://sr71.net/~dave/intel/tdg.vm.rd.png
On 5/17/24 07:19, Kirill A. Shutemov wrote:
> static inline u64 tdg_vm_rd(u64 field, u64 *value)
> {
> - struct tdx_module_args args = {
> - .rdx = field,
> - };
RDX is assigned 'field'. Makes sense based on the input operands.
> - u64 ret;
> -
> - ret = __tdcall_ret(TDG_VM_RD, &args)> - *value = args.r8;
'value' is set to r8. Also matches the spec. It's obvious that this is
a 'two return values' pattern.
> - return ret;
This is also obviously correct.
Compare that to:
> + return TDCALL_1(TDG_VM_RD, 0, field, 0, 0, value);
> }
Where it's 100% opaque which registers thing to into or that 'value' is
an output, not an input.
So, yeah, this is fewer lines of C code. But it's *WAY* less
self-documenting. It's harder to audit. It's harder to understand and
it's more opaque.
While the goals here are laudable, I'm not a big fan of the end result.
