From: Isaila Alexandru <aisaila@bitdefender.com>
To: Jan Beulich <JBeulich@suse.com>
Cc: George Dunlap <George.Dunlap@eu.citrix.com>,
Andrew Cooper <andrew.cooper3@citrix.com>,
tamas@tklengyel.com, Razvan Cojocaru <rcojocaru@bitdefender.com>,
xen-devel@lists.xen.org
Subject: Re: [PATCH v4] x86/mm: Add mem access rights to NPT
Date: Wed, 25 Jul 2018 12:28:10 +0300 [thread overview]
Message-ID: <1532510890.21125.14.camel@bitdefender.com> (raw)
In-Reply-To: <5B583F8602000078001D78F0@prv1-mh.provo.novell.com>
On Mi, 2018-07-25 at 03:14 -0600, Jan Beulich wrote:
> >
> > >
> > > >
> > > > On 25.07.18 at 10:29, <aisaila@bitdefender.com> wrote:
> > > >
> > > > +static void p2m_set_access(struct p2m_domain *p2m, unsigned
> > > > long
> > > > gfn,
> > > > + p2m_access_t a)
> > > > +{
> > > > + int rc;
> > > > +
> > > > + if ( !p2m->mem_access_settings )
> > > > + return;
> > > No error indication?
> > I would say ASSERT is a better choice if the code got this far and
> > it
> > could not allocate memory
> For one ASSERT() is a no-op in release builds. And then it is
> extremely bad practices to bring down the host when an operation
> targeting just a single guest has failed. You either return an error
> indicator here (and pass it up the call tree), or if that's really
> unfeasible then you crash the affected domain (we do so in quite
> a few other situations). But you'd need to make clear (if it's not
> obvious) why passing up an error is unacceptable here.
>
By this time in the code the radix tree should be in place. If it is
not then the domain should crash because something is wrong and the mem
access feature will not function so passing the error up will have a
result of crashing the domain later after checking.
I will add a domain crash here and a comment regarding it.
Thanks,
Alex
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
next prev parent reply other threads:[~2018-07-25 9:28 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-07-23 13:48 [PATCH v4] x86/mm: Add mem access rights to NPT Alexandru Isaila
2018-07-24 8:55 ` Jan Beulich
2018-07-24 9:28 ` Razvan Cojocaru
2018-07-24 9:33 ` Jan Beulich
2018-07-24 11:26 ` George Dunlap
2018-07-24 12:02 ` Jan Beulich
2018-07-25 9:25 ` George Dunlap
2018-07-25 10:37 ` Jan Beulich
2018-08-09 12:14 ` Isaila Alexandru
2018-09-26 8:17 ` Isaila Alexandru
2018-09-26 13:13 ` George Dunlap
2018-07-25 8:29 ` Isaila Alexandru
2018-07-25 9:14 ` Jan Beulich
2018-07-25 9:28 ` Isaila Alexandru [this message]
2018-09-26 16:02 ` George Dunlap
2018-09-26 16:02 ` George Dunlap
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1532510890.21125.14.camel@bitdefender.com \
--to=aisaila@bitdefender.com \
--cc=George.Dunlap@eu.citrix.com \
--cc=JBeulich@suse.com \
--cc=andrew.cooper3@citrix.com \
--cc=rcojocaru@bitdefender.com \
--cc=tamas@tklengyel.com \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.