From mboxrd@z Thu Jan  1 00:00:00 1970
From: Andrew Cooper <andrew.cooper3@citrix.com>
Subject: Re: [PATCH v2] tools/libxc: Implement writev_exact() in
 the same style as write_exact()
Date: Tue, 8 Jul 2014 10:32:12 +0100
Message-ID: <53BBBA9C.1030005@citrix.com>
References: <1404728318-13474-1-git-send-email-andrew.cooper3@citrix.com>
	<53BBB966.4020609@citrix.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-bounces@lists.xen.org>
In-Reply-To: <53BBB966.4020609@citrix.com>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Sender: xen-devel-bounces@lists.xen.org
Errors-To: xen-devel-bounces@lists.xen.org
To: David Vrabel <david.vrabel@citrix.com>, Xen-devel <xen-devel@lists.xen.org>
Cc: Ian Jackson <Ian.Jackson@eu.citrix.com>, Ian Campbell <Ian.Campbell@citrix.com>
List-Id: xen-devel@lists.xenproject.org

On 08/07/14 10:27, David Vrabel wrote:
> On 07/07/14 11:18, Andrew Cooper wrote:
>> This implementation of writev_exact() will cope with an iovcnt greater than
>> IOV_MAX because glibc will actually let this work anyway, and it is very
>> useful not to have to work about this in the caller of writev_exact().  The
>> caller is still required to ensure that the sum of iov_len's doesn't overflow
>> a ssize_t.
>>
>> Promote the MAX() and MIN() macro definitions from xg_save_restore.h to
>> xc_private.h
> [...]
>> --- a/tools/libxc/xc_private.c
>> +++ b/tools/libxc/xc_private.c
>> @@ -854,6 +854,37 @@ int write_exact(int fd, const void *data, size_t size)
>>      return 0;
>>  }
>>  
>> +int writev_exact(int fd, const struct iovec *iov, int iovcnt)
>> +{
> [...]
>> +        /* writev() guarentees atomicity of individual iov[] elements.  Sanity
>> +         * check that the returned len did lie on an iov[] element boundary. */
>> +        assert(len == 0);
> There's nothing in the writev(2) man page that says this.  I think you
> need to handle partial writes of an entry.

Final paragraph in the DESCRIPTION

"The data transfers performed by readv() and writev() are atomic: the
data written by writev() is written as a single block that is not
intermingled with output from writes in other processes"

By my reading, it cannot guarantee atomicity if it would split an iov[]
element.

>
>> --- a/tools/libxc/xc_private.h
>> +++ b/tools/libxc/xc_private.h
> [...]
>> +#ifndef MAX
>> +#define MAX(_a, _b) ((_a) >= (_b) ? (_a) : (_b))
>> +#endif
>> +#ifndef MIN
>> +#define MIN(_a, _b) ((_a) <= (_b) ? (_a) : (_b))
>> +#endif
> Do we really want to use these unsafe macros in more places?
>
> David

Perhaphs, perhaps not, but there are no typesafe ones to hand.

~Andrew