From: Martin Kelly <martin@martingkelly.com>
To: David Vrabel <david.vrabel@citrix.com>,
linux-kernel@vger.kernel.org, xen-devel@lists.xenproject.org,
x86@kernel.org
Cc: mingo@redhat.com, Martin Kelly <martkell@amazon.com>,
hpa@zytor.com, boris.ostrovsky@oracle.com, tglx@linutronix.de
Subject: Re: [Xen-devel] [PATCH 1/2] x86: separate out sanitize_e820_map return codes
Date: Tue, 14 Oct 2014 07:05:28 -0700 [thread overview]
Message-ID: <543D2DA8.7030600@martingkelly.com> (raw)
In-Reply-To: <543CEDFD.6020501@citrix.com>
On 10/14/2014 02:33 AM, David Vrabel wrote:
> On 14/10/14 03:30, Martin Kelly wrote:
>> Previously, sanitize_e820_map returned -1 in all cases in which it did
>> nothing. However, sanitize_e820_map can do nothing either because the
>> input map has size 1 (this is ok) or because the input map passed in is
>> invalid (likely an issue). It is nice for the caller to be able to
>> distinguish the two cases and treat them separately.
>
> Wouldn't it be more sensible to return 0 (success) in the case of a
> single entry map? IMO, a 1 entry map is by definition sanitized.
>
> David
>
I had that thought as I writing the patch, but I was worried about breaking callers. Luckily, it appears there are only 11 callers in the kernel, and all except one either:
(1) Don't check the return value of sanitize_e820_map or
(2) Check against 0 rather than < 0
One caller is checking for < 0: arch/x86/kernel/e820.c:finish_e820_parsing :
if (userdef) {
u32 nr = e820.nr_map;
if (sanitize_e820_map(e820.map, ARRAY_SIZE(e820.map), &nr) < 0)
early_panic("Invalid user supplied memory map");
e820.nr_map = nr;
printk(KERN_INFO "e820: user-defined physical RAM map:\n");
e820_print_map("user");
}
This seems like a bug, as if the user-defined memory map is size 1, there will be an erroneous panic.
I will issue a new revision to change the return values to 0 or -1, with 0 including the size 1 case. In addition, I will add a patch to either change all the callers to actually check this value or to panic in the error case of sanitize_e820_map itself. Which do you think is a cleaner approach?
next prev parent reply other threads:[~2014-10-14 14:05 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-10-14 2:30 [PATCH 1/2] x86: separate out sanitize_e820_map return codes Martin Kelly
2014-10-14 2:30 ` [PATCH 2/2] xen/setup: warn on bad Xen-supplied memory map Martin Kelly
2014-10-14 2:30 ` Martin Kelly
2014-10-14 9:33 ` [PATCH 1/2] x86: separate out sanitize_e820_map return codes David Vrabel
2014-10-14 9:33 ` [Xen-devel] " David Vrabel
2014-10-14 14:05 ` Martin Kelly [this message]
2014-10-14 14:05 ` Martin Kelly
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=543D2DA8.7030600@martingkelly.com \
--to=martin@martingkelly.com \
--cc=boris.ostrovsky@oracle.com \
--cc=david.vrabel@citrix.com \
--cc=hpa@zytor.com \
--cc=linux-kernel@vger.kernel.org \
--cc=martkell@amazon.com \
--cc=mingo@redhat.com \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.