From: "Chen, Tiejun" <tiejun.chen@intel.com>
To: Jan Beulich <JBeulich@suse.com>
Cc: kevin.tian@intel.com, wei.liu2@citrix.com,
ian.campbell@citrix.com, stefano.stabellini@eu.citrix.com,
tim@xen.org, ian.jackson@eu.citrix.com, xen-devel@lists.xen.org,
yang.z.zhang@intel.com
Subject: Re: [v8][PATCH 04/17] update the existing hypercall to support XEN_DOMCTL_set_rdm
Date: Tue, 09 Dec 2014 15:47:07 +0800 [thread overview]
Message-ID: <5486A8FB.4080402@intel.com> (raw)
In-Reply-To: <54857491020000780004D9D6@mail.emea.novell.com>
On 2014/12/8 16:51, Jan Beulich wrote:
>>>> On 08.12.14 at 08:11, <tiejun.chen@intel.com> wrote:
>> On 2014/12/4 23:50, Jan Beulich wrote:
>>>>>> On 01.12.14 at 10:24, <tiejun.chen@intel.com> wrote:
>>>>
>>>> - if ( __copy_to_compat_offset(grdm->map.buffer, grdm->used_entries,
>>>> - &rdm, 1) )
>>>> - return -EFAULT;
>>>> + if ( d )
>>>> + {
>>>> + if ( d->arch.hvm_domain.pci_force )
>>>
>>> You didn't verify that the domain is a HVM/PVH one.
>>
>> Is this, ASSERT(is_hvm_domain(grdm.domain)), correct?
>
> Certainly not, or do you want to crash the hypervisor because of bad
> tools input?
Based on konrad's hint, I hope this should work for you,
+ if ( !is_hvm_domain(d) )
+ return -ENOSYS;
>
>>>> + {
>>>> + if ( grdm->used_entries < grdm->map.nr_entries )
>>>> + {
>>>> + if ( __copy_to_compat_offset(grdm->map.buffer,
>>>> + grdm->used_entries,
>>>> + &rdm, 1) )
>>>> + {
>>>> + rcu_unlock_domain(d);
>>>> + return -EFAULT;
>>>> + }
>>>> + }
>>>> + ++grdm->used_entries;
>>>> + }
>>>> + else
>>>> + {
>>>> + for ( i = 0; i < d->arch.hvm_domain.num_pcidevs; i++ )
>>>> + {
>>>> + sbdf = PCI_SBDF2(d->arch.hvm_domain.pcidevs[i].seg,
>>>> + d->arch.hvm_domain.pcidevs[i].bus,
>>>> + d->arch.hvm_domain.pcidevs[i].devfn);
>>>> + if ( sbdf == id )
>>>> + {
>>>> + if ( grdm->used_entries < grdm->map.nr_entries )
>>>> + {
>>>> + if ( __copy_to_compat_offset(grdm->map.buffer,
>>>> + grdm->used_entries,
>>>> + &rdm, 1) )
>>>> + {
>>>> + rcu_unlock_domain(d);
>>>> + return -EFAULT;
>>>> + }
>>>> + }
>>>> + ++grdm->used_entries;
>>>
>>> break;
>>
>> Added.
>>
>>>
>>> Also trying to fold code identical on the if and else branches would
>>> seem pretty desirable.
>>
>> Sorry, I can't see what I'm missing.
>
> The whole "if-copy-unlock-and-return-EFAULT-otherwise-increment"
> is identical and can be factored out pretty easily afaict.
What about this?
struct get_reserved_device_memory {
struct xen_reserved_device_memory_map map;
unsigned int used_entries;
struct domain *domain;
};
static int get_reserved_device_memory(xen_pfn_t start, xen_ulong_t nr,
u32 id, void *ctxt)
{
struct get_reserved_device_memory *grdm = ctxt;
struct domain *d = grdm->domain;
unsigned int i, hit_one = 0;
u32 sbdf;
struct xen_reserved_device_memory rdm = {
.start_pfn = start, .nr_pages = nr
};
if ( !d->arch.hvm_domain.pci_force )
{
for ( i = 0; i < d->arch.hvm_domain.num_pcidevs; i++ )
{
sbdf = PCI_SBDF2(d->arch.hvm_domain.pcidevs[i].seg,
d->arch.hvm_domain.pcidevs[i].bus,
d->arch.hvm_domain.pcidevs[i].devfn);
if ( sbdf == id )
{
hit_one = 1;
break;
}
}
if ( !hit_one )
return 0;
}
if ( grdm->used_entries < grdm->map.nr_entries )
{
if ( __copy_to_guest_offset(grdm->map.buffer,
grdm->used_entries,
&rdm, 1) )
return -EFAULT;
}
++grdm->used_entries;
return 0;
}
>
>>>> @@ -319,9 +358,13 @@ int compat_memory_op(unsigned int cmd,
>> XEN_GUEST_HANDLE_PARAM(void) compat)
>>>>
>>>> if ( !rc && grdm.map.nr_entries < grdm.used_entries )
>>>> rc = -ENOBUFS;
>>>> +
>>>> grdm.map.nr_entries = grdm.used_entries;
>>>> - if ( __copy_to_guest(compat, &grdm.map, 1) )
>>>> - rc = -EFAULT;
>>>> + if ( grdm.map.nr_entries )
>>>> + {
>>>> + if ( __copy_to_guest(compat, &grdm.map, 1) )
>>>> + rc = -EFAULT;
>>>> + }
>>>
>>> Why do you need this change?
>>
>> If we have no any entries, why do we still copy that?
>
> That's not only a pointless optimization (the counter question being
> "Why add an extra conditional when the copying does no harm?"), but
> also not subject of this patch. Additionally iirc the field is an IN/OUT,
> i.e. when no entries were found you want to tell the caller so.
Right so I will recover that.
>
>>>> --- a/xen/drivers/passthrough/vtd/dmar.c
>>>> +++ b/xen/drivers/passthrough/vtd/dmar.c
>>>> @@ -904,17 +904,33 @@ int platform_supports_x2apic(void)
>>>>
>>>> int intel_iommu_get_reserved_device_memory(iommu_grdm_t *func, void *ctxt)
>>>> {
>>>> - struct acpi_rmrr_unit *rmrr;
>>>> + struct acpi_rmrr_unit *rmrr, *rmrr_cur = NULL;
>>>> int rc = 0;
>>>> + unsigned int i;
>>>> + u16 bdf;
>>>>
>>>> - list_for_each_entry(rmrr, &acpi_rmrr_units, list)
>>>> + for_each_rmrr_device ( rmrr, bdf, i )
>>>> {
>>>> - rc = func(PFN_DOWN(rmrr->base_address),
>>>> - PFN_UP(rmrr->end_address) - PFN_DOWN(rmrr->base_address),
>>>> - ctxt);
>>>> - if ( rc )
>>>> - break;
>>>> + if ( rmrr != rmrr_cur )
>>>> + {
>>>> + rc = func(PFN_DOWN(rmrr->base_address),
>>>> + PFN_UP(rmrr->end_address) -
>>>> + PFN_DOWN(rmrr->base_address),
>>>> + PCI_SBDF(rmrr->segment, bdf),
>>>> + ctxt);
>>>> +
>>>> + if ( unlikely(rc < 0) )
>>>> + return rc;
>>>> +
>>>> + /* Just go next. */
>>>> + if ( !rc )
>>>> + rmrr_cur = rmrr;
>>>> +
>>>> + /* Now just return specific to user requirement. */
>>>> + if ( rc > 0 )
>>>> + return rc;
>>>
>>> Nice that you check for that, but I can't see this case occurring
>>> anymore. Did you lose some code? Also please don't write code
>>
>> We have three scenarios here:
>>
>> #1 rc < 0 means this is an error;
>> #2 rc = 0 means the tools caller don't know how many buffers it should
>> construct, so we need to count all entries as 'nr_entries' to return.
>> #3 rc > 0 means in some cases, we need to return some specific values,
>> like 1 to indicate we're hitting some RMRR range. Currently, we use gfn
>> to check this in case of memory populating, ept violation handler and
>> mem_access.
>
> Yes, I saw that you make use of this in later patches. It just seemed
> suspicious that you don't in this one.
>
>>>> --- a/xen/include/public/memory.h
>>>> +++ b/xen/include/public/memory.h
>>>> @@ -586,6 +586,11 @@ typedef struct xen_reserved_device_memory
>>>> xen_reserved_device_memory_t;
>>>> DEFINE_XEN_GUEST_HANDLE(xen_reserved_device_memory_t);
>>>>
>>>> struct xen_reserved_device_memory_map {
>>>> + /*
>>>> + * Domain whose reservation is being changed.
>>>> + * Unprivileged domains can specify only DOMID_SELF.
>>>> + */
>>>> + domid_t domid;
>>>> /* IN/OUT */
>>>> unsigned int nr_entries;
>>>> /* OUT */
>>>
>>> Your addition lacks an IN annotation.
>>
>> Are you saying something for 'nr_entries'? But I didn't introduce
>> anything to change the original usage. Anyway, I try to improve this,
>>
>> /*
>> * IN: on call the number of entries which can be stored in buffer.
>> * OUT: on return the number of entries which have been stored in
>> * buffer. If on call the number is less the number of all necessary
>> * entries, on return the number of entries which is needed.
>> */
>>
>
> No, I said "your addition lacks ...". And you addition is the "domid"
> field.
>
Sorry I'm misunderstanding this.
struct xen_reserved_device_memory_map {
/*
* IN: Domain whose reservation is being changed.
* Unprivileged domains can specify only DOMID_SELF.
*/
domid_t domid;
/* IN/OUT */
unsigned int nr_entries;
/* OUT */
XEN_GUEST_HANDLE(xen_reserved_device_memory_t) buffer;
};
Thanks
Tiejun
next prev parent reply other threads:[~2014-12-09 7:47 UTC|newest]
Thread overview: 106+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-12-01 9:24 [v8][PATCH 00/17] xen: RMRR fix Tiejun Chen
2014-12-01 9:24 ` [v8][PATCH 01/17] tools/hvmloader: link errno.h from xen internal Tiejun Chen
2014-12-01 9:24 ` [v8][PATCH 02/17] introduce XEN_DOMCTL_set_rdm Tiejun Chen
2014-12-02 8:33 ` Tian, Kevin
2014-12-08 1:30 ` Chen, Tiejun
2014-12-02 19:39 ` Konrad Rzeszutek Wilk
2014-12-08 3:16 ` Chen, Tiejun
2014-12-08 15:57 ` Konrad Rzeszutek Wilk
2014-12-09 1:06 ` Chen, Tiejun
2014-12-09 8:33 ` Jan Beulich
2014-12-09 16:36 ` Konrad Rzeszutek Wilk
2014-12-04 15:33 ` Jan Beulich
2014-12-05 6:13 ` Tian, Kevin
2014-12-08 6:06 ` Chen, Tiejun
2014-12-08 8:43 ` Jan Beulich
2014-12-09 2:38 ` Chen, Tiejun
2014-12-09 7:29 ` Jan Beulich
2014-12-01 9:24 ` [v8][PATCH 03/17] introduce XENMEM_reserved_device_memory_map Tiejun Chen
2014-12-02 19:47 ` Konrad Rzeszutek Wilk
2014-12-08 6:17 ` Chen, Tiejun
2014-12-08 10:00 ` Jan Beulich
2014-12-08 16:45 ` Daniel De Graaf
2014-12-08 16:54 ` Jan Beulich
2014-12-01 9:24 ` [v8][PATCH 04/17] update the existing hypercall to support XEN_DOMCTL_set_rdm Tiejun Chen
2014-12-02 8:46 ` Tian, Kevin
2014-12-08 6:22 ` Chen, Tiejun
2014-12-04 15:50 ` Jan Beulich
2014-12-08 7:11 ` Chen, Tiejun
2014-12-08 8:51 ` Jan Beulich
2014-12-09 7:47 ` Chen, Tiejun [this message]
2014-12-09 8:19 ` Jan Beulich
2014-12-09 9:12 ` Chen, Tiejun
2014-12-09 9:21 ` Jan Beulich
2014-12-09 9:35 ` Chen, Tiejun
2014-12-09 10:11 ` Tim Deegan
2014-12-09 10:22 ` Jan Beulich
2014-12-10 1:59 ` Chen, Tiejun
2014-12-10 20:21 ` Konrad Rzeszutek Wilk
2014-12-10 3:39 ` Tian, Kevin
2014-12-10 9:01 ` Jan Beulich
2014-12-10 9:57 ` Tian, Kevin
2014-12-10 11:12 ` Tim Deegan
2014-12-11 2:03 ` Tian, Kevin
2014-12-11 13:09 ` Tim Deegan
2014-12-18 16:13 ` Tim Deegan
2014-12-19 1:03 ` Chen, Tiejun
2014-12-01 9:24 ` [v8][PATCH 05/17] tools/libxc: introduce hypercall for xc_reserved_device_memory_map Tiejun Chen
2014-12-02 8:46 ` Tian, Kevin
2014-12-02 19:50 ` Konrad Rzeszutek Wilk
2014-12-08 7:25 ` Chen, Tiejun
2014-12-08 15:52 ` Konrad Rzeszutek Wilk
2014-12-01 9:24 ` [v8][PATCH 06/17] tools/libxc: check if modules space is overlapping with reserved device memory Tiejun Chen
2014-12-02 8:54 ` Tian, Kevin
2014-12-02 19:55 ` Konrad Rzeszutek Wilk
2014-12-08 7:49 ` Chen, Tiejun
2014-12-01 9:24 ` [v8][PATCH 07/17] hvmloader/util: get reserved device memory maps Tiejun Chen
2014-12-02 8:59 ` Tian, Kevin
2014-12-08 7:55 ` Chen, Tiejun
2014-12-02 20:01 ` Konrad Rzeszutek Wilk
2014-12-08 8:09 ` Chen, Tiejun
2014-12-08 8:45 ` Chen, Tiejun
2014-12-04 15:52 ` Jan Beulich
2014-12-08 8:52 ` Chen, Tiejun
2014-12-08 9:18 ` Jan Beulich
2014-12-01 9:24 ` [v8][PATCH 08/17] hvmloader/mmio: reconcile guest mmio with reserved device memory Tiejun Chen
2014-12-02 9:11 ` Tian, Kevin
2014-12-08 9:04 ` Chen, Tiejun
2014-12-04 16:04 ` Jan Beulich
2014-12-08 9:10 ` Chen, Tiejun
2014-12-01 9:24 ` [v8][PATCH 09/17] hvmloader/ram: check if guest memory is out of reserved device memory maps Tiejun Chen
2014-12-02 9:42 ` Tian, Kevin
2014-12-02 20:17 ` Konrad Rzeszutek Wilk
2014-12-04 16:20 ` Jan Beulich
2014-12-05 6:23 ` Tian, Kevin
2014-12-05 7:43 ` Jan Beulich
2014-12-01 9:24 ` [v8][PATCH 10/17] hvmloader/mem_hole_alloc: skip any overlap with reserved device memory Tiejun Chen
2014-12-02 9:48 ` Tian, Kevin
2014-12-02 20:23 ` Konrad Rzeszutek Wilk
2014-12-04 16:28 ` Jan Beulich
2014-12-05 6:24 ` Tian, Kevin
2014-12-05 7:46 ` Jan Beulich
2014-12-01 9:24 ` [v8][PATCH 11/17] xen/x86/p2m: reject populating for reserved device memory mapping Tiejun Chen
2014-12-02 9:57 ` Tian, Kevin
2014-12-04 16:42 ` Jan Beulich
2014-12-01 9:24 ` [v8][PATCH 12/17] xen/x86/ept: handle reserved device memory in ept_handle_violation Tiejun Chen
2014-12-02 9:59 ` Tian, Kevin
2014-12-02 20:26 ` Konrad Rzeszutek Wilk
2014-12-04 16:46 ` Jan Beulich
2014-12-01 9:24 ` [v8][PATCH 13/17] xen/mem_access: don't allow accessing reserved device memory Tiejun Chen
2014-12-02 14:54 ` Julien Grall
2014-12-18 22:56 ` Tamas K Lengyel
2014-12-02 20:27 ` Konrad Rzeszutek Wilk
2014-12-04 16:51 ` Jan Beulich
2014-12-01 9:24 ` [v8][PATCH 14/17] xen/x86/p2m: introduce set_identity_p2m_entry Tiejun Chen
2014-12-02 10:00 ` Tian, Kevin
2014-12-02 20:29 ` Konrad Rzeszutek Wilk
2014-12-01 9:24 ` [v8][PATCH 15/17] xen:vtd: create RMRR mapping Tiejun Chen
2014-12-02 10:02 ` Tian, Kevin
2014-12-02 20:30 ` Konrad Rzeszutek Wilk
2014-12-01 9:24 ` [v8][PATCH 16/17] xen/vtd: group assigned device with RMRR Tiejun Chen
2014-12-02 10:11 ` Tian, Kevin
2014-12-02 20:40 ` Konrad Rzeszutek Wilk
2014-12-04 17:05 ` Jan Beulich
2014-12-01 9:24 ` [v8][PATCH 17/17] xen/vtd: re-enable USB device assignment if enable pci_force Tiejun Chen
2014-12-05 16:12 ` Konrad Rzeszutek Wilk
2014-12-02 19:17 ` [v8][PATCH 00/17] xen: RMRR fix Konrad Rzeszutek Wilk
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5486A8FB.4080402@intel.com \
--to=tiejun.chen@intel.com \
--cc=JBeulich@suse.com \
--cc=ian.campbell@citrix.com \
--cc=ian.jackson@eu.citrix.com \
--cc=kevin.tian@intel.com \
--cc=stefano.stabellini@eu.citrix.com \
--cc=tim@xen.org \
--cc=wei.liu2@citrix.com \
--cc=xen-devel@lists.xen.org \
--cc=yang.z.zhang@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.