From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:57316)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <mst@redhat.com>) id 1XqKbr-0003bI-FO
	for qemu-devel@nongnu.org; Mon, 17 Nov 2014 06:36:49 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <mst@redhat.com>) id 1XqKbl-0002sW-7E
	for qemu-devel@nongnu.org; Mon, 17 Nov 2014 06:36:43 -0500
Received: from mx1.redhat.com ([209.132.183.28]:56264)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <mst@redhat.com>) id 1XqKbl-0002s9-0S
	for qemu-devel@nongnu.org; Mon, 17 Nov 2014 06:36:37 -0500
Received: from int-mx13.intmail.prod.int.phx2.redhat.com
	(int-mx13.intmail.prod.int.phx2.redhat.com [10.5.11.26])
	by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id sAHBaabD006929
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256
	verify=FAIL)
	for <qemu-devel@nongnu.org>; Mon, 17 Nov 2014 06:36:36 -0500
Date: Mon, 17 Nov 2014 13:36:33 +0200
From: "Michael S. Tsirkin" <mst@redhat.com>
Message-ID: <20141117113633.GA10680@redhat.com>
References: <1415785203-26938-1-git-send-email-mst@redhat.com>
	<1415785203-26938-3-git-send-email-mst@redhat.com>
	<20141117105852.GC2237@work-vm>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20141117105852.GC2237@work-vm>
Subject: Re: [Qemu-devel] [PATCH 2/4] exec: add wrapper for host pointer
	access
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>, qemu-devel@nongnu.org, quintela@redhat.com

On Mon, Nov 17, 2014 at 10:58:53AM +0000, Dr. David Alan Gilbert wrote:
> * Michael S. Tsirkin (mst@redhat.com) wrote:
> > host pointer accesses force pointer math, let's
> > add a wrapper to make them safer.
> > 
> > Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
> > ---
> >  include/exec/cpu-all.h |  5 +++++
> >  exec.c                 | 10 +++++-----
> >  2 files changed, 10 insertions(+), 5 deletions(-)
> > 
> > diff --git a/include/exec/cpu-all.h b/include/exec/cpu-all.h
> > index c085804..9d8d408 100644
> > --- a/include/exec/cpu-all.h
> > +++ b/include/exec/cpu-all.h
> > @@ -313,6 +313,11 @@ typedef struct RAMBlock {
> >      int fd;
> >  } RAMBlock;
> >  
> > +static inline void *ramblock_ptr(RAMBlock *block, ram_addr_t offset)
> > +{
> > +    return (char *)block->host + offset;
> > +}
> 
> I'm a bit surprised you don't need to pass a length to this to be able
> to tell how much you can access.

This is because at the moment all accesses only touch a single page.
Said assumption seems to be made all over the code, and won't
be easy to remove.

> >  typedef struct RAMList {
> >      QemuMutex mutex;
> >      /* Protected by the iothread lock.  */
> > diff --git a/exec.c b/exec.c
> > index ad5cf12..9648669 100644
> > --- a/exec.c
> > +++ b/exec.c
> > @@ -840,7 +840,7 @@ static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t length)
> >  
> >      block = qemu_get_ram_block(start);
> >      assert(block == qemu_get_ram_block(end - 1));
> > -    start1 = (uintptr_t)block->host + (start - block->offset);
> > +    start1 = (uintptr_t)ramblock_ptr(block, start - block->offset);
> >      cpu_tlb_reset_dirty_all(start1, length);
> >  }
> >  
> > @@ -1500,7 +1500,7 @@ void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
> >      QTAILQ_FOREACH(block, &ram_list.blocks, next) {
> >          offset = addr - block->offset;
> >          if (offset < block->length) {
> > -            vaddr = block->host + offset;
> > +            vaddr = ramblock_ptr(block, offset);
> >              if (block->flags & RAM_PREALLOC) {
> >                  ;
> >              } else if (xen_enabled()) {
> > @@ -1551,7 +1551,7 @@ void *qemu_get_ram_block_host_ptr(ram_addr_t addr)
> >  {
> >      RAMBlock *block = qemu_get_ram_block(addr);
> >  
> > -    return block->host;
> > +    return ramblock_ptr(block, 0);
> >  }
> >  
> >  /* Return a host pointer to ram allocated with qemu_ram_alloc.
> > @@ -1578,7 +1578,7 @@ void *qemu_get_ram_ptr(ram_addr_t addr)
> >                  xen_map_cache(block->offset, block->length, 1);
> >          }
> >      }
> > -    return block->host + (addr - block->offset);
> > +    return ramblock_ptr(block, addr - block->offset);
> >  }
> 
> which then makes me wonder if all the uses of this are safe near the
> end of the block.
> 
> >  /* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
> > @@ -1597,7 +1597,7 @@ static void *qemu_ram_ptr_length(ram_addr_t addr, hwaddr *size)
> >              if (addr - block->offset < block->length) {
> >                  if (addr - block->offset + *size > block->length)
> >                      *size = block->length - addr + block->offset;
> > -                return block->host + (addr - block->offset);
> > +                return ramblock_ptr(block, addr - block->offset);
> >              }
> 
> but then this sounds like it's going to have partial duplication, it already looks
> like it's only going to succeed if it finds itself a block that the access fits
> in.
> 
> 
> Dave

Sorry, I don't really understand what you are saying here.

> >          }
> >  
> > -- 
> > MST
> > 
> --
> Dr. David Alan Gilbert / dgilbert@redhat.com / Manchester, UK