All of lore.kernel.org
 help / color / mirror / Atom feed
From: Andrew Cooper <Andrew.Cooper3@citrix.com>
To: Jan Beulich <jbeulich@suse.com>
Cc: George Dunlap <George.Dunlap@citrix.com>,
	Stefano Stabellini <sstabellini@kernel.org>, Wei Liu <wl@xen.org>,
	Julien Grall <julien@xen.org>,
	Xen-devel <xen-devel@lists.xenproject.org>
Subject: Re: [PATCH 4/4] xen/version: Introduce non-truncating XENVER_* subops
Date: Thu, 5 Jan 2023 22:28:10 +0000	[thread overview]
Message-ID: <63789ce5-5dff-c981-4127-d1ef3227595e@citrix.com> (raw)
In-Reply-To: <f90111d0-b94e-8127-3b13-fbe3558d53f7@suse.com>

On 05/01/2023 8:15 am, Jan Beulich wrote:
> On 04.01.2023 19:34, Andrew Cooper wrote:
>> On 04/01/2023 5:04 pm, Jan Beulich wrote:
>>> On 03.01.2023 21:09, Andrew Cooper wrote:
>>>> API/ABI wise, XENVER_build_id could be merged into xenver_varstring_op(), but
>>>> the internal infrastructure is awkward.
>>> I guess build-id also doesn't fit the rest because of not returning strings,
>>> but indeed an array of bytes. You also couldn't use strlen() on the array.
>> The format is unspecified, but it is a base64 encoded ASCII string (not
>> NUL terminated).
> Where are you taking this base64 encoding from? I see the build ID being pure
> binary data, which could easily have an embedded nul.

Oh, so it is.

I'd failed to spot that libxl formats it automatically on behalf of the
caller.

>>>> +    if ( sz > INT32_MAX )
>>>> +        return -E2BIG; /* Compat guests.  2G ought to be plenty. */
>>> While the comment here and in the public header mention compat guests,
>>> the check is uniform. What's the deal?
>> Well its either this, or a (comat ? INT32_MAX : INT64_MAX) check, along
>> with the ifdefary and predicates required to make that compile.
>>
>> But there's not a CPU today which can actually move 2G of data (which is
>> 4G of L1d bandwidth) without suffering the watchdog (especially as we've
>> just read it once for strlen(), so that's 6G of bandwidth), nor do I
>> expect this to change in the forseeable future.
>>
>> There's some boundary (probably far lower) beyond which we can't use the
>> algorithm here.
>>
>> There wants to be some limit, and I don't feel it is necessary to make
>> it variable on the guest type.
> Sure. My question was merely because of the special mentioning of 32-bit /
> compat guests. I'm fine with the universal limit, and I'd also be fine
> with a lower (universal) bound. All I'm after is that the (to me at least)
> confusing comments be adjusted.

How about 16k then?

>> But overall, I'm not seeing a major objection to this change?  In which
>> case I'll go ahead and do the tools/ cleanup too for v2.
> Well, I'm not entirely convinced of the need for the new subops (we could
> as well introduce build time checks to make sure no truncation will occur
> for the existing ones), but I also won't object to their introduction. At
> least for the command line I can see that we will want (need) to support
> more than 1k worth of a string, considering how many options we have
> accumulated.

I've legitimate customer bugs caused by the cmdline limit, and real test
problems caused by the extraversion limit which I'm unwilling to "fix"
by sticking to the current API/ABI.

~Andrew

  reply	other threads:[~2023-01-05 22:28 UTC|newest]

Thread overview: 25+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-01-03 20:09 [PATCH 0/4] Fix truncation of various XENVER_* subops Andrew Cooper
2023-01-03 20:09 ` [PATCH 1/4] public/version: Change xen_feature_info to have a fixed size Andrew Cooper
2023-01-04  9:03   ` Julien Grall
2023-01-03 20:09 ` [PATCH 2/4] xen/version: Drop compat/kernel.c Andrew Cooper
2023-01-04 16:29   ` Jan Beulich
2023-01-04 19:15     ` Andrew Cooper
2023-01-05  7:22       ` Jan Beulich
2023-01-04 16:48   ` Jan Beulich
2023-01-03 20:09 ` [PATCH 3/4] xen/version: Drop bogus return values for XENVER_platform_parameters Andrew Cooper
2023-01-04 16:40   ` Jan Beulich
2023-01-04 19:55     ` Andrew Cooper
2023-01-05  7:57       ` Jan Beulich
2023-01-05 22:17         ` Andrew Cooper
2023-01-06  7:54           ` Jan Beulich
2023-01-06 12:14             ` Andrew Cooper
2023-01-09  8:06               ` Jan Beulich
2023-01-03 20:09 ` [PATCH 4/4] xen/version: Introduce non-truncating XENVER_* subops Andrew Cooper
2023-01-03 20:47   ` Julien Grall
2023-01-03 21:22     ` Andrew Cooper
2023-01-03 21:40       ` Julien Grall
2023-01-04 17:04   ` Jan Beulich
2023-01-04 18:34     ` Andrew Cooper
2023-01-05  8:15       ` Jan Beulich
2023-01-05 22:28         ` Andrew Cooper [this message]
2023-01-06  7:56           ` Jan Beulich

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=63789ce5-5dff-c981-4127-d1ef3227595e@citrix.com \
    --to=andrew.cooper3@citrix.com \
    --cc=George.Dunlap@citrix.com \
    --cc=jbeulich@suse.com \
    --cc=julien@xen.org \
    --cc=sstabellini@kernel.org \
    --cc=wl@xen.org \
    --cc=xen-devel@lists.xenproject.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.