All of lore.kernel.org
 help / color / mirror / Atom feed
From: Andrew Cooper <andrew.cooper3@citrix.com>
To: Jan Beulich <jbeulich@suse.com>,
	"xen-devel@lists.xenproject.org" <xen-devel@lists.xenproject.org>
Cc: "Wei Liu" <wl@xen.org>, "Roger Pau Monné" <roger.pau@citrix.com>,
	"George Dunlap" <george.dunlap@citrix.com>
Subject: Re: [PATCH 1/6] x86/p2m: tidy p2m_add_foreign() a little
Date: Thu, 17 Dec 2020 19:03:54 +0000	[thread overview]
Message-ID: <55de56b3-0e83-c558-6432-9853db82f57a@citrix.com> (raw)
In-Reply-To: <8b70c26e-7ae6-8438-67a3-99cef338ba52@suse.com>

On 15/12/2020 16:25, Jan Beulich wrote:
> Drop a bogus ASSERT() - we don't typically assert incoming domain
> pointers to be non-NULL, and there's no particular reason to do so here.
>
> Replace the open-coded DOMID_SELF check by use of
> rcu_lock_remote_domain_by_id(), at the same time covering the request
> being made with the current domain's actual ID.
>
> Move the "both domains same" check into just the path where it really
> is meaningful.
>
> Swap the order of the two puts, such that
> - the p2m lock isn't needlessly held across put_page(),
> - a separate put_page() on an error path can be avoided,
> - they're inverse to the order of the respective gets.
>
> Signed-off-by: Jan Beulich <jbeulich@suse.com>

Acked-by: Andrew Cooper <andrew.cooper3@citrix.com>

> ---
> The DOMID_SELF check being converted also suggests to me that there's an
> implication of tdom == current->domain, which would in turn appear to
> mean the "both domains same" check could as well be dropped altogether.

I don't see anything conceptually wrong with the toolstack creating a
foreign mapping on behalf of a guest at construction time.  I'd go as
far as to argue that it is an interface shortcoming if this didn't
function correctly.

>
> --- a/xen/arch/x86/mm/p2m.c
> +++ b/xen/arch/x86/mm/p2m.c
> @@ -2560,9 +2560,6 @@ int p2m_add_foreign(struct domain *tdom,
>      int rc;
>      struct domain *fdom;
>  
> -    ASSERT(tdom);
> -    if ( foreigndom == DOMID_SELF )
> -        return -EINVAL;
>      /*
>       * hvm fixme: until support is added to p2m teardown code to cleanup any
>       * foreign entries, limit this to hardware domain only.
> @@ -2573,13 +2570,15 @@ int p2m_add_foreign(struct domain *tdom,
>      if ( foreigndom == DOMID_XEN )
>          fdom = rcu_lock_domain(dom_xen);
>      else
> -        fdom = rcu_lock_domain_by_id(foreigndom);
> -    if ( fdom == NULL )
> -        return -ESRCH;
> +    {
> +        rc = rcu_lock_remote_domain_by_id(foreigndom, &fdom);

It occurs to me that rcu_lock_remote_domain_by_id()'s self error path
ought to be -EINVAL rather than -EPERM.  It's never for permissions
reasons that we restrict to remote domains like this - always for
technical ones.

But that is definitely content for a different patch.

~Andrew


  reply	other threads:[~2020-12-17 19:04 UTC|newest]

Thread overview: 29+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-12-15 16:24 [PATCH 0/6] x86/p2m: restrict more code to build just for HVM Jan Beulich
2020-12-15 16:25 ` [PATCH 1/6] x86/p2m: tidy p2m_add_foreign() a little Jan Beulich
2020-12-17 19:03   ` Andrew Cooper [this message]
2020-12-18  8:39     ` Jan Beulich
2020-12-15 16:26 ` [PATCH 2/6] x86/mm: p2m_add_foreign() is HVM-only Jan Beulich
2020-12-17 19:18   ` Andrew Cooper
2020-12-18  8:48     ` Jan Beulich
2020-12-21  8:10     ` Jan Beulich
2020-12-22 10:40       ` Andrew Cooper
2021-01-04 16:57         ` Oleksandr Tyshchenko
2021-01-05  8:48           ` Jan Beulich
2021-01-08 16:38             ` Oleksandr
2021-01-08 17:01               ` Jan Beulich
2021-01-08 17:37                 ` Oleksandr
2021-01-11  7:41                   ` Jan Beulich
2021-01-11  8:23                     ` Oleksandr
2021-01-12 11:58                       ` Jan Beulich
2021-01-13 15:06                         ` Oleksandr
2021-01-23 13:22                           ` Julien Grall
2021-01-25  9:10                             ` Jan Beulich
2021-01-25 10:33                             ` Jan Beulich
2020-12-15 16:26 ` [PATCH 3/6] x86/p2m: set_{foreign,mmio}_p2m_entry() are HVM-only Jan Beulich
2020-12-17 19:54   ` Andrew Cooper
2020-12-18  8:58     ` Jan Beulich
2020-12-15 16:26 ` [PATCH 4/6] x86/p2m: {,un}map_mmio_regions() " Jan Beulich
2020-12-15 16:27 ` [PATCH 5/6] x86/mm: the gva_to_gfn() hook is HVM-only Jan Beulich
2020-12-22 17:02   ` Jan Beulich
2020-12-15 16:28 ` [PATCH 6/6] x86/p2m: set_shared_p2m_entry() is MEM_SHARING-only Jan Beulich
2020-12-15 17:05   ` Tamas K Lengyel

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=55de56b3-0e83-c558-6432-9853db82f57a@citrix.com \
    --to=andrew.cooper3@citrix.com \
    --cc=george.dunlap@citrix.com \
    --cc=jbeulich@suse.com \
    --cc=roger.pau@citrix.com \
    --cc=wl@xen.org \
    --cc=xen-devel@lists.xenproject.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.