All of lore.kernel.org
 help / color / mirror / Atom feed
From: "Jan Beulich" <JBeulich@suse.com>
To: Jennifer Herbert <Jennifer.Herbert@citrix.com>
Cc: Andrew Cooper <andrew.cooper3@citrix.com>,
	Julien Grall <julien.grall@arm.com>,
	Paul Durrant <paul.durrant@citrix.com>,
	Xen-devel <xen-devel@lists.xen.org>
Subject: Re: [PATCH 2/4] hvm/dmop: Implement copy_{to, from}_guest_buf() in terms of raw accessors
Date: Fri, 21 Apr 2017 01:27:55 -0600	[thread overview]
Message-ID: <58F9D09B0200007800152B61@prv-mh.provo.novell.com> (raw)
In-Reply-To: <1492711189-2857-2-git-send-email-jennifer.herbert@citrix.com>

>>> On 20.04.17 at 19:59, <jennifer.herbert@citrix.com> wrote:
> From: Jennifer Herbert <Jennifer.Herbert@citrix.com>

Is this correct, considering that iirc the patch was new in v5 and ...

> This also allows the usual cases to be simplified, by omitting an 
> unnecessary
> buf parameters, and because the macros can appropriately size the object.
> 
> This makes copying to or from a buf that isn't big enough an error.
> If the buffer isnt big enough, trying to carry on regardless
> can only cause trouble later on.
> 
> Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
> Signed-off-by: Jennifer Herbert <Jennifer.Herbert@citrix.com>

... this sequence of S-o-b-s?

> --- a/xen/arch/x86/hvm/dm.c
> +++ b/xen/arch/x86/hvm/dm.c
> @@ -32,36 +32,47 @@ struct dmop_args {
>      struct xen_dm_op_buf buf[2];
>  };
>  
> -static bool copy_buf_from_guest(const xen_dm_op_buf_t bufs[],
> -                                unsigned int nr_bufs, void *dst,
> -                                unsigned int idx, size_t dst_size)
> +static bool _raw_copy_from_guest_buf(void *dst,
> +                                     const struct dmop_args *args,
> +                                     unsigned int buf_idx,
> +                                     size_t dst_bytes)
>  {
> -    size_t size;
> +    size_t buf_bytes;
>  
> -    if ( idx >= nr_bufs )
> +    if ( buf_idx >= args->nr_bufs )
>          return false;
>  
> -    memset(dst, 0, dst_size);
> +    buf_bytes =  args->buf[buf_idx].size;
>  
> -    size = min_t(size_t, dst_size, bufs[idx].size);
> +    if ( dst_bytes > buf_bytes )
> +        return false;

While this behavioral change is now being mentioned in the
description, I'm not sure I buy the argument of basically being
guaranteed to cause trouble down the road. Did you consider the
forward compatibility aspect here, allowing us to extend interface
structures by adding fields to their ends without breaking old
callers? Paul, what are your thoughts here?

Jan


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel

  reply	other threads:[~2017-04-21  7:27 UTC|newest]

Thread overview: 30+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-04-20 17:59 [PATCH 1/4] hvm/dmop: Box dmop_args rather than passing multiple parameters around jennifer.herbert
2017-04-20 17:59 ` [PATCH 2/4] hvm/dmop: Implement copy_{to, from}_guest_buf() in terms of raw accessors jennifer.herbert
2017-04-21  7:27   ` Jan Beulich [this message]
2017-04-21  8:54     ` Andrew Cooper
2017-04-21  9:03       ` Jan Beulich
2017-04-21  9:11       ` Andrew Cooper
2017-04-21  9:46         ` Jan Beulich
2017-04-21 10:11           ` Jennifer Herbert
2017-04-21 10:38             ` Jan Beulich
2017-04-21 11:03               ` Jennifer Herbert
2017-04-21 12:04                 ` Jan Beulich
2017-04-21 12:37                   ` Paul Durrant
2017-04-21 10:42           ` Andrew Cooper
2017-04-21  8:02   ` Paul Durrant
2017-04-21  8:47     ` Jan Beulich
2017-04-21  8:51       ` Paul Durrant
2017-04-20 17:59 ` [PATCH 3/4] hvm/dmop: Implement copy_{to, from}_guest_buf_offset() helpers jennifer.herbert
2017-04-21  7:34   ` Jan Beulich
2017-04-21  8:04   ` Paul Durrant
2017-04-20 17:59 ` [PATCH 4/4] dmop: Add xendevicemodel_modified_memory_bulk() jennifer.herbert
2017-04-21  7:38   ` Jan Beulich
2017-04-21  8:07   ` Paul Durrant
2017-04-21 12:07   ` Wei Liu
2017-04-21  7:19 ` [PATCH 1/4] hvm/dmop: Box dmop_args rather than passing multiple parameters around Jan Beulich
2017-04-21  7:54 ` Paul Durrant
2017-04-21  8:04   ` Andrew Cooper
2017-04-21  8:10     ` Paul Durrant
2017-04-21  8:29       ` Andrew Cooper
2017-04-21  8:47         ` Paul Durrant
2017-04-21  8:55         ` Jan Beulich

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=58F9D09B0200007800152B61@prv-mh.provo.novell.com \
    --to=jbeulich@suse.com \
    --cc=Jennifer.Herbert@citrix.com \
    --cc=andrew.cooper3@citrix.com \
    --cc=julien.grall@arm.com \
    --cc=paul.durrant@citrix.com \
    --cc=xen-devel@lists.xen.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.