From: Stefano Stabellini <sstabellini@kernel.org>
To: Jan Beulich <jbeulich@suse.com>
Cc: Stefano Stabellini <sstabellini@kernel.org>,
Luca Miccio <lucmiccio@gmail.com>,
julien@xen.org, Bertrand.Marquis@arm.com,
Stefano Stabellini <stefano.stabellini@xilinx.com>,
Volodymyr Babchuk <Volodymyr_Babchuk@epam.com>,
Andrew Cooper <andrew.cooper3@citrix.com>,
George Dunlap <george.dunlap@citrix.com>, Wei Liu <wl@xen.org>,
xen-devel@lists.xenproject.org
Subject: Re: [XEN PATCH 2/7] xen: introduce _evtchn_alloc_unbound
Date: Tue, 11 Jan 2022 14:49:42 -0800 (PST) [thread overview]
Message-ID: <alpine.DEB.2.22.394.2201111432120.19362@ubuntu-linux-20-04-desktop> (raw)
In-Reply-To: <93887812-b9c1-af41-85ef-208cc114a1fc@suse.com>
On Mon, 10 Jan 2022, Jan Beulich wrote:
> On 08.01.2022 01:49, Stefano Stabellini wrote:
> > @@ -284,11 +285,32 @@ void evtchn_free(struct domain *d, struct evtchn *chn)
> > xsm_evtchn_close_post(chn);
> > }
> >
> > -static int evtchn_alloc_unbound(evtchn_alloc_unbound_t *alloc)
> > +struct evtchn *_evtchn_alloc_unbound(struct domain *d, domid_t remote_dom)
>
> Function names want to be the other way around, to be in line with
> naming rules of the C spec: The static function may be underscore-
> prefixed, while the non-static one may not.
OK
> > {
> > struct evtchn *chn;
> > + int port;
> > +
> > + if ( (port = get_free_port(d)) < 0 )
> > + return ERR_PTR(port);
> > + chn = evtchn_from_port(d, port);
> > +
> > + evtchn_write_lock(chn);
> > +
> > + chn->state = ECS_UNBOUND;
> > + if ( (chn->u.unbound.remote_domid = remote_dom) == DOMID_SELF )
> > + chn->u.unbound.remote_domid = current->domain->domain_id;
>
> I think the resolving of DOMID_SELF should remain in the caller, as I'm
> pretty sure your planned new user(s) can't sensibly pass that value.
Yep, no problem
> > + evtchn_port_init(d, chn);
> > +
> > + evtchn_write_unlock(chn);
> > +
> > + return chn;
> > +}
> > +
> > +static int evtchn_alloc_unbound(evtchn_alloc_unbound_t *alloc)
> > +{
> > + struct evtchn *chn = NULL;
>
> I don't think the initializer is needed.
OK
> > @@ -297,27 +319,22 @@ static int evtchn_alloc_unbound(evtchn_alloc_unbound_t *alloc)
> >
> > spin_lock(&d->event_lock);
> >
> > - if ( (port = get_free_port(d)) < 0 )
> > - ERROR_EXIT_DOM(port, d);
> > - chn = evtchn_from_port(d, port);
> > + chn = _evtchn_alloc_unbound(d, alloc->remote_dom);
> > + if ( IS_ERR(chn) )
> > + {
> > + rc = PTR_ERR(chn);
> > + ERROR_EXIT_DOM(rc, d);
> > + }
> >
> > rc = xsm_evtchn_unbound(XSM_TARGET, d, chn, alloc->remote_dom);
> > if ( rc )
> > goto out;
> >
> > - evtchn_write_lock(chn);
> > -
> > - chn->state = ECS_UNBOUND;
>
> This cannot be pulled ahead of the XSM check (or in general anything
> potentially resulting in an error), as check_free_port() relies on
> ->state remaining ECS_FREE until it is known that the calling function
> can't fail anymore.
OK, I didn't realize. Unfortunately it means we have to move setting
chn->state = ECS_UNBOUND to the caller.
> > - if ( (chn->u.unbound.remote_domid = alloc->remote_dom) == DOMID_SELF )
> > - chn->u.unbound.remote_domid = current->domain->domain_id;
> > - evtchn_port_init(d, chn);
> > -
> > - evtchn_write_unlock(chn);
> > -
> > - alloc->port = port;
> > + alloc->port = chn->port;
> >
> > out:
> > - check_free_port(d, port);
> > + if ( chn != NULL )
> > + check_free_port(d, chn->port);
>
> Without the initializer above it'll then be more obvious that the
> condition here needs to be !IS_ERR(chn).
>
> Also (nit) please prefer the shorter "if ( chn )".
>
> Overall I wonder in how far it would be possible to instead re-use PV
> shim's "backdoor" into port allocation: evtchn_allocate_port() was
> specifically made available for it, iirc.
I don't see an obvious way to do it. These are the 4 things we need to
do:
1) call get_free_port/evtchn_allocate_port
2) set state = ECS_UNBOUND
3) set remote_domid
4) call evtchn_port_init
It doesn't look like we could enhance evtchn_allocate_port to do 2) and
3). And probably even 4) couldn't be added to evtchn_allocate_port.
So basically it is like calling get_free_port() and do 2,3,4 ourselves
from the caller in xen/arch/arm/domain_build.c. But that might be a good
idea actually. Maybe we should leave evtchn_alloc_unbound unmodified and
instead open-code what we need to do in xen/arch/arm/domain_build.c.
This is how it would look like as a new function in
xen/arch/arm/domain_build.c:
static int alloc_xenstore_evtchn(struct domain *d)
{
struct evtchn *chn;
int port;
if ( (port = get_free_port(d)) < 0 )
return ERR_PTR(port);
chn = evtchn_from_port(d, port);
chn->state = ECS_UNBOUND;
chn->u.unbound.remote_domid = hardware_domain->domain_id;
evtchn_port_init(d, chn);
return chn->port;
}
What do you think? It might not be worth introducing
evtchn_alloc_unbound / _evtchn_alloc_unbound for this?
I am happy to follow what you think is best.
Cheers,
Stefano
next prev parent reply other threads:[~2022-01-11 22:50 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-01-08 0:49 [XEN PATCH 0/7] dom0less PV drivers Stefano Stabellini
2022-01-08 0:49 ` [XEN PATCH 1/7] xen: introduce XENFEAT_xenstore_late_init Stefano Stabellini
2022-01-08 3:41 ` Julien Grall
2022-01-10 22:55 ` Stefano Stabellini
2022-01-11 11:01 ` David Vrabel
2022-01-11 22:52 ` Stefano Stabellini
2022-01-10 9:46 ` Jan Beulich
2022-01-10 23:08 ` Stefano Stabellini
2022-01-11 7:14 ` Jan Beulich
2022-01-11 22:51 ` Stefano Stabellini
2022-01-08 0:49 ` [XEN PATCH 2/7] xen: introduce _evtchn_alloc_unbound Stefano Stabellini
2022-01-10 10:25 ` Jan Beulich
2022-01-11 22:49 ` Stefano Stabellini [this message]
2022-01-12 7:42 ` Jan Beulich
2022-01-13 0:45 ` Stefano Stabellini
2022-01-08 0:49 ` [XEN PATCH 3/7] tools: add a late_init argument to xs_introduce_domain Stefano Stabellini
2022-01-08 2:35 ` Marek Marczykowski-Górecki
2022-01-13 0:49 ` Stefano Stabellini
2022-01-08 3:46 ` Julien Grall
2022-01-08 0:49 ` [XEN PATCH 4/7] xen: introduce xen,enhanced dom0less property Stefano Stabellini
2022-01-11 3:31 ` Volodymyr Babchuk
2022-01-11 23:03 ` Stefano Stabellini
2022-01-08 0:49 ` [XEN PATCH 5/7] xen/arm: configure dom0less domain for enabling xenstore after boot Stefano Stabellini
2022-01-08 0:49 ` [XEN PATCH 6/7] xenstored: do_introduce: handle the late_init case Stefano Stabellini
2022-01-08 2:39 ` Marek Marczykowski-Górecki
2022-01-13 0:51 ` Stefano Stabellini
2022-01-08 3:54 ` Julien Grall
2022-01-10 22:48 ` Stefano Stabellini
2022-01-08 0:49 ` [XEN PATCH 7/7] tools: add example application to initialize dom0less PV drivers Stefano Stabellini
2022-01-08 4:02 ` Julien Grall
2022-01-10 22:57 ` Stefano Stabellini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=alpine.DEB.2.22.394.2201111432120.19362@ubuntu-linux-20-04-desktop \
--to=sstabellini@kernel.org \
--cc=Bertrand.Marquis@arm.com \
--cc=Volodymyr_Babchuk@epam.com \
--cc=andrew.cooper3@citrix.com \
--cc=george.dunlap@citrix.com \
--cc=jbeulich@suse.com \
--cc=julien@xen.org \
--cc=lucmiccio@gmail.com \
--cc=stefano.stabellini@xilinx.com \
--cc=wl@xen.org \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.