From: Julien Grall <julien.grall@arm.com>
To: Artem Mygaiev <Artem_Mygaiev@epam.com>,
"JBeulich@suse.com" <JBeulich@suse.com>
Cc: "wei.liu2@citrix.com" <wei.liu2@citrix.com>,
"sstabellini@kernel.org" <sstabellini@kernel.org>,
"Ian.Jackson@eu.citrix.com" <Ian.Jackson@eu.citrix.com>,
"xen-devel@lists.xenproject.org" <xen-devel@lists.xenproject.org>,
"andrew.cooper3@citrix.com" <andrew.cooper3@citrix.com>
Subject: Re: [PATCH] xen/public: arch-arm: Restrict the visibility of struct vcpu_guest_core_regs
Date: Sun, 2 Jun 2019 11:37:37 +0100 [thread overview]
Message-ID: <0d2dbdda-d95b-67c9-76f5-ac7925258968@arm.com> (raw)
In-Reply-To: <59be6ac5f732609593c263eb29fcae372301a2f2.camel@epam.com>
Hi Artem,
On 5/22/19 7:05 PM, Artem Mygaiev wrote:
> On Wed, 2019-05-22 at 14:00 +0100, Julien Grall wrote:
>> On 22/05/2019 13:29, Jan Beulich wrote:
>>>>>> On 22.05.19 at 14:20, <
>>>>>> julien.grall@arm.com
>>>>>>> wrote:
>>>> On 21/05/2019 10:55, Julien Grall wrote:
>>>>> Hi Jan,
>>>>>
>>>>> On 5/21/19 10:43 AM, Jan Beulich wrote:
>>>>>>>>> On 21.05.19 at 11:35, <
>>>>>>>>> julien.grall@arm.com
>>>>>>>>>> wrote:
>>>>>>>
>>>>>>> On 5/21/19 10:26 AM, Jan Beulich wrote:
>>>>>>>>>>> On 20.05.19 at 20:12, <
>>>>>>>>>>> julien.grall@arm.com
>>>>>>>>>>>> wrote:
>>>>>>>>>
>>>>>>>>> As this is now Xen and tools only, I am
>>>>>>>>> wondering whether the check on
>>>>>>>>> GNU_C is still necessary. I am happy to send a
>>>>>>>>> follow-up patch (or fold
>>>>>>>>> in this one) if it can be removed.
>>>>>>>>
>>>>>>>> I think this should be dropped if it can be without
>>>>>>>> breaking any
>>>>>>>> part of the build
>>>>>>>
>>>>>>> This is because all the tools are part of xen.git, right?
>>>>>>
>>>>>> Right - no-one else is supposed to define __XEN_TOOLS__, or
>>>>>> if anyone does, they're on their own.
>>>>>
>>>>> Thanks for the information. I will do a full build check.
>>>>
>>>> I thought about this again, long term there are an attempt to
>>>> build xen with
>>>> other compiler not necessarily supporting GNU C extension.
>>>> While this would probably not be the only place that need to be
>>>> reworked, we
>>>> would have to revert part of this change. So I will not drop the
>>>> #ifdef here.
>>>
>>> Well, I don't know how it is for Arm, but on x86 we actually use
>>> the
>>> "extended" naming quite extensively, so building with a compiler
>>> that doesn't support this extension is not really an option there.
>>
>> For the Arm, I think only cpu_user_regs is using "extended" naming.
>> It should be
>> possible to remove it without too much trouble here.
>>
>> @Artem, is there any restriction to use anonymous union in functional
>> safety?
>>
>
> In general, unions are not allowed in safety regulated programming,
> they always require a "deviation" - e.g. unions use for data packing is
> usually accepted disregarding anonymous or not.
That's good to know. I am going to keep for now the two definitions of
__DECL_REG. We can remove them later on if it is not necessary.
>
> Couple of other things I wanted to mention:
> 1. all protective programming standards e.g. MISRA recommend reducing
> visibility of functions and variables to reduce API surface ans thus
> need for test coverage and systematic fault probability.
In general, we want to limit the API exposed to guest as this is stable.
Let us know if you see other places where we could potentially reduce
the API without impacting existing guest.
> 2. current implementation xen tools are very hard to use in safety for
> many reasons, I hope to follow up on this soon...
Thank you for the feedback!
Cheers,
--
Julien Grall
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
WARNING: multiple messages have this Message-ID (diff)
From: Julien Grall <julien.grall@arm.com>
To: Artem Mygaiev <Artem_Mygaiev@epam.com>,
"JBeulich@suse.com" <JBeulich@suse.com>
Cc: "wei.liu2@citrix.com" <wei.liu2@citrix.com>,
"sstabellini@kernel.org" <sstabellini@kernel.org>,
"Ian.Jackson@eu.citrix.com" <Ian.Jackson@eu.citrix.com>,
"xen-devel@lists.xenproject.org" <xen-devel@lists.xenproject.org>,
"andrew.cooper3@citrix.com" <andrew.cooper3@citrix.com>
Subject: Re: [Xen-devel] [PATCH] xen/public: arch-arm: Restrict the visibility of struct vcpu_guest_core_regs
Date: Sun, 2 Jun 2019 11:37:37 +0100 [thread overview]
Message-ID: <0d2dbdda-d95b-67c9-76f5-ac7925258968@arm.com> (raw)
Message-ID: <20190602103737.EB1SqA9SNkLDltkudyVFjva262ng_sHATwcgzVDGdAU@z> (raw)
In-Reply-To: <59be6ac5f732609593c263eb29fcae372301a2f2.camel@epam.com>
Hi Artem,
On 5/22/19 7:05 PM, Artem Mygaiev wrote:
> On Wed, 2019-05-22 at 14:00 +0100, Julien Grall wrote:
>> On 22/05/2019 13:29, Jan Beulich wrote:
>>>>>> On 22.05.19 at 14:20, <
>>>>>> julien.grall@arm.com
>>>>>>> wrote:
>>>> On 21/05/2019 10:55, Julien Grall wrote:
>>>>> Hi Jan,
>>>>>
>>>>> On 5/21/19 10:43 AM, Jan Beulich wrote:
>>>>>>>>> On 21.05.19 at 11:35, <
>>>>>>>>> julien.grall@arm.com
>>>>>>>>>> wrote:
>>>>>>>
>>>>>>> On 5/21/19 10:26 AM, Jan Beulich wrote:
>>>>>>>>>>> On 20.05.19 at 20:12, <
>>>>>>>>>>> julien.grall@arm.com
>>>>>>>>>>>> wrote:
>>>>>>>>>
>>>>>>>>> As this is now Xen and tools only, I am
>>>>>>>>> wondering whether the check on
>>>>>>>>> GNU_C is still necessary. I am happy to send a
>>>>>>>>> follow-up patch (or fold
>>>>>>>>> in this one) if it can be removed.
>>>>>>>>
>>>>>>>> I think this should be dropped if it can be without
>>>>>>>> breaking any
>>>>>>>> part of the build
>>>>>>>
>>>>>>> This is because all the tools are part of xen.git, right?
>>>>>>
>>>>>> Right - no-one else is supposed to define __XEN_TOOLS__, or
>>>>>> if anyone does, they're on their own.
>>>>>
>>>>> Thanks for the information. I will do a full build check.
>>>>
>>>> I thought about this again, long term there are an attempt to
>>>> build xen with
>>>> other compiler not necessarily supporting GNU C extension.
>>>> While this would probably not be the only place that need to be
>>>> reworked, we
>>>> would have to revert part of this change. So I will not drop the
>>>> #ifdef here.
>>>
>>> Well, I don't know how it is for Arm, but on x86 we actually use
>>> the
>>> "extended" naming quite extensively, so building with a compiler
>>> that doesn't support this extension is not really an option there.
>>
>> For the Arm, I think only cpu_user_regs is using "extended" naming.
>> It should be
>> possible to remove it without too much trouble here.
>>
>> @Artem, is there any restriction to use anonymous union in functional
>> safety?
>>
>
> In general, unions are not allowed in safety regulated programming,
> they always require a "deviation" - e.g. unions use for data packing is
> usually accepted disregarding anonymous or not.
That's good to know. I am going to keep for now the two definitions of
__DECL_REG. We can remove them later on if it is not necessary.
>
> Couple of other things I wanted to mention:
> 1. all protective programming standards e.g. MISRA recommend reducing
> visibility of functions and variables to reduce API surface ans thus
> need for test coverage and systematic fault probability.
In general, we want to limit the API exposed to guest as this is stable.
Let us know if you see other places where we could potentially reduce
the API without impacting existing guest.
> 2. current implementation xen tools are very hard to use in safety for
> many reasons, I hope to follow up on this soon...
Thank you for the feedback!
Cheers,
--
Julien Grall
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
next prev parent reply other threads:[~2019-06-02 10:37 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-05-20 18:12 [PATCH] xen/public: arch-arm: Restrict the visibility of struct vcpu_guest_core_regs Julien Grall
2019-05-20 18:12 ` [Xen-devel] " Julien Grall
2019-05-21 9:26 ` Jan Beulich
2019-05-21 9:26 ` [Xen-devel] " Jan Beulich
2019-05-21 9:35 ` Julien Grall
2019-05-21 9:35 ` [Xen-devel] " Julien Grall
2019-05-21 9:43 ` Jan Beulich
2019-05-21 9:43 ` [Xen-devel] " Jan Beulich
2019-05-21 9:55 ` Julien Grall
2019-05-21 9:55 ` [Xen-devel] " Julien Grall
2019-05-21 21:06 ` Stefano Stabellini
2019-05-21 21:06 ` [Xen-devel] " Stefano Stabellini
2019-05-22 12:20 ` Julien Grall
2019-05-22 12:20 ` [Xen-devel] " Julien Grall
2019-05-22 12:29 ` Jan Beulich
2019-05-22 12:29 ` [Xen-devel] " Jan Beulich
2019-05-22 13:00 ` Julien Grall
2019-05-22 13:00 ` [Xen-devel] " Julien Grall
2019-05-22 18:05 ` Artem Mygaiev
2019-05-22 18:05 ` [Xen-devel] " Artem Mygaiev
2019-06-02 10:37 ` Julien Grall [this message]
2019-06-02 10:37 ` Julien Grall
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=0d2dbdda-d95b-67c9-76f5-ac7925258968@arm.com \
--to=julien.grall@arm.com \
--cc=Artem_Mygaiev@epam.com \
--cc=Ian.Jackson@eu.citrix.com \
--cc=JBeulich@suse.com \
--cc=andrew.cooper3@citrix.com \
--cc=sstabellini@kernel.org \
--cc=wei.liu2@citrix.com \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).