From: Jan Beulich <jbeulich@suse.com>
To: Andrew Cooper <andrew.cooper3@citrix.com>
Cc: "Sergey Dyasli" <sergey.dyasli@citrix.com>,
"Wei Liu" <wl@xen.org>, "Ian Jackson" <Ian.Jackson@eu.citrix.com>,
Xen-devel <xen-devel@lists.xenproject.org>,
"DanielDe Graaf" <dgdegra@tycho.nsa.gov>,
"Roger Pau Monné" <roger.pau@citrix.com>
Subject: Re: [Xen-devel] [PATCH 3/8] x86/domctl: Implement XEN_DOMCTL_set_cpumsr_policy
Date: Thu, 12 Sep 2019 15:20:30 +0200 [thread overview]
Message-ID: <1566dcc0-8f30-e9dd-d807-ca81af3b85a5@suse.com> (raw)
In-Reply-To: <b727674f-c7da-40ee-1b7d-1da946f65552@citrix.com>
On 12.09.2019 15:15, Andrew Cooper wrote:
> On 12/09/2019 09:06, Jan Beulich wrote:
>> On 11.09.2019 22:04, Andrew Cooper wrote:
>>> --- a/xen/arch/x86/domctl.c
>>> +++ b/xen/arch/x86/domctl.c
>>> @@ -294,6 +294,65 @@ static int update_domain_cpuid_info(struct domain *d,
>>> return 0;
>>> }
>>>
>>> +static int update_domain_cpu_policy(struct domain *d,
>>> + xen_domctl_cpu_policy_t *xdpc)
>>> +{
>>> + struct cpu_policy new = {};
>>> + const struct cpu_policy *sys = is_pv_domain(d)
>>> + ? &system_policies[XEN_SYSCTL_cpu_policy_pv_max]
>>> + : &system_policies[XEN_SYSCTL_cpu_policy_hvm_max];
>>> + struct cpu_policy_errors err = INIT_CPU_POLICY_ERRORS;
>>> + int ret = -ENOMEM;
>>> +
>>> + /* Start by copying the domain's existing policies. */
>>> + if ( !(new.cpuid = xmemdup(d->arch.cpuid)) ||
>>> + !(new.msr = xmemdup(d->arch.msr)) )
>> To avoid the redundant initialization, this could as well be the
>> initializer of the variable.
>
> I'm not sure that is the wisest course of action. We wouldn't want to
> proactively perform the memory allocation if new logic needs to appear
> ahead of this.
>
> In this example, the compiler ought to be able to do DSE to get rid of
> the first assignment.
Okay. I said "could" in the first place to make clear this
really is just an option to consider.
>>> @@ -1476,6 +1535,27 @@ long arch_do_domctl(
>>> copyback = true;
>>> break;
>>>
>>> + case XEN_DOMCTL_set_cpu_policy:
>>> + if ( d == currd ) /* No domain_pause() */
>>> + {
>>> + ret = -EINVAL;
>>> + break;
>>> + }
>>> +
>>> + domain_pause(d);
>>> +
>>> + if ( d->creation_finished )
>>> + ret = -EEXIST; /* No changing once the domain is running. */
>>> + else
>>> + {
>>> + ret = update_domain_cpu_policy(d, &domctl->u.cpu_policy);
>>> + if ( ret ) /* Copy domctl->u.cpu_policy.err_* to guest. */
>>> + copyback = true;
>> Due to the OUT in the public header I think it would be better to
>> always copy this back (making sure the invalid markers are in place
>> in case of success). But I guess we're not very consistent with
>> honoring OUT like this.
>
> This doesn't work, because an early ESRCH/EBUSY won't fill in the
> pointers even with copyback being changed here.
>
> This is why xc_set_domain_cpu_policy() fills the values to begin with.
Oh, right. Perhaps the public header comments then want refining,
since ...
>>> --- a/xen/include/public/domctl.h
>>> +++ b/xen/include/public/domctl.h
>>> @@ -658,17 +658,23 @@ struct xen_domctl_cpuid {
>>> };
>>>
>>> /*
>>> - * XEN_DOMCTL_get_cpu_policy (x86 specific)
>>> + * XEN_DOMCTL_{get,set}_cpu_policy (x86 specific)
>>> *
>>> - * Query the CPUID and MSR policies for a specific domain.
>>> + * Query or set the CPUID and MSR policies for a specific domain.
>>> */
>>> struct xen_domctl_cpu_policy {
>>> uint32_t nr_leaves; /* IN/OUT: Number of leaves in/written to
>>> * 'cpuid_policy'. */
>>> uint32_t nr_msrs; /* IN/OUT: Number of MSRs in/written to
>>> * 'msr_domain_policy' */
>>> - XEN_GUEST_HANDLE_64(xen_cpuid_leaf_t) cpuid_policy; /* OUT */
>>> - XEN_GUEST_HANDLE_64(xen_msr_entry_t) msr_policy; /* OUT */
>>> + XEN_GUEST_HANDLE_64(xen_cpuid_leaf_t) cpuid_policy; /* IN/OUT */
>>> + XEN_GUEST_HANDLE_64(xen_msr_entry_t) msr_policy; /* IN/OUT */
>>> + uint32_t err_leaf, err_subleaf; /* OUT, set_policy only. If not ~0,
>>> + * indicates the leaf/subleaf which
>>> + * auditing objected to. */
>>> + uint32_t err_msr_idx; /* OUT, set_policy only. If not ~0,
>>> + * indicates the MSR idx which
>>> + * auditing objected to. */
... what is being said here isn't true in the case you mention
if the caller didn't set the fields accordingly.
Jan
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
next prev parent reply other threads:[~2019-09-12 13:20 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-09-11 20:04 [Xen-devel] [PATCH 0/8] x86/cpuid: Switch to using XEN_DOMCTL_set_cpumsr_policy Andrew Cooper
2019-09-11 20:04 ` [Xen-devel] [PATCH 1/8] libx86: Introduce x86_cpu_policies_are_compatible() Andrew Cooper
2019-09-12 7:43 ` Jan Beulich
2019-09-12 7:59 ` Andrew Cooper
2019-09-12 8:22 ` Jan Beulich
2019-09-12 11:41 ` Andrew Cooper
2019-09-11 20:04 ` [Xen-devel] [PATCH 2/8] x86/cpuid: Split update_domain_cpuid_info() in half Andrew Cooper
2019-09-12 7:52 ` Jan Beulich
2019-09-12 8:07 ` Andrew Cooper
2019-09-11 20:04 ` [Xen-devel] [PATCH 3/8] x86/domctl: Implement XEN_DOMCTL_set_cpumsr_policy Andrew Cooper
2019-09-12 8:06 ` Jan Beulich
2019-09-12 13:15 ` Andrew Cooper
2019-09-12 13:20 ` Jan Beulich [this message]
2019-09-12 16:34 ` Andrew Cooper
2019-09-11 20:05 ` [Xen-devel] [PATCH 4/8] tools/libxc: Pre-cleanup for xc_cpuid_{set, apply_policy}() Andrew Cooper
2019-09-12 8:09 ` Jan Beulich
2019-09-12 8:17 ` Jan Beulich
2019-09-12 8:38 ` Andrew Cooper
2019-09-11 20:05 ` [Xen-devel] [PATCH 5/8] tools/libxc: Rework xc_cpuid_set() to use {get, set}_cpu_policy() Andrew Cooper
2019-09-12 8:19 ` Jan Beulich
2019-09-12 8:36 ` Andrew Cooper
2019-09-12 9:11 ` Jan Beulich
2019-09-12 13:21 ` Andrew Cooper
2019-09-11 20:05 ` [Xen-devel] [PATCH 6/8] tools/libxc: Rework xc_cpuid_apply_policy() " Andrew Cooper
2019-09-12 9:02 ` Jan Beulich
2019-09-12 13:47 ` Andrew Cooper
2019-09-11 20:05 ` [Xen-devel] [PATCH 7/8] x86/domctl: Drop XEN_DOMCTL_set_cpuid Andrew Cooper
2019-09-12 9:04 ` Jan Beulich
2019-09-11 20:05 ` [Xen-devel] [PATCH 8/8] x86/cpuid: Enable CPUID Faulting for the control domain Andrew Cooper
2019-09-12 9:07 ` Jan Beulich
2019-09-12 9:28 ` Andrew Cooper
2019-09-12 18:55 ` [Xen-devel] [PATCH v2 8/8] x86/cpuid: Enable CPUID Faulting for the control domain by default Andrew Cooper
2019-09-13 6:38 ` Jan Beulich
2019-09-13 14:56 ` Andrew Cooper
2019-09-12 18:55 ` [Xen-devel] [PATCH v2 0.5/8] libx86: Proactively initialise error pointers Andrew Cooper
2019-09-13 6:20 ` Jan Beulich
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1566dcc0-8f30-e9dd-d807-ca81af3b85a5@suse.com \
--to=jbeulich@suse.com \
--cc=Ian.Jackson@eu.citrix.com \
--cc=andrew.cooper3@citrix.com \
--cc=dgdegra@tycho.nsa.gov \
--cc=roger.pau@citrix.com \
--cc=sergey.dyasli@citrix.com \
--cc=wl@xen.org \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).