xen-devel.lists.xenproject.org archive mirror
 help / color / mirror / Atom feed
From: "Jan Beulich" <JBeulich@suse.com>
To: Ravi Sahita <ravi.sahita@intel.com>
Cc: Tim Deegan <tim@xen.org>, Wei Liu <wei.liu2@citrix.com>,
	George Dunlap <george.dunlap@eu.citrix.com>,
	Andrew Cooper <andrew.cooper3@citrix.com>,
	Ian Jackson <ian.jackson@eu.citrix.com>,
	Edmund H White <edmund.h.white@intel.com>,
	"xen-devel@lists.xen.org" <xen-devel@lists.xen.org>,
	"tlengyel@novetta.com" <tlengyel@novetta.com>,
	Daniel De Graaf <dgdegra@tycho.nsa.gov>
Subject: Re: [PATCH v5 05/15] x86/altp2m: basic data structures and support routines.
Date: Thu, 16 Jul 2015 10:07:34 +0100	[thread overview]
Message-ID: <55A790760200007800091BDD@mail.emea.novell.com> (raw)
In-Reply-To: <DBC12B0F5509554280826E40BCDEE8BE54FD7718@ORSMSX104.amr.corp.intel.com>

>>> On 16.07.15 at 10:57, <ravi.sahita@intel.com> wrote:
>> From: Jan Beulich [mailto:JBeulich@suse.com]
>>Sent: Tuesday, July 14, 2015 6:13 AM
>>>>> On 14.07.15 at 02:14, <edmund.h.white@intel.com> wrote:
>>> @@ -722,6 +731,27 @@ void nestedp2m_write_p2m_entry(struct
>>p2m_domain *p2m, unsigned long gfn,
>>>      l1_pgentry_t *p, l1_pgentry_t new, unsigned int level);
>>>
>>>  /*
>>> + * Alternate p2m: shadow p2m tables used for alternate memory views
>>> + */
>>> +
>>> +/* get current alternate p2m table */ static inline struct p2m_domain
>>> +*p2m_get_altp2m(struct vcpu *v) {
>>> +    struct domain *d = v->domain;
>>> +    uint16_t index = vcpu_altp2m(v).p2midx;
>>> +
>>> +    ASSERT(index < MAX_ALTP2M);
>>> +
>>> +    return (index == INVALID_ALTP2M) ? NULL :
>>> +d->arch.altp2m_p2m[index]; }
>>
>>Looking at this again, I'm afraid I'd still prefer index < MAX_ALTP2M in the
>>return statement (and the ASSERT() dropped): The ASSERT() does nothing in a
>>debug=n build, and hence wouldn't shield us from possibly having to issue an
>>XSA if somehow an access outside the array's bounds turned out possible.
>>
> 
> the assert was breaking v5 anyway. BUG_ON (with the right check) is probably 
> the right thing to do, as we do in the exit handling that checks for a VMFUNC 
> having changed the index.
> So will make that change.

But why use a BUG_ON() when you can deal with this more
gracefully? Please try to avoid crashing the hypervisor when
there are other ways to recover.

>>I've also avoided to repeat any of the un-addressed points that I raised 
> against
>>earlier versions.
>>
> 
> I went back and looked at the earlier versions of the comments on this patch 
> and afaict we have either addressed (accepted) those points or described why 
> they shouldn't cause changes with reasoning . so if I missed something please 
> let me know.

Just one example of what wasn't done is the conversion of local
variable, function return, and function parameter types from
(bogus) uint8_t / uint16_t to unsigned int (iirc also in other
patches).

Jan

  reply	other threads:[~2015-07-16  9:07 UTC|newest]

Thread overview: 56+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-07-14  0:14 [PATCH v5 00/15] Alternate p2m: support multiple copies of host p2m Ed White
2015-07-14  0:14 ` [PATCH v5 01/15] common/domain: Helpers to pause a domain while in context Ed White
2015-07-14  0:14 ` [PATCH v5 02/15] VMX: VMFUNC and #VE definitions and detection Ed White
2015-07-14  0:14 ` [PATCH v5 03/15] VMX: implement suppress #VE Ed White
2015-07-14 12:46   ` Jan Beulich
2015-07-14 13:47   ` George Dunlap
2015-07-14  0:14 ` [PATCH v5 04/15] x86/HVM: Hardware alternate p2m support detection Ed White
2015-07-14  0:14 ` [PATCH v5 05/15] x86/altp2m: basic data structures and support routines Ed White
2015-07-14 13:13   ` Jan Beulich
2015-07-14 14:45     ` George Dunlap
2015-07-14 14:58       ` Jan Beulich
2015-07-16  8:57     ` Sahita, Ravi
2015-07-16  9:07       ` Jan Beulich [this message]
2015-07-17 22:36         ` Sahita, Ravi
2015-07-20  6:20           ` Jan Beulich
2015-07-21  5:18             ` Sahita, Ravi
2015-07-14 15:57   ` George Dunlap
2015-07-21 17:44     ` Sahita, Ravi
2015-07-14  0:14 ` [PATCH v5 06/15] VMX/altp2m: add code to support EPTP switching and #VE Ed White
2015-07-14 13:57   ` Jan Beulich
2015-07-16  9:20     ` Sahita, Ravi
2015-07-16  9:38       ` Jan Beulich
2015-07-17 21:08         ` Sahita, Ravi
2015-07-20  6:21           ` Jan Beulich
2015-07-21  5:49             ` Sahita, Ravi
2015-07-14  0:14 ` [PATCH v5 07/15] VMX: add VMFUNC leaf 0 (EPTP switching) to emulator Ed White
2015-07-14 14:04   ` Jan Beulich
2015-07-14 17:56     ` Sahita, Ravi
2015-07-17 22:41     ` Sahita, Ravi
2015-07-14  0:14 ` [PATCH v5 08/15] x86/altp2m: add control of suppress_ve Ed White
2015-07-14 17:03   ` George Dunlap
2015-07-14  0:14 ` [PATCH v5 09/15] x86/altp2m: alternate p2m memory events Ed White
2015-07-14 14:08   ` Jan Beulich
2015-07-16  9:22     ` Sahita, Ravi
2015-07-14  0:14 ` [PATCH v5 10/15] x86/altp2m: add remaining support routines Ed White
2015-07-14 14:31   ` Jan Beulich
2015-07-16  9:16     ` Sahita, Ravi
2015-07-16  9:34       ` Jan Beulich
2015-07-17 22:32         ` Sahita, Ravi
2015-07-20  6:53           ` Jan Beulich
2015-07-21  5:46             ` Sahita, Ravi
2015-07-21  6:38               ` Jan Beulich
2015-07-21 18:33                 ` Sahita, Ravi
2015-07-22  7:33                   ` Jan Beulich
2015-07-16 14:44   ` George Dunlap
2015-07-17 21:01     ` Sahita, Ravi
2015-07-14  0:14 ` [PATCH v5 11/15] x86/altp2m: define and implement alternate p2m HVMOP types Ed White
2015-07-14 14:36   ` Jan Beulich
2015-07-16  9:02     ` Sahita, Ravi
2015-07-16  9:09       ` Jan Beulich
2015-07-14  0:15 ` [PATCH v5 12/15] x86/altp2m: Add altp2mhvm HVM domain parameter Ed White
2015-07-14  0:15 ` [PATCH v5 13/15] x86/altp2m: XSM hooks for altp2m HVM ops Ed White
2015-07-14  0:15 ` [PATCH v5 14/15] tools/libxc: add support to altp2m hvmops Ed White
2015-07-14  0:15 ` [PATCH v5 15/15] tools/xen-access: altp2m testcases Ed White
2015-07-14  9:56   ` Wei Liu
2015-07-14 11:52     ` Lengyel, Tamas

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=55A790760200007800091BDD@mail.emea.novell.com \
    --to=jbeulich@suse.com \
    --cc=andrew.cooper3@citrix.com \
    --cc=dgdegra@tycho.nsa.gov \
    --cc=edmund.h.white@intel.com \
    --cc=george.dunlap@eu.citrix.com \
    --cc=ian.jackson@eu.citrix.com \
    --cc=ravi.sahita@intel.com \
    --cc=tim@xen.org \
    --cc=tlengyel@novetta.com \
    --cc=wei.liu2@citrix.com \
    --cc=xen-devel@lists.xen.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).