From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.3 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,NICE_REPLY_A,SPF_HELO_NONE, SPF_PASS,USER_AGENT_SANE_1 autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1F841C433DF for ; Wed, 29 Jul 2020 20:02:24 +0000 (UTC) Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id ED29F20658 for ; Wed, 29 Jul 2020 20:02:23 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org ED29F20658 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=suse.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1k0sHF-0000rB-Au; Wed, 29 Jul 2020 20:02:13 +0000 Received: from us1-rack-iad1.inumbo.com ([172.99.69.81]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1k0sHD-0000r6-M2 for xen-devel@lists.xenproject.org; Wed, 29 Jul 2020 20:02:11 +0000 X-Inumbo-ID: 6261c439-d1d6-11ea-8cd8-bc764e2007e4 Received: from mx2.suse.de (unknown [195.135.220.15]) by us1-rack-iad1.inumbo.com (Halon) with ESMTPS id 6261c439-d1d6-11ea-8cd8-bc764e2007e4; Wed, 29 Jul 2020 20:02:10 +0000 (UTC) X-Virus-Scanned: by amavisd-new at test-mx.suse.de Received: from relay2.suse.de (unknown [195.135.221.27]) by mx2.suse.de (Postfix) with ESMTP id B6FBBAEB6; Wed, 29 Jul 2020 20:02:21 +0000 (UTC) Subject: Re: [PATCH 2/5] xen/gnttab: Rework resource acquisition To: Andrew Cooper References: <20200728113712.22966-1-andrew.cooper3@citrix.com> <20200728113712.22966-3-andrew.cooper3@citrix.com> From: Jan Beulich Message-ID: <784bf5c1-be13-2c09-5494-6eb64c400473@suse.com> Date: Wed, 29 Jul 2020 22:02:10 +0200 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0 MIME-Version: 1.0 In-Reply-To: <20200728113712.22966-3-andrew.cooper3@citrix.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-BeenThere: xen-devel@lists.xenproject.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Cc: Hubert Jasudowicz , Stefano Stabellini , Julien Grall , Wei Liu , Konrad Rzeszutek Wilk , George Dunlap , Paul Durrant , =?UTF-8?Q?Micha=c5=82_Leszczy=c5=84ski?= , Ian Jackson , Xen-devel Errors-To: xen-devel-bounces@lists.xenproject.org Sender: "Xen-devel" On 28.07.2020 13:37, Andrew Cooper wrote: > The existing logic doesn't function in the general case for mapping a guests > grant table, due to arbitrary 32 frame limit, and the default grant table > limit being 64. > > In order to start addressing this, rework the existing grant table logic by > implementing a single gnttab_acquire_resource(). This is far more efficient > than the previous acquire_grant_table() in memory.c because it doesn't take > the grant table write lock, and attempt to grow the table, for every single > frame. Among the code you replace there is a comment "Iterate backwards in case table needs to grow" explaining why what you say about growing the grant table didn't actually happen. > --- a/xen/common/grant_table.c > +++ b/xen/common/grant_table.c > @@ -4013,6 +4013,72 @@ static int gnttab_get_shared_frame_mfn(struct domain *d, > return 0; > } > > +int gnttab_acquire_resource( > + struct domain *d, unsigned int id, unsigned long frame, > + unsigned int nr_frames, xen_pfn_t mfn_list[]) > +{ > + struct grant_table *gt = d->grant_table; > + unsigned int i = nr_frames, tot_frames; > + void **vaddrs; > + int rc = 0; > + > + /* Input sanity. */ > + if ( !nr_frames ) > + return -EINVAL; I can't seem to be able to find an equivalent of this in the old logic, and hence this looks like an unwarranted change in behavior to me. We have quite a few hypercall ops where some count being zero is simply a no-op, i.e. yielding success without doing anything. > + /* Overflow checks */ > + if ( frame + nr_frames < frame ) > + return -EINVAL; > + > + tot_frames = frame + nr_frames; > + if ( tot_frames != frame + nr_frames ) > + return -EINVAL; I find the naming here quite confusing. I realize part of this stems from the code you replace, but anyway: "unsigned long frame" typically represents a memory frame number of some sort, making the calculation look as if it was wrong. (Initially I merely meant to ask whether this check isn't redundant with the prior one, or vice versa.) > + /* Grow table if necessary. */ > + grant_write_lock(gt); > + switch ( id ) > + { > + mfn_t tmp; > + > + case XENMEM_resource_grant_table_id_shared: > + rc = gnttab_get_shared_frame_mfn(d, tot_frames - 1, &tmp); > + break; > + > + case XENMEM_resource_grant_table_id_status: > + if ( gt->gt_version != 2 ) > + { > + default: > + rc = -EINVAL; > + break; > + } > + rc = gnttab_get_status_frame_mfn(d, tot_frames - 1, &tmp); > + break; > + } > + > + /* Any errors from growing the table? */ > + if ( rc ) > + goto out; > + > + switch ( id ) > + { > + case XENMEM_resource_grant_table_id_shared: > + vaddrs = gt->shared_raw; > + break; > + > + case XENMEM_resource_grant_table_id_status: > + vaddrs = (void **)gt->status; Now this is the kind of cast that I consider really dangerous, and hence worth trying hard to avoid. With the code structure as is, I don't see an immediate solution though. > + break; > + } Worth having an ASSERT_UNREACHABLE() default case here? Jan