|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH v1 02/11] xen/xsplice: Hypervisor implementation of XEN_XSPLICE_op
>>> On 03.11.15 at 19:15, <ross.lagerwall@xxxxxxxxxx> wrote:
> Signed-off-by: Ross Lagerwall <ross.lagerwall@xxxxxxxxxx>
> ---
> v2: Rebased on keyhandler: rework keyhandler infrastructure
> v3: Fixed XSM.
> v4: Removed REVERTED state.
> Split status and error code.
> Add REPLACE action.
> Separate payload data from the payload structure.
> s/XSPLICE_ID_../XSPLICE_NAME_../
Odd - the subject says v1.
> --- /dev/null
> +++ b/xen/common/xsplice.c
> @@ -0,0 +1,398 @@
> +/*
> + * Copyright (c) 2015 Oracle and/or its affiliates. All rights reserved.
> + *
> + */
> +
> +#include <xen/smp.h>
> +#include <xen/keyhandler.h>
> +#include <xen/spinlock.h>
> +#include <xen/mm.h>
> +#include <xen/list.h>
> +#include <xen/guest_access.h>
> +#include <xen/stdbool.h>
No use of this header except in code shared with the tools.
Also I'd like to encourage you to sort all xen/ headers in a file
(and all public/ and asm/ ones, just that this doesn't apply here)
alphabetically in new code.
> +}
> +
> +
> +static int verify_payload(xen_sysctl_xsplice_upload_t *upload)
Double blank line above.
> +/*
> + * We MUST be holding the spinlock.
> + */
Which spinlock? Also this is a single line comment.
> +static void __free_payload(struct payload *data)
I see no reason for this function to have two underscores at the
beginning of its name.
> +err_raw:
> + free_xenheap_pages(raw_data, get_order_from_bytes(upload->size));
> +err_data:
Labels indented by at least one blank please.
> +static int xsplice_list(xen_sysctl_xsplice_list_t *list)
> +{
> + xen_xsplice_status_t status;
> + struct payload *data;
> + unsigned int idx = 0, i = 0;
> + int rc = 0;
> + unsigned int ver = payload_version;
> +
> + if ( list->nr > 1024 )
> + return -E2BIG;
> +
> + if ( list->pad != 0 )
> + return -EINVAL;
> +
> + if ( guest_handle_is_null(list->status) ||
> + guest_handle_is_null(list->id) ||
> + guest_handle_is_null(list->len) )
> + return -EINVAL;
???
> + if ( !guest_handle_okay(list->status, sizeof(status) * list->nr) ||
> + !guest_handle_okay(list->id, XEN_XSPLICE_NAME_SIZE * list->nr) ||
> + !guest_handle_okay(list->len, sizeof(uint32_t) * list->nr) )
> + return -EINVAL;
> +
> + spin_lock(&payload_list_lock);
> + if ( list->idx > payload_cnt )
> + {
> + spin_unlock(&payload_list_lock);
> + return -EINVAL;
> + }
> +
> + list_for_each_entry( data, &payload_list, list )
> + {
> + uint32_t len;
> +
> + if ( list->idx > i++ )
> + continue;
> +
> + status.state = data->state;
> + status.rc = data->rc;
> + len = strlen(data->id);
> +
> + /* N.B. 'idx' != 'i'. */
> + if ( copy_to_guest_offset(list->id, idx * XEN_XSPLICE_NAME_SIZE,
> + data->id, len) ||
> + copy_to_guest_offset(list->len, idx, &len, 1) ||
> + copy_to_guest_offset(list->status, idx, &status, 1) )
You having used guest_handle_okay() above, all of these can be
__copy_to_guest_offset)() afaict.
> + {
> + rc = -EFAULT;
> + break;
> + }
> + idx ++;
Spurious blank.
> + if ( hypercall_preempt_check() || (idx + 1 > list->nr) )
> + {
> + break;
> + }
Pointless braces.
Also - what about an input list->nr of zero?
> + }
> + list->nr = payload_cnt - i; /* Remaining amount. */
> + spin_unlock(&payload_list_lock);
> + list->version = ver;
> +
> + /* And how many we have processed. */
> + return rc ? rc : idx;
Please omit the middle expression in cases like this. To be honest I
can't help myself thinking that I'v already made at least some of
these comments.
> --- a/xen/include/public/sysctl.h
> +++ b/xen/include/public/sysctl.h
> @@ -766,6 +766,161 @@ struct xen_sysctl_tmem_op {
> typedef struct xen_sysctl_tmem_op xen_sysctl_tmem_op_t;
> DEFINE_XEN_GUEST_HANDLE(xen_sysctl_tmem_op_t);
>
> +/*
> + * XEN_SYSCTL_XSPLICE_op
> + *
> + * Refer to the docs/misc/xsplice.markdown for the design details
> + * of this hypercall.
To someone importing this header into another project, this
reference may be quite odd. Don't these get translated to
some html with a canonical place on the web?
> +struct xen_sysctl_xsplice_action {
> + xen_xsplice_id_t id; /* IN, name of the patch. */
> +#define XSPLICE_ACTION_CHECK 1
> +#define XSPLICE_ACTION_UNLOAD 2
> +#define XSPLICE_ACTION_REVERT 3
> +#define XSPLICE_ACTION_APPLY 4
> +#define XSPLICE_ACTION_REPLACE 5
> + uint32_t cmd; /* IN: XSPLICE_ACTION_*. */
> + uint32_t pad; /* IN: MUST be zero. */
> + uint64_aligned_t time; /* IN: Zero if no timeout. */
> + /* Or upper bound of time (ms) */
> + /* for operation to take. */
So if the field represent a timeout, why not call it such?
> +struct xen_sysctl_xsplice_op {
> + uint32_t cmd; /* IN: XEN_SYSCTL_XSPLICE_* */
> + uint32_t pad; /* IN: Always zero. */
Other "pad" fields get checked to be zero, but I wasn't able to
spot a check for this one.
> --- /dev/null
> +++ b/xen/include/xen/xsplice.h
> @@ -0,0 +1,9 @@
> +#ifndef __XEN_XSPLICE_H__
> +#define __XEN_XSPLICE_H__
> +
> +struct xen_sysctl_xsplice_op;
> +int xsplice_control(struct xen_sysctl_xsplice_op *);
> +
> +extern void xsplice_printall(unsigned char key);
What is this declaration good for? The function ought to be static
afaics.
Jan
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |