[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v1 02/11] xen/xsplice: Hypervisor implementation of XEN_XSPLICE_op



>>> On 03.11.15 at 19:15, <ross.lagerwall@xxxxxxxxxx> wrote:
> Signed-off-by: Ross Lagerwall <ross.lagerwall@xxxxxxxxxx>
> ---
> v2: Rebased on keyhandler: rework keyhandler infrastructure
> v3: Fixed XSM.
> v4: Removed REVERTED state.
>     Split status and error code.
>     Add REPLACE action.
>     Separate payload data from the payload structure.
>     s/XSPLICE_ID_../XSPLICE_NAME_../

Odd - the subject says v1.

> --- /dev/null
> +++ b/xen/common/xsplice.c
> @@ -0,0 +1,398 @@
> +/*
> + * Copyright (c) 2015 Oracle and/or its affiliates. All rights reserved.
> + *
> + */
> +
> +#include <xen/smp.h>
> +#include <xen/keyhandler.h>
> +#include <xen/spinlock.h>
> +#include <xen/mm.h>
> +#include <xen/list.h>
> +#include <xen/guest_access.h>
> +#include <xen/stdbool.h>

No use of this header except in code shared with the tools.

Also I'd like to encourage you to sort all xen/ headers in a file
(and all public/ and asm/ ones, just that this doesn't apply here)
alphabetically in new code.

> +}
> +
> +
> +static int verify_payload(xen_sysctl_xsplice_upload_t *upload)

Double blank line above.

> +/*
> + * We MUST be holding the spinlock.
> + */

Which spinlock? Also this is a single line comment.

> +static void __free_payload(struct payload *data)

I see no reason for this function to have two underscores at the
beginning of its name.


> +err_raw:
> +    free_xenheap_pages(raw_data, get_order_from_bytes(upload->size));
> +err_data:

Labels indented by at least one blank please.

> +static int xsplice_list(xen_sysctl_xsplice_list_t *list)
> +{
> +    xen_xsplice_status_t status;
> +    struct payload *data;
> +    unsigned int idx = 0, i = 0;
> +    int rc = 0;
> +    unsigned int ver = payload_version;
> +
> +    if ( list->nr > 1024 )
> +        return -E2BIG;
> +
> +    if ( list->pad != 0 )
> +        return -EINVAL;
> +
> +    if ( guest_handle_is_null(list->status) ||
> +         guest_handle_is_null(list->id) ||
> +         guest_handle_is_null(list->len) )
> +        return -EINVAL;

???

> +    if ( !guest_handle_okay(list->status, sizeof(status) * list->nr) ||
> +         !guest_handle_okay(list->id, XEN_XSPLICE_NAME_SIZE * list->nr) ||
> +         !guest_handle_okay(list->len, sizeof(uint32_t) * list->nr) )
> +        return -EINVAL;
> +
> +    spin_lock(&payload_list_lock);
> +    if ( list->idx > payload_cnt )
> +    {
> +        spin_unlock(&payload_list_lock);
> +        return -EINVAL;
> +    }
> +
> +    list_for_each_entry( data, &payload_list, list )
> +    {
> +        uint32_t len;
> +
> +        if ( list->idx > i++ )
> +            continue;
> +
> +        status.state = data->state;
> +        status.rc = data->rc;
> +        len = strlen(data->id);
> +
> +        /* N.B. 'idx' != 'i'. */
> +        if ( copy_to_guest_offset(list->id, idx * XEN_XSPLICE_NAME_SIZE,
> +                                  data->id, len) ||
> +             copy_to_guest_offset(list->len, idx, &len, 1) ||
> +             copy_to_guest_offset(list->status, idx, &status, 1) )

You having used guest_handle_okay() above, all of these can be
__copy_to_guest_offset)() afaict.

> +        {
> +            rc = -EFAULT;
> +            break;
> +        }
> +        idx ++;

Spurious blank.

> +        if ( hypercall_preempt_check() || (idx + 1 > list->nr) )
> +        {
> +            break;
> +        }

Pointless braces.

Also - what about an input list->nr of zero?

> +    }
> +    list->nr = payload_cnt - i; /* Remaining amount. */
> +    spin_unlock(&payload_list_lock);
> +    list->version = ver;
> +
> +    /* And how many we have processed. */
> +    return rc ? rc : idx;

Please omit the middle expression in cases like this. To be honest I
can't help myself thinking that I'v already made at least some of
these comments.

> --- a/xen/include/public/sysctl.h
> +++ b/xen/include/public/sysctl.h
> @@ -766,6 +766,161 @@ struct xen_sysctl_tmem_op {
>  typedef struct xen_sysctl_tmem_op xen_sysctl_tmem_op_t;
>  DEFINE_XEN_GUEST_HANDLE(xen_sysctl_tmem_op_t);
>  
> +/*
> + * XEN_SYSCTL_XSPLICE_op
> + *
> + * Refer to the docs/misc/xsplice.markdown for the design details
> + * of this hypercall.

To someone importing this header into another project, this
reference may be quite odd. Don't these get translated to
some html with a canonical place on the web?

> +struct xen_sysctl_xsplice_action {
> +    xen_xsplice_id_t id;                    /* IN, name of the patch. */
> +#define XSPLICE_ACTION_CHECK        1
> +#define XSPLICE_ACTION_UNLOAD       2
> +#define XSPLICE_ACTION_REVERT       3
> +#define XSPLICE_ACTION_APPLY        4
> +#define XSPLICE_ACTION_REPLACE      5
> +    uint32_t    cmd;                        /* IN: XSPLICE_ACTION_*. */
> +    uint32_t    pad;                        /* IN: MUST be zero. */
> +    uint64_aligned_t time;                  /* IN: Zero if no timeout. */
> +                                            /* Or upper bound of time (ms) */
> +                                            /* for operation to take. */

So if the field represent a timeout, why not call it such?

> +struct xen_sysctl_xsplice_op {
> +    uint32_t cmd;                           /* IN: XEN_SYSCTL_XSPLICE_* */
> +    uint32_t pad;                           /* IN: Always zero. */

Other "pad" fields get checked to be zero, but I wasn't able to
spot a check for this one.

> --- /dev/null
> +++ b/xen/include/xen/xsplice.h
> @@ -0,0 +1,9 @@
> +#ifndef __XEN_XSPLICE_H__
> +#define __XEN_XSPLICE_H__
> +
> +struct xen_sysctl_xsplice_op;
> +int xsplice_control(struct xen_sysctl_xsplice_op *);
> +
> +extern void xsplice_printall(unsigned char key);

What is this declaration good for? The function ought to be static
afaics.

Jan

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.