[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH v2] dm_op: Add xendevicemodel_modified_memory_bulk.
>>> On 22.03.17 at 20:55, <Jennifer.Herbert@xxxxxxxxxx> wrote: > On 22/03/17 10:33, Jan Beulich wrote: >>>>> On 21.03.17 at 14:59, <jennifer.herbert@xxxxxxxxxx> wrote: >>> This version of this patch removes the need for the 'offset' parameter, >>> by instead reducing nr_extents, and working backwards from the end of >>> the array. >>> >>> This patch also removes the need to ever write back the passed array of >>> extents to the guest, but instead putting its partial progress in a >>> 'pfns_processed' parameter, which replaces the old 'offset' parameter. >>> As with the 'offest' parameter, 'pfns_processed' should be set to 0 on >>> calling. >> So how is the need for 'pfns_processed' better than the prior need >> for 'offset'? I continue to not see why you'd need any extra field, as >> you can write back to 'first_pfn' and 'nr' just like the old code did. (But >> note that I'm not outright objecting to this solution, I'd first like to >> understand why it was chosen.) >> > > With v1 of the patch, on continuation, two buffers get written back to > guest, one > to update 'offset', and one to update first_pfn (in the array). Although > I can't think of an example > where this would be a problem, I think that semi-randomly altering items > in the passed > array may not be expected, and if that data was re-used for something, > could cause a bug. > > There is precedence for changing the op buffer, and using > pfns_processed means we never have > to change this array, which I think is much cleaner, intuitive, and > halving the copy backs. > > I considered your suggestion of modifying the handle array, but I think > this would make the code much harder to follow, and still require data > written back to the guest - just in a different place. I thought just > reducing the nr_extents a cleaner solution. This backwards processing was a neat idea actually, since here we definitely don't have any ordering requirement. > I can't see the problem with having an argument for continuation - the > xen_dm_op will remain the same size, if we use the argument space or > not. If its just about how the API looks, I find this highly subjective > - its no secret that continuations happen, and data gets stashed in > these parameters - and so i see no reason why having a dedicated > parameter for this is a problem. > > If we want to hide this continuation information, we could define: > > struct xen_dm_op_modified_memory { > /* IN - number of extents. */ > uint32_t nr_extents; > } > > struct xen_dm_op_modified_memory modified_memory_expanded { > struct xen_dm_op_modified_memory modified_memory; > uint32_t pfns_processed > } > > and include both structures in the xen_dm_op union. > The caller would use xen_dm_op_modified_memory modified_memory, and due > to the memset(&op, 0, sizeof(op));, the value for pfns_processed would > end up as zero. Xen could use expanded structure, and make use of > pfns_processed. I don't think this would be helpful. > Or, we could re-purpose the 'pad' member of struct xen_dm_op, call it > continuation_data, and have this as a general purpose continuation > variable, that the caller wouldn't pay any attention to. > > What do you think? No, that's not really an option here imo, as in the general case we'd need this to be a 64-bit value. It just so happens that you can get away with a 32-bit one because you limit the input value to 32 bits. >>> --- a/xen/arch/x86/hvm/dm.c >>> +++ b/xen/arch/x86/hvm/dm.c >>> @@ -119,56 +119,89 @@ static int set_isa_irq_level(struct domain *d, >>> uint8_t isa_irq, >>> } >>> >>> static int modified_memory(struct domain *d, >>> - struct xen_dm_op_modified_memory *data) >>> + struct xen_dm_op_modified_memory *header, >>> + xen_dm_op_buf_t* buf) >>> { >>> - xen_pfn_t last_pfn = data->first_pfn + data->nr - 1; >>> - unsigned int iter = 0; >>> + /* Process maximum of 256 pfns before checking for continuation */ >>> + const unsigned int cont_check_interval = 0xff; >> Iirc the question was asked on v1 already: 256 (as the comment >> says) or 255 (as the value enforces)? > > aw shucks! I had it as 255, and Paul said "255 or 256?" and I changed > it to 256, without thinking, assuming an off by one error, and that he > was right. But, with a seconds thought, it should be 255, and Paul was > actually referring to a comment later in the code, which was 256. Yet batches of 256 would seem a little more "usual". >>> int rc = 0; >>> if ( copy_from_guest_offset(&extent, buf->h, rem_extents - 1, 1) ) >>> + return -EFAULT; >>> + >>> + pfn = extent.first_pfn + header->pfns_processed; >>> + batch_nr = extent.nr - header->pfns_processed; >> Even if this looks to be harmless to the hypervisor, I dislike the >> overflows you allow for here. > > I'll add a check for (header->pfns_processed > extent.nr), returning > -EINVAL. >= actually, I think. >>> @@ -441,13 +474,8 @@ static int dm_op(domid_t domid, >>> struct xen_dm_op_modified_memory *data = >>> &op.u.modified_memory; >>> >>> - const_op = false; >>> - >>> - rc = -EINVAL; >>> - if ( data->pad ) >>> - break; >> Where did this check go? > > data->pad is undefined here. But I could add a check for extent.pad in > the modified_memory function. That's what I'm asking for. Talking of which - is there a way for the caller to know on which extent an error (if any) has occurred? This certainly needs to be possible. >>> --- a/xen/include/public/hvm/dm_op.h >>> +++ b/xen/include/public/hvm/dm_op.h >>> @@ -237,13 +237,24 @@ struct xen_dm_op_set_pci_link_route { >>> * XEN_DMOP_modified_memory: Notify that a set of pages were modified by >>> * an emulator. >>> * >>> - * NOTE: In the event of a continuation, the @first_pfn is set to the >>> - * value of the pfn of the remaining set of pages and @nr reduced >>> - * to the size of the remaining set. >>> + * DMOP buf 1 contains an array of xen_dm_op_modified_memory_extent with >>> + * @nr_extent entries. The value of @nr_extent will be reduced on >>> + * continuation. >>> + * >>> + * @pfns_processed is used for continuation, and not intended to be usefull >>> + * to the caller. It gives the number of pfns already processed (and can >>> + * be skipped) in the last extent. This should always be set to zero. >>> */ >>> #define XEN_DMOP_modified_memory 11 >>> >>> struct xen_dm_op_modified_memory { >>> + /* IN - number of extents. */ >>> + uint32_t nr_extents; >>> + /* IN - should be set to 0, and is updated on continuation. */ >>> + uint32_t pfns_processed; >> I'd prefer if the field (if to be kept) wasn't named after its current >> purpose, nor should we state anything beyond it needing to be >> zero when first invoking the call. These are implementation details >> which callers should not rely on. > > Assuming we keep it, how about calling it "reserved", with a comment in > dm.c explaining what its actually for? Elsewhere we use "opaque", but "reserved" is probably fine too. However, we may want to name it as an OUT value, for the error-on-extent indication mentioned above (of course another option would be to make nr_extent IN/OUT). As an OUT, we're free to use it for whatever intermediate value, just so long as upon final return to the caller it has the intended value. (It's debatable whether it should be IN/OUT, due to the need for it to be set to zero.) Jan _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx https://lists.xen.org/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |