[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH] xen/public: arch-arm: Restrict the visibility of struct vcpu_guest_core_regs



Hi Artem,

On 5/22/19 7:05 PM, Artem Mygaiev wrote:
On Wed, 2019-05-22 at 14:00 +0100, Julien Grall wrote:
On 22/05/2019 13:29, Jan Beulich wrote:
On 22.05.19 at 14:20, <
julien.grall@xxxxxxx
wrote:
On 21/05/2019 10:55, Julien Grall wrote:
Hi Jan,

On 5/21/19 10:43 AM, Jan Beulich wrote:
On 21.05.19 at 11:35, <
julien.grall@xxxxxxx
wrote:

On 5/21/19 10:26 AM, Jan Beulich wrote:
On 20.05.19 at 20:12, <
julien.grall@xxxxxxx
wrote:

        As this is now Xen and tools only, I am
wondering whether the check on
        GNU_C is still necessary. I am happy to send a
follow-up patch (or fold
        in this one) if it can be removed.

I think this should be dropped if it can be without
breaking any
part of the build

This is because all the tools are part of xen.git, right?

Right - no-one else is supposed to define __XEN_TOOLS__, or
if anyone does, they're on their own.

Thanks for the information. I will do a full build check.

I thought about this again, long term there are an attempt to
build xen with
other compiler not necessarily supporting GNU C extension.
While this would probably not be the only place that need to be
reworked, we
would have to revert part of this change. So I will not drop the
#ifdef here.

Well, I don't know how it is for Arm, but on x86 we actually use
the
"extended" naming quite extensively, so building with a compiler
that doesn't support this extension is not really an option there.

For the Arm, I think only cpu_user_regs is using "extended" naming.
It should be
possible to remove it without too much trouble here.

@Artem, is there any restriction to use anonymous union in functional
safety?


In general, unions are not allowed in safety regulated programming,
they always require a "deviation" - e.g. unions use for data packing is
usually accepted disregarding anonymous or not.

That's good to know. I am going to keep for now the two definitions of __DECL_REG. We can remove them later on if it is not necessary.


Couple of other things I wanted to mention:
1. all protective programming standards e.g. MISRA recommend reducing
visibility of functions and variables to reduce API surface ans thus
need for test coverage and systematic fault probability.

In general, we want to limit the API exposed to guest as this is stable.
Let us know if you see other places where we could potentially reduce the API without impacting existing guest.

2. current implementation xen tools are very hard to use in safety for
many reasons, I hope to follow up on this soon...

Thank you for the feedback!

Cheers,

--
Julien Grall

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.