Xen project Mailing List

Re: [PATCH v3 1/7] xen/gnttab: Rework resource acquisition

To: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>

Date: Fri, 15 Jan 2021 12:56:48 +0100

Cc: George Dunlap <George.Dunlap@xxxxxxxxxxxxx>, Ian Jackson <iwj@xxxxxxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Julien Grall <julien@xxxxxxx>, Paul Durrant <paul@xxxxxxx>, Michał Leszczyński <michal.leszczynski@xxxxxxx>, Hubert Jasudowicz <hubert.jasudowicz@xxxxxxx>, Tamas K Lengyel <tamas@xxxxxxxxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>

Delivery-date: Fri, 15 Jan 2021 11:56:51 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 12.01.2021 20:48, Andrew Cooper wrote: > The existing logic doesn't function in the general case for mapping a guests > grant table, due to arbitrary 32 frame limit, and the default grant table > limit being 64. > > In order to start addressing this, rework the existing grant table logic by > implementing a single gnttab_acquire_resource(). This is far more efficient > than the previous acquire_grant_table() in memory.c because it doesn't take > the grant table write lock, and attempt to grow the table, for every single > frame. > > The new gnttab_acquire_resource() function subsumes the previous two > gnttab_get_{shared,status}_frame() helpers. > > No functional change. > > Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> I'm sorry, but I have to withdraw the R-b given a few minutes ago. > --- a/xen/common/grant_table.c > +++ b/xen/common/grant_table.c > @@ -4013,6 +4013,59 @@ static int gnttab_get_shared_frame_mfn(struct domain > *d, > return 0; > } > > +int gnttab_acquire_resource( > + struct domain *d, unsigned int id, unsigned long frame, > + unsigned int nr_frames, xen_pfn_t mfn_list[]) > +{ > + struct grant_table *gt = d->grant_table; > + unsigned int i = nr_frames, tot_frames; > + mfn_t tmp; > + void **vaddrs; > + int rc; > + > + /* Overflow checks */ > + if ( frame + nr_frames < frame ) > + return -EINVAL; > + > + tot_frames = frame + nr_frames; > + if ( tot_frames != frame + nr_frames ) > + return -EINVAL; While you did remove the explicit returning of an error when nr_frames is zero, ... > + /* Grow table if necessary. */ > + grant_write_lock(gt); > + rc = -EINVAL; > + switch ( id ) > + { > + case XENMEM_resource_grant_table_id_shared: > + vaddrs = gt->shared_raw; > + rc = gnttab_get_shared_frame_mfn(d, tot_frames - 1, &tmp); ... this will degenerate (and still cause an error) when frame is also zero, and will cause undue growing of the table when frame is non-zero yet not overly large. As indicated before, I'm of the clear opinion that here - like elsewhere - a number of zero frames requested means that no action be taken at all, and success be returned. > + break; > + > + case XENMEM_resource_grant_table_id_status: > + if ( gt->gt_version != 2 ) > + break; As per various other places in this file I think you want to wrap this in evaluate_nospec(). Jan

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.