[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v7 04/10] xen/memory: Add a vmtrace_buf resource type

  • To: Jan Beulich <jbeulich@xxxxxxxx>
  • From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
  • Date: Tue, 26 Jan 2021 09:58:15 +0000
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Jh8LGUXY13zYdTuLIS2AhzP14yzJyDlF0eMc9LzLslU=; b=iJj6kB3m6LGOV4dArIb8VVXya9Ee+ZIZ0k8cG5IJoIKbnsvGuyV8+NmKioICrwbxCZZF2Kr1ICoehqvhXFzTIqaKyJB+5U/znJa3k4M7zB0N5RrP3IfGwLsJDAqMRJj8fZlL1fTKxTsg/KvLKZrIr9FWXja39eqT/azQWOFx95sEmvPNGM5KGTWmGoSqbqGMGiivIAaCQ6YPEBrEaOjNxhexLMt7OU27Van4h1ABLm21kCR/85rDdIDzNz+QSol5nzz6q0LoiwH2AqjD4ODH8H0MHaWs+roC3lJigZqwe9MXTYyyiBXl3W3phal52sirTqPvTpZHWJJAndQGQsN6Sw==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=naSCju+ZG/nVC/K6TdiW3NB68k5STkLQ0vFMNxMkScqKeEApW25HkADQKq6iv87BBPOcxxSDeVCL2dXX+aPha6KiDdWfM0i4sxI+swGZnc5fV4lWzeI2Emo+rqEgiEI1S229K7c4uN1EyM09YTX9GzbiGMMwOgNO0IIX1K/PIhR4S7Ls5nWVIM3DvC9IVFHfZ3TvsCSFx9v2RD13zxu/z9FRHoaAzrNx5clIPKvAIgGijDvqkCpsLy2S709PZWTHTTXLGIwkRPohlHA7hzE0bJ09RKwJh2liR0q9quTNluhC/i7jVSoAWK43BCJvFiE426OdjQMMfZVCyEEobN0rAg==
  • Authentication-results: esa2.hc3370-68.iphmx.com; dkim=pass (signature verified) header.i=@citrix.onmicrosoft.com
  • Cc: Michał Leszczyński <michal.leszczynski@xxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Tamas K Lengyel <tamas@xxxxxxxxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • Delivery-date: Tue, 26 Jan 2021 09:58:45 +0000
  • Ironport-sdr: Ty/NQCujsb1W1E+IbkQf9oVIraqt29M2Y8IOuklOPi3Z+MCVanar3c8lgY3sYGB6BkoM7DbUue 9E3twG7jRmXIzlWuKzophmqCK7genh11FTG+KtFMWoRqaJkXO3c1/yG+FcqNQpMkMWi2P/8lmP kiE9xcaybLsCpReHYfPTSih/iBLZegvTmtFeVzGy6koVWINPLpmeOmFR9jC3pxE2R5qQkAYfC1 jB1BFjbkxzVEFXbH1xZQOoPqYj/1I1vOIFbkb8exf7/vrnKTgmjRMVqBjrbmxWu4/5P0rfv97x Olg=
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 26/01/2021 07:37, Jan Beulich wrote:
> On 25.01.2021 17:31, Jan Beulich wrote:
>> On 21.01.2021 22:27, Andrew Cooper wrote:
>>> --- a/xen/common/memory.c
>>> +++ b/xen/common/memory.c
>>> @@ -1068,11 +1068,35 @@ static unsigned int resource_max_frames(const 
>>> struct domain *d,
>>>      case XENMEM_resource_grant_table:
>>>          return gnttab_resource_max_frames(d, id);
>>>  
>>> +    case XENMEM_resource_vmtrace_buf:
>>> +        return d->vmtrace_frames;
>>> +
>>>      default:
>>>          return arch_resource_max_frames(d, type, id);
>>>      }
>>>  }
>>>  
>>> +static int acquire_vmtrace_buf(
>>> +    struct domain *d, unsigned int id, unsigned long frame,
>>> +    unsigned int nr_frames, xen_pfn_t mfn_list[])
>>> +{
>>> +    const struct vcpu *v = domain_vcpu(d, id);
>>> +    unsigned int i;
>>> +    mfn_t mfn;
>>> +
>>> +    if ( !v || !v->vmtrace.buf ||
>>> +         nr_frames > d->vmtrace_frames ||
>>> +         (frame + nr_frames) > d->vmtrace_frames )
>>> +        return -EINVAL;
>>
>> I think that for this to guard against overflow, the first nr_frames
>> needs to be replaced by frame (as having the wider type), or else a
>> very large value of frame coming in will not yield the intended
>> -EINVAL.
> Actually, besides this then wanting to be >= instead of >, this
> wouldn't take care of the 32-bit case (or more generally the
> sizeof(long) == sizeof(int) one). So I think you want
>
>     if ( !v || !v->vmtrace.buf ||
>          (frame + nr_frames) < frame ||
>          (frame + nr_frames) > d->vmtrace_frames )
>         return -EINVAL;
>
>> If you agree, with this changed,
>> Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx>
> This holds.

I slipped this buggy version in to prove a point.

You're now 3 or 4 attempts into "simplifying" my original version, and
have on at least 2 attempts made your R-b conditional on a buggy version.

This form is clearly too complicated to reason about correctly, and it
is definitely more complicated than I am happy taking.


I am either going to go with my original version, which is trivially and
obviously correct, or I'm considering reducing frame to 32 bits at the
top level to fix this width nonsense throughout Xen.

~Andrew

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.