[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v10 2/9] xen: do not free reserved memory into heap

To: Julien Grall <julien@xxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Penny Zheng <Penny.Zheng@xxxxxxx>
From: Juergen Gross <jgross@xxxxxxxx>
Date: Wed, 24 Aug 2022 11:27:16 +0200
Cc: wei.chen@xxxxxxx, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Bertrand Marquis <bertrand.marquis@xxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Julien Grall <jgrall@xxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx
Delivery-date: Wed, 24 Aug 2022 09:27:25 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 24.08.22 11:03, Julien Grall wrote:

Hi,

On 16/08/2022 07:40, Jan Beulich wrote:

On 16.08.2022 04:36, Penny Zheng wrote:

+void free_domstatic_page(struct page_info *page)
+{
+    struct domain *d = page_get_owner(page);
+    bool drop_dom_ref;
+
+    if ( unlikely(!d) )
+    {
+        ASSERT_UNREACHABLE();

+ printk("The about-to-free static page %"PRI_mfn" must be owned by adomain\n",

+               mfn_x(page_to_mfn(page)));
+        return;
+    }


For the message to be useful as a hint if the assertion triggers, it
wants printing ahead of the assertion. I also think it wants to be a
XENLOG_G_* kind of log level, so it would be rate limited by default
in release builds. Just to be on the safe side.

+1

(I'm not in favor of
the log message in the first place, but I do know that Julien had
asked for one.)

TBH, I think all ASSERT_UNREACHABLE() paths should be accompanied with aprintk(). This would also allow us to catch issue in production rather than inonly in debug.


What about something like the following then?

--- a/xen/include/xen/lib.h
+++ b/xen/include/xen/lib.h
@@ -40,6 +40,16 @@
     unlikely(ret_warn_on_);             \
 })

+#define WARN_ONCE() do {                \
+    static bool warned = false;         \
+                                        \
+    if ( !warned )                      \
+    {                                   \
+        warned = true;                  \
+        WARN();                         \
+    }                                   \
+} while (0)
+
 /* All clang versions supported by Xen have _Static_assert. */
 #if defined(__clang__) || \
     (__GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 6))
@@ -63,7 +73,7 @@
 #define ASSERT_UNREACHABLE() assert_failed("unreachable")
 #else
 #define ASSERT(p) do { if ( 0 && (p) ) {} } while (0)
-#define ASSERT_UNREACHABLE() do { } while (0)
+#define ASSERT_UNREACHABLE() WARN_ONCE()
 #endif

 #define ABS(_x) ({                              \


Juergen

Attachment: OpenPGP_0xB0DE9DD628BF132F.asc
Description: OpenPGP public key

Attachment: OpenPGP_signature
Description: OpenPGP digital signature

Follow-Ups:
- Re: [PATCH v10 2/9] xen: do not free reserved memory into heap
  - From: Julien Grall

References:
- [PATCH v10 0/9] populate/unpopulate memory when domain on static allocation
  - From: Penny Zheng
- [PATCH v10 2/9] xen: do not free reserved memory into heap
  - From: Penny Zheng
- Re: [PATCH v10 2/9] xen: do not free reserved memory into heap
  - From: Jan Beulich
- Re: [PATCH v10 2/9] xen: do not free reserved memory into heap
  - From: Julien Grall

Prev by Date: Re: Understanding osdep_xenforeignmemory_map mmap behaviour
Next by Date: Re: [PATCH v5 3/9] xen/arm: add a primitive FF-A mediator
Previous by thread: Re: [PATCH v10 2/9] xen: do not free reserved memory into heap
Next by thread: Re: [PATCH v10 2/9] xen: do not free reserved memory into heap
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.