[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH for-4.19? v5 07/10] xen: Make the maximum number of altp2m views configurable for x86

  • To: Petr Beneš <w1benny@xxxxxxxxx>
  • From: Jan Beulich <jbeulich@xxxxxxxx>
  • Date: Mon, 10 Jun 2024 17:05:29 +0200
  • Autocrypt: addr=jbeulich@xxxxxxxx; keydata= xsDiBFk3nEQRBADAEaSw6zC/EJkiwGPXbWtPxl2xCdSoeepS07jW8UgcHNurfHvUzogEq5xk hu507c3BarVjyWCJOylMNR98Yd8VqD9UfmX0Hb8/BrA+Hl6/DB/eqGptrf4BSRwcZQM32aZK 7Pj2XbGWIUrZrd70x1eAP9QE3P79Y2oLrsCgbZJfEwCgvz9JjGmQqQkRiTVzlZVCJYcyGGsD /0tbFCzD2h20ahe8rC1gbb3K3qk+LpBtvjBu1RY9drYk0NymiGbJWZgab6t1jM7sk2vuf0Py O9Hf9XBmK0uE9IgMaiCpc32XV9oASz6UJebwkX+zF2jG5I1BfnO9g7KlotcA/v5ClMjgo6Gl MDY4HxoSRu3i1cqqSDtVlt+AOVBJBACrZcnHAUSuCXBPy0jOlBhxPqRWv6ND4c9PH1xjQ3NP nxJuMBS8rnNg22uyfAgmBKNLpLgAGVRMZGaGoJObGf72s6TeIqKJo/LtggAS9qAUiuKVnygo 3wjfkS9A3DRO+SpU7JqWdsveeIQyeyEJ/8PTowmSQLakF+3fote9ybzd880fSmFuIEJldWxp Y2ggPGpiZXVsaWNoQHN1c2UuY29tPsJgBBMRAgAgBQJZN5xEAhsDBgsJCAcDAgQVAggDBBYC AwECHgECF4AACgkQoDSui/t3IH4J+wCfQ5jHdEjCRHj23O/5ttg9r9OIruwAn3103WUITZee e7Sbg12UgcQ5lv7SzsFNBFk3nEQQCACCuTjCjFOUdi5Nm244F+78kLghRcin/awv+IrTcIWF hUpSs1Y91iQQ7KItirz5uwCPlwejSJDQJLIS+QtJHaXDXeV6NI0Uef1hP20+y8qydDiVkv6l IreXjTb7DvksRgJNvCkWtYnlS3mYvQ9NzS9PhyALWbXnH6sIJd2O9lKS1Mrfq+y0IXCP10eS FFGg+Av3IQeFatkJAyju0PPthyTqxSI4lZYuJVPknzgaeuJv/2NccrPvmeDg6Coe7ZIeQ8Yj t0ARxu2xytAkkLCel1Lz1WLmwLstV30g80nkgZf/wr+/BXJW/oIvRlonUkxv+IbBM3dX2OV8 AmRv1ySWPTP7AAMFB/9PQK/VtlNUJvg8GXj9ootzrteGfVZVVT4XBJkfwBcpC/XcPzldjv+3 HYudvpdNK3lLujXeA5fLOH+Z/G9WBc5pFVSMocI71I8bT8lIAzreg0WvkWg5V2WZsUMlnDL9 mpwIGFhlbM3gfDMs7MPMu8YQRFVdUvtSpaAs8OFfGQ0ia3LGZcjA6Ik2+xcqscEJzNH+qh8V m5jjp28yZgaqTaRbg3M/+MTbMpicpZuqF4rnB0AQD12/3BNWDR6bmh+EkYSMcEIpQmBM51qM EKYTQGybRCjpnKHGOxG0rfFY1085mBDZCH5Kx0cl0HVJuQKC+dV2ZY5AqjcKwAxpE75MLFkr wkkEGBECAAkFAlk3nEQCGwwACgkQoDSui/t3IH7nnwCfcJWUDUFKdCsBH/E5d+0ZnMQi+G0A nAuWpQkjM1ASeQwSHEeAWPgskBQL
  • Cc: Stefano Stabellini <sstabellini@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Bertrand Marquis <bertrand.marquis@xxxxxxx>, Michal Orzel <michal.orzel@xxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Tamas K Lengyel <tamas@xxxxxxxxxxxxx>, Alexandru Isaila <aisaila@xxxxxxxxxxxxxxx>, Petre Pircalabu <ppircalabu@xxxxxxxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx
  • Delivery-date: Mon, 10 Jun 2024 15:05:39 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 10.06.2024 14:21, Petr Beneš wrote:
> On Mon, Jun 10, 2024 at 1:21 PM Jan Beulich <jbeulich@xxxxxxxx> wrote:
>>
>> On 10.06.2024 12:34, Petr Beneš wrote:
>>> On Mon, Jun 10, 2024 at 12:16 PM Jan Beulich <jbeulich@xxxxxxxx> wrote:
>>>>
>>>> On 10.06.2024 11:10, Petr Beneš wrote:
>>>>> On Mon, Jun 10, 2024 at 9:30 AM Jan Beulich <jbeulich@xxxxxxxx> wrote:
>>>>>>
>>>>>> On 09.06.2024 01:06, Petr Beneš wrote:
>>>>>>> On Thu, Jun 6, 2024 at 9:24 AM Jan Beulich <jbeulich@xxxxxxxx> wrote:
>>>>>>>>> @@ -122,7 +131,12 @@ int p2m_init_altp2m(struct domain *d)
>>>>>>>>>      struct p2m_domain *hostp2m = p2m_get_hostp2m(d);
>>>>>>>>>
>>>>>>>>>      mm_lock_init(&d->arch.altp2m_list_lock);
>>>>>>>>> -    for ( i = 0; i < MAX_ALTP2M; i++ )
>>>>>>>>> +    d->arch.altp2m_p2m = xzalloc_array(struct p2m_domain *, 
>>>>>>>>> d->nr_altp2m);
>>>>>>>>> +
>>>>>>>>> +    if ( !d->arch.altp2m_p2m )
>>>>>>>>> +        return -ENOMEM;
>>>>>>>>
>>>>>>>> This isn't really needed, is it? Both ...
>>>>>>>>
>>>>>>>>> +    for ( i = 0; i < d->nr_altp2m; i++ )
>>>>>>>>
>>>>>>>> ... this and ...
>>>>>>>>
>>>>>>>>>      {
>>>>>>>>>          d->arch.altp2m_p2m[i] = p2m = p2m_init_one(d);
>>>>>>>>>          if ( p2m == NULL )
>>>>>>>>> @@ -143,7 +157,10 @@ void p2m_teardown_altp2m(struct domain *d)
>>>>>>>>>      unsigned int i;
>>>>>>>>>      struct p2m_domain *p2m;
>>>>>>>>>
>>>>>>>>> -    for ( i = 0; i < MAX_ALTP2M; i++ )
>>>>>>>>> +    if ( !d->arch.altp2m_p2m )
>>>>>>>>> +        return;
>>>>>>
>>>>>> I'm sorry, the question was meant to be on this if() instead.
>>>>>>
>>>>>>>>> +    for ( i = 0; i < d->nr_altp2m; i++ )
>>>>>>>>>      {
>>>>>>>>>          if ( !d->arch.altp2m_p2m[i] )
>>>>>>>>>              continue;
>>>>>>>>> @@ -151,6 +168,8 @@ void p2m_teardown_altp2m(struct domain *d)
>>>>>>>>>          d->arch.altp2m_p2m[i] = NULL;
>>>>>>>>>          p2m_free_one(p2m);
>>>>>>>>>      }
>>>>>>>>> +
>>>>>>>>> +    XFREE(d->arch.altp2m_p2m);
>>>>>>>>>  }
>>>>>>>>
>>>>>>>> ... this ought to be fine without?
>>>>>>>
>>>>>>> Could you, please, elaborate? I honestly don't know what you mean here
>>>>>>> (by "this isn't needed").
>>>>>>
>>>>>> I hope the above correction is enough?
>>>>>
>>>>> I'm sorry, but not really? I feel like I'm blind but I can't see
>>>>> anything I could remove without causing (or risking) crash.
>>>>
>>>> The loop is going to do nothing when d->nr_altp2m == 0, and the XFREE() is
>>>> going to do nothing when d->arch.altp2m_p2m == NULL. Hence what does the
>>>> if() guard against? IOW what possible crashes are you seeing that I don't
>>>> see?
>>>
>>> I see now. I was seeing ghosts - my thinking was that if
>>> p2m_init_altp2m fails to allocate altp2m_p2m, it will call
>>> p2m_teardown_altp2m - which, without the if(), would start to iterate
>>> through an array that is not allocated. It doesn't happen, it just
>>> returns -ENOMEM.
>>>
>>> So to reiterate:
>>>
>>>     if ( !d->arch.altp2m_p2m )
>>>         return;
>>>
>>> ... are we talking that this condition inside p2m_teardown_altp2m
>>> isn't needed?
>>
>> I'm not sure about "isn't" vs "shouldn't". The call from p2m_final_teardown()
>> also needs to remain safe to make. Which may require that upon allocation
>> failure you zap d->nr_altp2m. Or which alternatively may mean that the if()
>> actually needs to stay.
> 
> True, p2m_final_teardown is called whenever p2m_init (and by extension
> p2m_init_altp2m) fails. Which means that condition must stay - or, as
> you suggested, reset nr_altp2m to 0.
> 
> I would rather leave the code as is. Modifying nr_altp2m would (in my
> opinion) feel semantically incorrect, as that value should behave more
> or less as const, that is initialized once.
> 
>>> Or is there anything else?
>>
>> There was also the question of whether to guard the allocation, to avoid a
>> de-generate xmalloc_array() of zero size. Yet in the interest of avoiding
>> not strictly necessary conditionals, that may well want to remain as is.
> 
> True, nr_altp2m would mean zero-sized allocation, as p2m_init_altp2m
> is called unconditionally (when booted with altp2m=1). Is it a
> problem, though?

Not a significant one. Initially I thought this would end up being a non-
zero-size allocation, which we might like to avoid. But as it's a zero-
size one, I think that's okay to leave as is.

Jan

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.