[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v9 6/6] x86/boot: add cmdline to struct boot_domain

  • To: Jason Andryuk <jason.andryuk@xxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx
  • From: "Daniel P. Smith" <dpsmith@xxxxxxxxxxxxxxxxxxxx>
  • Date: Wed, 20 Nov 2024 12:57:00 -0500
  • Arc-authentication-results: i=1; mx.zohomail.com; dkim=pass header.i=apertussolutions.com; spf=pass smtp.mailfrom=dpsmith@xxxxxxxxxxxxxxxxxxxx; dmarc=pass header.from=<dpsmith@xxxxxxxxxxxxxxxxxxxx>
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1732125425; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:Subject:To:To:Message-Id:Reply-To; bh=kQ6olA6ycDUzdknzdvQsYS8zfK6eHIl7YvgFnBXveHY=; b=Pp30L4s300zeUewWWxThJ83EduLrvbbPJc3QYe5Hha4q7UR+7ZzJmFttizdQFy+25ftQmBuXsXYxlrsqGtJxnKJPrECbf+pqiSgIiUUhOqSMahhN5p9ENXm9wAz7MZmBP1FE5xdRq8pl+BxuJEwraXI6xu3ITyld5mX9O1eDbhA=
  • Arc-seal: i=1; a=rsa-sha256; t=1732125425; cv=none; d=zohomail.com; s=zohoarc; b=Jj6ciEEQvTe9I2GHJHYET/y3s93c7LOTJw9Fyp3HJK5eDoFIYzMiMMcIMS2HOoJdZZMsEiecNAXiDOfxEAHqFwdTyihxSpNDh06DJM1SUVbzExkse7fcru7+Wgt1TOjZ9MSdxTiFT/1cNwEEMP7hQh6CgP5JUYmG4aEf4xiY424=
  • Cc: christopher.w.clark@xxxxxxxxx, stefano.stabellini@xxxxxxx, Jan Beulich <jbeulich@xxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>
  • Delivery-date: Wed, 20 Nov 2024 17:57:40 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 11/15/24 13:20, Jason Andryuk wrote:

On 2024-11-15 08:12, Daniel P. Smith wrote:
Add a container for the "cooked" command line for a domain. This provides for the backing memory to be directly associated with the domain being constructed. This is done in anticipation that the domain construction path may need to be 
invoked multiple times, thus ensuring each instance had a distinct memory
allocation.

Signed-off-by: Daniel P. Smith <dpsmith@xxxxxxxxxxxxxxxxxxxx>




diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c
index 533a1e2bbe05..b9ca9c486fe5 100644
--- a/xen/arch/x86/setup.c
+++ b/xen/arch/x86/setup.c
@@ -963,10 +963,31 @@ static unsigned int __init copy_bios_e820(struct e820entry *map, unsigned int li 
      return n;
  }
-static struct domain *__init create_dom0(struct boot_info *bi)
+static size_t __init domain_cmdline_size(
+    struct boot_info *bi, struct boot_domain *bd)
  {
-    static char __initdata cmdline[MAX_GUEST_CMDLINE];
+    size_t s = 0;
+
+    s += bi->kextra ? strlen(bi->kextra) : 0;
+    s += bd->kernel->cmdline_pa ? strlen(__va(bd->kernel- >cmdline_pa)) : 0; 
+    /* Should only be called if one of extra or cmdline_pa are valid */
+    ASSERT(s > 0);
+
+    /*
+     * Add additional space for the following cases:
+     *  - 7 chars for " noapic"
+     *  - 13 chars for longest acpi opiton, " acpi=verbose"


option


+     *  - 1 char to hold \0
+     */
+    s += 7 + 13 + 1;
Seems a little fragile.  Sizing but also depending on code elsewhere. Interesting - "verbose" wouldn't actually get updated into acpi_param. Anyway, using sizeof(acpi_param) seems better.  Maybe:
        s += strlen(" noapic") + strlen(" acpi=") + sizeof(acpi_param) + 1;
True, the strlen() is more reasonable and self documenting. Yes, I overlooked the return in the option parser that would not copy verbose, plus sizeof(acpi_param) will ensure adequate spacing. 


+
+    return s;
+}
+
+static struct domain *__init create_dom0(struct boot_info *bi)
+{
+    char *cmdline = NULL;
      struct xen_domctl_createdomain dom0_cfg = {
          .flags = IS_ENABLED(CONFIG_TBOOT) ? XEN_DOMCTL_CDF_s3_integrity : 0, 
          .max_evtchn_port = -1,
@@ -1008,17 +1029,23 @@ static struct domain *__init create_dom0(struct boot_info *bi) 
      /* Grab the DOM0 command line. */
      if ( bd->kernel->cmdline_pa || bi->kextra )


 From your other email, since you don't need the length, just non-zero:

     if ( (bd->kernel->cmdline_pa && __va(bd->kernel->cmdline_pa)[0]) ||
           bi->kextra )


Ack.


      {
+        size_t cmdline_size = domain_cmdline_size(bi, bd);
+
+        if ( !(cmdline = xzalloc_array(char, cmdline_size)) )


Just xmalloc_array since it'll be overwritten immediately?
Yes and no, the concern I was worried about is that the allocation may end up being slight bigger than what is copied in to the buffer. If we do not zero the buffer, then those trailing bytes will have random data in them. In a perfect world, nothing should ever reach those bytes based on the current usage of the buffer. But from my perspective, it would be safer to zero the buffer than rely on the world being perfect. I am not fixed on not switching, just providing my 2 cents, 


+            panic("Error allocating cmdline buffer for %pd\n", d);
+
          if ( bd->kernel->cmdline_pa )
-            safe_strcpy(cmdline,
-                        cmdline_cook(__va(bd->kernel->cmdline_pa), bi->loader)); 
+            strlcpy(cmdline,
+                    cmdline_cook(__va(bd->kernel->cmdline_pa),bi- >loader), 
+                    cmdline_size);
          if ( bi->kextra )
              /* kextra always includes exactly one leading space. */
-            safe_strcat(cmdline, bi->kextra);
+            strlcat(cmdline, bi->kextra, cmdline_size);
          /* Append any extra parameters. */
          if ( skip_ioapic_setup && !strstr(cmdline, "noapic") )
-            safe_strcat(cmdline, " noapic");
+            strlcat(cmdline, " noapic", cmdline_size);
          if ( (strlen(acpi_param) == 0) && acpi_disabled )
          {
@@ -1028,17 +1055,21 @@ static struct domain *__init create_dom0(struct boot_info *bi) 
          if ( (strlen(acpi_param) != 0) && !strstr(cmdline, "acpi=") )
          {
-            safe_strcat(cmdline, " acpi=");
-            safe_strcat(cmdline, acpi_param);
+            strlcat(cmdline, " acpi=", cmdline_size);
+            strlcat(cmdline, acpi_param, cmdline_size);
          }
-        bd->kernel->cmdline_pa = __pa(cmdline);
+        bd->cmdline = cmdline;
+        bd->kernel->cmdline_pa = __pa(bd->cmdline);


Should cmdline_pa go away if we now have a valid cmdline variable?
In the PVH dom0 case, we are still relying on cmdline_pa as the reference to get at the command line in the function pvh_load_kernel(). With the introduction of cmdline to boot_domain, I could convert the interface of pvh_load_kernel() to take the boot_domain instance, removing the need to update cmdline_pa. Not sure if you were asking this, but as for cmdline_pa going completely away, that is not possible. First the sequence of events do not allow it, and there is an one-off case for PVH dom0 where the cmdline_pa of the initrd module is copied into the domain. 

v/r,
dps

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.