From: "Sahita, Ravi" <ravi.sahita@intel.com>
To: Jan Beulich <JBeulich@suse.com>
Cc: Tim Deegan <tim@xen.org>, "Sahita, Ravi" <ravi.sahita@intel.com>,
Wei Liu <wei.liu2@citrix.com>,
George Dunlap <george.dunlap@eu.citrix.com>,
Andrew Cooper <andrew.cooper3@citrix.com>,
Ian Jackson <ian.jackson@eu.citrix.com>,
"White, Edmund H" <edmund.h.white@intel.com>,
"xen-devel@lists.xen.org" <xen-devel@lists.xen.org>,
"tlengyel@novetta.com" <tlengyel@novetta.com>,
Daniel De Graaf <dgdegra@tycho.nsa.gov>
Subject: Re: [PATCH v5 05/15] x86/altp2m: basic data structures and support routines.
Date: Fri, 17 Jul 2015 22:36:42 +0000 [thread overview]
Message-ID: <DBC12B0F5509554280826E40BCDEE8BE54FD9252@ORSMSX104.amr.corp.intel.com> (raw)
In-Reply-To: <55A790760200007800091BDD@mail.emea.novell.com>
>From: Jan Beulich [mailto:JBeulich@suse.com]
>Sent: Thursday, July 16, 2015 2:08 AM
>
>>>> On 16.07.15 at 10:57, <ravi.sahita@intel.com> wrote:
>>> From: Jan Beulich [mailto:JBeulich@suse.com]
>>>Sent: Tuesday, July 14, 2015 6:13 AM
>>>>>> On 14.07.15 at 02:14, <edmund.h.white@intel.com> wrote:
>>>> @@ -722,6 +731,27 @@ void nestedp2m_write_p2m_entry(struct
>>>p2m_domain *p2m, unsigned long gfn,
>>>> l1_pgentry_t *p, l1_pgentry_t new, unsigned int level);
>>>>
>>>> /*
>>>> + * Alternate p2m: shadow p2m tables used for alternate memory views
>>>> + */
>>>> +
>>>> +/* get current alternate p2m table */ static inline struct
>>>> +p2m_domain *p2m_get_altp2m(struct vcpu *v) {
>>>> + struct domain *d = v->domain;
>>>> + uint16_t index = vcpu_altp2m(v).p2midx;
>>>> +
>>>> + ASSERT(index < MAX_ALTP2M);
>>>> +
>>>> + return (index == INVALID_ALTP2M) ? NULL :
>>>> +d->arch.altp2m_p2m[index]; }
>>>
>>>Looking at this again, I'm afraid I'd still prefer index < MAX_ALTP2M
>>>in the return statement (and the ASSERT() dropped): The ASSERT() does
>>>nothing in a debug=n build, and hence wouldn't shield us from possibly
>>>having to issue an XSA if somehow an access outside the array's bounds
>turned out possible.
>>>
>>
>> the assert was breaking v5 anyway. BUG_ON (with the right check) is
>> probably the right thing to do, as we do in the exit handling that
>> checks for a VMFUNC having changed the index.
>> So will make that change.
>
>But why use a BUG_ON() when you can deal with this more gracefully? Please
>try to avoid crashing the hypervisor when there are other ways to recover.
>
So in this case there isnt a graceful fallback; this case can happen only if there is a bug in the hypervisor - which should be reported via the BUG_ON.
>>>I've also avoided to repeat any of the un-addressed points that I
>>>raised
>> against
>>>earlier versions.
>>>
>>
>> I went back and looked at the earlier versions of the comments on this
>> patch and afaict we have either addressed (accepted) those points or
>> described why they shouldn't cause changes with reasoning . so if I
>> missed something please let me know.
>
>Just one example of what wasn't done is the conversion of local variable,
>function return, and function parameter types from
>(bogus) uint8_t / uint16_t to unsigned int (iirc also in other patches).
Working through these as best as can (treating it as Category 4)
Thanks,
Ravi
>
>Jan
next prev parent reply other threads:[~2015-07-17 22:36 UTC|newest]
Thread overview: 56+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-07-14 0:14 [PATCH v5 00/15] Alternate p2m: support multiple copies of host p2m Ed White
2015-07-14 0:14 ` [PATCH v5 01/15] common/domain: Helpers to pause a domain while in context Ed White
2015-07-14 0:14 ` [PATCH v5 02/15] VMX: VMFUNC and #VE definitions and detection Ed White
2015-07-14 0:14 ` [PATCH v5 03/15] VMX: implement suppress #VE Ed White
2015-07-14 12:46 ` Jan Beulich
2015-07-14 13:47 ` George Dunlap
2015-07-14 0:14 ` [PATCH v5 04/15] x86/HVM: Hardware alternate p2m support detection Ed White
2015-07-14 0:14 ` [PATCH v5 05/15] x86/altp2m: basic data structures and support routines Ed White
2015-07-14 13:13 ` Jan Beulich
2015-07-14 14:45 ` George Dunlap
2015-07-14 14:58 ` Jan Beulich
2015-07-16 8:57 ` Sahita, Ravi
2015-07-16 9:07 ` Jan Beulich
2015-07-17 22:36 ` Sahita, Ravi [this message]
2015-07-20 6:20 ` Jan Beulich
2015-07-21 5:18 ` Sahita, Ravi
2015-07-14 15:57 ` George Dunlap
2015-07-21 17:44 ` Sahita, Ravi
2015-07-14 0:14 ` [PATCH v5 06/15] VMX/altp2m: add code to support EPTP switching and #VE Ed White
2015-07-14 13:57 ` Jan Beulich
2015-07-16 9:20 ` Sahita, Ravi
2015-07-16 9:38 ` Jan Beulich
2015-07-17 21:08 ` Sahita, Ravi
2015-07-20 6:21 ` Jan Beulich
2015-07-21 5:49 ` Sahita, Ravi
2015-07-14 0:14 ` [PATCH v5 07/15] VMX: add VMFUNC leaf 0 (EPTP switching) to emulator Ed White
2015-07-14 14:04 ` Jan Beulich
2015-07-14 17:56 ` Sahita, Ravi
2015-07-17 22:41 ` Sahita, Ravi
2015-07-14 0:14 ` [PATCH v5 08/15] x86/altp2m: add control of suppress_ve Ed White
2015-07-14 17:03 ` George Dunlap
2015-07-14 0:14 ` [PATCH v5 09/15] x86/altp2m: alternate p2m memory events Ed White
2015-07-14 14:08 ` Jan Beulich
2015-07-16 9:22 ` Sahita, Ravi
2015-07-14 0:14 ` [PATCH v5 10/15] x86/altp2m: add remaining support routines Ed White
2015-07-14 14:31 ` Jan Beulich
2015-07-16 9:16 ` Sahita, Ravi
2015-07-16 9:34 ` Jan Beulich
2015-07-17 22:32 ` Sahita, Ravi
2015-07-20 6:53 ` Jan Beulich
2015-07-21 5:46 ` Sahita, Ravi
2015-07-21 6:38 ` Jan Beulich
2015-07-21 18:33 ` Sahita, Ravi
2015-07-22 7:33 ` Jan Beulich
2015-07-16 14:44 ` George Dunlap
2015-07-17 21:01 ` Sahita, Ravi
2015-07-14 0:14 ` [PATCH v5 11/15] x86/altp2m: define and implement alternate p2m HVMOP types Ed White
2015-07-14 14:36 ` Jan Beulich
2015-07-16 9:02 ` Sahita, Ravi
2015-07-16 9:09 ` Jan Beulich
2015-07-14 0:15 ` [PATCH v5 12/15] x86/altp2m: Add altp2mhvm HVM domain parameter Ed White
2015-07-14 0:15 ` [PATCH v5 13/15] x86/altp2m: XSM hooks for altp2m HVM ops Ed White
2015-07-14 0:15 ` [PATCH v5 14/15] tools/libxc: add support to altp2m hvmops Ed White
2015-07-14 0:15 ` [PATCH v5 15/15] tools/xen-access: altp2m testcases Ed White
2015-07-14 9:56 ` Wei Liu
2015-07-14 11:52 ` Lengyel, Tamas
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=DBC12B0F5509554280826E40BCDEE8BE54FD9252@ORSMSX104.amr.corp.intel.com \
--to=ravi.sahita@intel.com \
--cc=JBeulich@suse.com \
--cc=andrew.cooper3@citrix.com \
--cc=dgdegra@tycho.nsa.gov \
--cc=edmund.h.white@intel.com \
--cc=george.dunlap@eu.citrix.com \
--cc=ian.jackson@eu.citrix.com \
--cc=tim@xen.org \
--cc=tlengyel@novetta.com \
--cc=wei.liu2@citrix.com \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.