[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[xen master] xen/grant: Purge PIN_FAIL()



commit 1512a68721620338daf477bf717d23befbb4faf5
Author:     Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
AuthorDate: Tue Jun 13 17:25:42 2023 +0100
Commit:     Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
CommitDate: Thu Jun 15 10:51:57 2023 +0100

    xen/grant: Purge PIN_FAIL()
    
    The name PIN_FAIL() is poor; it's not used only for pinning failures.  More
    importantly, it interferes with code legibility by hiding control flow.
    Expand and drop it.
    
     * Drop redundant "rc = rc" assignment
     * Rework gnttab_copy_buf() to be simpler by dropping the rc variable
    
    As a side effect, this fixes several violations of MISRA rule 2.1 (dead 
code -
    the while() following a goto).
    
    No functional change.
    
    Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
    Reviewed-by: Julien Grall <jgrall@xxxxxxxxxx>
    Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx>
---
 xen/common/grant_table.c | 154 ++++++++++++++++++++++++++++++++++-------------
 1 file changed, 111 insertions(+), 43 deletions(-)

diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c
index d87e58a53d..89b7811c51 100644
--- a/xen/common/grant_table.c
+++ b/xen/common/grant_table.c
@@ -270,13 +270,6 @@ struct gnttab_unmap_common {
 #define GNTTAB_UNMAP_BATCH_SIZE 32
 
 
-#define PIN_FAIL(_lbl, _rc, _f, _a...)          \
-    do {                                        \
-        gdprintk(XENLOG_WARNING, _f, ## _a );   \
-        rc = (_rc);                             \
-        goto _lbl;                              \
-    } while ( 0 )
-
 /*
  * Tracks a mapping of another domain's grant reference. Each domain has a
  * table of these, indexes into which are returned as a 'mapping handle'.
@@ -785,9 +778,13 @@ static int _set_status_v1(const grant_entry_header_t *shah,
         /* If not already pinned, check the grant domid and type. */
         if ( !act->pin && (((scombo.flags & mask) != GTF_permit_access) ||
                            (scombo.domid != ldomid)) )
-            PIN_FAIL(done, GNTST_general_error,
+        {
+            gdprintk(XENLOG_WARNING,
                      "Bad flags (%x) or dom (%d); expected d%d\n",
                      scombo.flags, scombo.domid, ldomid);
+            rc = GNTST_general_error;
+            goto done;
+        }
 
         new = scombo;
         new.flags |= GTF_reading;
@@ -796,8 +793,12 @@ static int _set_status_v1(const grant_entry_header_t *shah,
         {
             new.flags |= GTF_writing;
             if ( unlikely(scombo.flags & GTF_readonly) )
-                PIN_FAIL(done, GNTST_general_error,
+            {
+                gdprintk(XENLOG_WARNING,
                          "Attempt to write-pin a r/o grant entry\n");
+                rc = GNTST_general_error;
+                goto done;
+            }
         }
 
         prev.raw = guest_cmpxchg(rd, raw_shah, scombo.raw, new.raw);
@@ -805,8 +806,11 @@ static int _set_status_v1(const grant_entry_header_t *shah,
             break;
 
         if ( retries++ == 4 )
-            PIN_FAIL(done, GNTST_general_error,
-                     "Shared grant entry is unstable\n");
+        {
+            gdprintk(XENLOG_WARNING, "Shared grant entry is unstable\n");
+            rc = GNTST_general_error;
+            goto done;
+        }
 
         scombo = prev;
     }
@@ -840,9 +844,13 @@ static int _set_status_v2(const grant_entry_header_t *shah,
          ((((scombo.flags & mask) != GTF_permit_access) &&
            (mapflag || ((scombo.flags & mask) != GTF_transitive))) ||
           (scombo.domid != ldomid)) )
-        PIN_FAIL(done, GNTST_general_error,
+    {
+        gdprintk(XENLOG_WARNING,
                  "Bad flags (%x) or dom (%d); expected d%d, flags %x\n",
                  scombo.flags, scombo.domid, ldomid, mask);
+        rc = GNTST_general_error;
+        goto done;
+    }
 
     if ( readonly )
     {
@@ -851,8 +859,12 @@ static int _set_status_v2(const grant_entry_header_t *shah,
     else
     {
         if ( unlikely(scombo.flags & GTF_readonly) )
-            PIN_FAIL(done, GNTST_general_error,
+        {
+            gdprintk(XENLOG_WARNING,
                      "Attempt to write-pin a r/o grant entry\n");
+            rc = GNTST_general_error;
+            goto done;
+        }
         *status |= GTF_reading | GTF_writing;
     }
 
@@ -870,9 +882,11 @@ static int _set_status_v2(const grant_entry_header_t *shah,
              (!readonly && (scombo.flags & GTF_readonly)) )
         {
             gnttab_clear_flags(rd, GTF_writing | GTF_reading, status);
-            PIN_FAIL(done, GNTST_general_error,
+            gdprintk(XENLOG_WARNING,
                      "Unstable flags (%x) or dom (%d); expected d%d (r/w: 
%d)\n",
                      scombo.flags, scombo.domid, ldomid, !readonly);
+            rc = GNTST_general_error;
+            goto done;
         }
     }
     else
@@ -880,8 +894,9 @@ static int _set_status_v2(const grant_entry_header_t *shah,
         if ( unlikely(scombo.flags & GTF_readonly) )
         {
             gnttab_clear_flags(rd, GTF_writing, status);
-            PIN_FAIL(done, GNTST_general_error,
-                     "Unstable grant readonly flag\n");
+            gdprintk(XENLOG_WARNING, "Unstable grant readonly flag\n");
+            rc = GNTST_general_error;
+            goto done;
         }
     }
 
@@ -1050,8 +1065,12 @@ map_grant_ref(
     /* Bounds check on the grant ref */
     ref = op->ref;
     if ( unlikely(ref >= nr_grant_entries(rgt)))
-        PIN_FAIL(unlock_out, GNTST_bad_gntref, "Bad ref %#x for d%d\n",
+    {
+        gdprintk(XENLOG_WARNING, "Bad ref %#x for d%d\n",
                  ref, rgt->domain->domain_id);
+        rc = GNTST_bad_gntref;
+        goto unlock_out;
+    }
 
     /* This call also ensures the above check cannot be passed speculatively */
     shah = shared_entry_header(rgt, ref);
@@ -1062,9 +1081,13 @@ map_grant_ref(
          ((act->domid != ld->domain_id) ||
           (act->pin & GNTPIN_incr2oflow_mask(pin_incr)) ||
           (act->is_sub_page)) )
-        PIN_FAIL(act_release_out, GNTST_general_error,
+    {
+        gdprintk(XENLOG_WARNING,
                  "Bad domain (%d != %d), or risk of counter overflow %08x, or 
subpage %d\n",
                  act->domid, ld->domain_id, act->pin, act->is_sub_page);
+        rc = GNTST_general_error;
+        goto act_release_out;
+    }
 
     /* Make sure we do not access memory speculatively */
     status = evaluate_nospec(rgt->gt_version == 1) ? &shah->flags
@@ -1465,9 +1488,13 @@ unmap_common(
 
     if ( op->dev_bus_addr && (flags & GNTMAP_device_map) &&
          unlikely(op->dev_bus_addr != mfn_to_maddr(act->mfn)) )
-        PIN_FAIL(act_release_out, GNTST_bad_dev_addr,
+    {
+        gdprintk(XENLOG_WARNING,
                  "Bus address doesn't match gntref (%"PRIx64" != 
%"PRIpaddr")\n",
                  op->dev_bus_addr, mfn_to_maddr(act->mfn));
+        rc = GNTST_bad_dev_addr;
+        goto act_release_out;
+    }
 
     if ( op->host_addr && (flags & GNTMAP_host_map) )
     {
@@ -2560,8 +2587,11 @@ acquire_grant_for_copy(
     grant_read_lock(rgt);
 
     if ( unlikely(gref >= nr_grant_entries(rgt)) )
-        PIN_FAIL(gt_unlock_out, GNTST_bad_gntref,
-                 "Bad grant reference %#x\n", gref);
+    {
+        gdprintk(XENLOG_WARNING, "Bad grant reference %#x\n", gref);
+        rc = GNTST_bad_gntref;
+        goto gt_unlock_out;
+    }
 
     /* This call also ensures the above check cannot be passed speculatively */
     shah = shared_entry_header(rgt, gref);
@@ -2571,9 +2601,13 @@ acquire_grant_for_copy(
     if ( act->pin &&
          ((act->domid != ldom) ||
           (act->pin & GNTPIN_incr2oflow_mask(pin_incr))) )
-        PIN_FAIL(unlock_out, GNTST_general_error,
+    {
+        gdprintk(XENLOG_WARNING,
                  "Bad domain (%d != %d), or risk of counter overflow %08x\n",
                  act->domid, ldom, act->pin);
+        rc = GNTST_general_error;
+        goto unlock_out;
+    }
 
     if ( evaluate_nospec(rgt->gt_version == 1) )
     {
@@ -2596,16 +2630,24 @@ acquire_grant_for_copy(
             goto unlock_out;
 
         if ( !allow_transitive )
-            PIN_FAIL(unlock_out_clear, GNTST_general_error,
+        {
+            gdprintk(XENLOG_WARNING,
                      "transitive grant when transitivity not allowed\n");
+            rc = GNTST_general_error;
+            goto unlock_out_clear;
+        }
 
         trans_domid = sha2->transitive.trans_domid;
         trans_gref = sha2->transitive.gref;
         barrier(); /* Stop the compiler from re-loading
                       trans_domid from shared memory */
         if ( trans_domid == rd->domain_id )
-            PIN_FAIL(unlock_out_clear, GNTST_general_error,
+        {
+            gdprintk(XENLOG_WARNING,
                      "transitive grants cannot be self-referential\n");
+            rc = GNTST_general_error;
+            goto unlock_out_clear;
+        }
 
         /*
          * We allow the trans_domid == ldom case, which corresponds to a
@@ -2618,9 +2660,13 @@ acquire_grant_for_copy(
         /* We need to leave the rrd locked during the grant copy. */
         td = rcu_lock_domain_by_id(trans_domid);
         if ( td == NULL )
-            PIN_FAIL(unlock_out_clear, GNTST_general_error,
+        {
+            gdprintk(XENLOG_WARNING,
                      "transitive grant referenced bad domain %d\n",
                      trans_domid);
+            rc = GNTST_general_error;
+            goto unlock_out_clear;
+        }
 
         /*
          * acquire_grant_for_copy() will take the lock on the remote table,
@@ -2928,8 +2974,11 @@ static int gnttab_copy_claim_buf(const struct 
gnttab_copy *op,
         rc = get_paged_frame(ptr->u.gmfn, &buf->mfn, &buf->page,
                              buf->read_only, buf->domain);
         if ( rc != GNTST_okay )
-            PIN_FAIL(out, rc,
+        {
+            gdprintk(XENLOG_WARNING,
                      "source frame %"PRI_xen_pfn" invalid\n", ptr->u.gmfn);
+            goto out;
+        }
 
         buf->ptr.u.gmfn = ptr->u.gmfn;
         buf->ptr.offset = 0;
@@ -2972,25 +3021,29 @@ static int gnttab_copy_buf(const struct gnttab_copy *op,
                            struct gnttab_copy_buf *dest,
                            const struct gnttab_copy_buf *src)
 {
-    int rc;
-
     if ( ((op->source.offset + op->len) > PAGE_SIZE) ||
          ((op->dest.offset + op->len) > PAGE_SIZE) )
-        PIN_FAIL(out, GNTST_bad_copy_arg, "copy beyond page area\n");
+    {
+        gdprintk(XENLOG_WARNING, "copy beyond page area\n");
+        return GNTST_bad_copy_arg;
+    }
 
     if ( op->source.offset < src->ptr.offset ||
          op->source.offset + op->len > src->ptr.offset + src->len )
-        PIN_FAIL(out, GNTST_general_error,
+    {
+        gdprintk(XENLOG_WARNING,
                  "copy source out of bounds: %d < %d || %d > %d\n",
-                 op->source.offset, src->ptr.offset,
-                 op->len, src->len);
+                 op->source.offset, src->ptr.offset, op->len, src->len);
+        return GNTST_general_error;
+    }
 
     if ( op->dest.offset < dest->ptr.offset ||
          op->dest.offset + op->len > dest->ptr.offset + dest->len )
-        PIN_FAIL(out, GNTST_general_error,
-                 "copy dest out of bounds: %d < %d || %d > %d\n",
-                 op->dest.offset, dest->ptr.offset,
-                 op->len, dest->len);
+    {
+        gdprintk(XENLOG_WARNING, "copy dest out of bounds: %d < %d || %d > 
%d\n",
+                 op->dest.offset, dest->ptr.offset, op->len, dest->len);
+        return GNTST_general_error;
+    }
 
     /* Make sure the above checks are not bypassed speculatively */
     block_speculation();
@@ -2998,9 +3051,8 @@ static int gnttab_copy_buf(const struct gnttab_copy *op,
     memcpy(dest->virt + op->dest.offset, src->virt + op->source.offset,
            op->len);
     gnttab_mark_dirty(dest->domain, dest->mfn);
-    rc = GNTST_okay;
- out:
-    return rc;
+
+    return GNTST_okay;
 }
 
 static int gnttab_copy_one(const struct gnttab_copy *op,
@@ -3373,9 +3425,17 @@ swap_grant_ref(grant_ref_t ref_a, grant_ref_t ref_b)
 
     /* Bounds check on the grant refs */
     if ( unlikely(ref_a >= nr_grant_entries(d->grant_table)))
-        PIN_FAIL(out, GNTST_bad_gntref, "Bad ref-a %#x\n", ref_a);
+    {
+        gdprintk(XENLOG_WARNING, "Bad ref-a %#x\n", ref_a);
+        rc = GNTST_bad_gntref;
+        goto out;
+    }
     if ( unlikely(ref_b >= nr_grant_entries(d->grant_table)))
-        PIN_FAIL(out, GNTST_bad_gntref, "Bad ref-b %#x\n", ref_b);
+    {
+        gdprintk(XENLOG_WARNING, "Bad ref-b %#x\n", ref_b);
+        rc = GNTST_bad_gntref;
+        goto out;
+    }
 
     /* Make sure the above checks are not bypassed speculatively */
     block_speculation();
@@ -3386,11 +3446,19 @@ swap_grant_ref(grant_ref_t ref_a, grant_ref_t ref_b)
 
     act_a = active_entry_acquire(gt, ref_a);
     if ( act_a->pin )
-        PIN_FAIL(out, GNTST_eagain, "ref a %#x busy\n", ref_a);
+    {
+        gdprintk(XENLOG_WARNING, "ref a %#x busy\n", ref_a);
+        rc = GNTST_eagain;
+        goto out;
+    }
 
     act_b = active_entry_acquire(gt, ref_b);
     if ( act_b->pin )
-        PIN_FAIL(out, GNTST_eagain, "ref b %#x busy\n", ref_b);
+    {
+        gdprintk(XENLOG_WARNING, "ref b %#x busy\n", ref_b);
+        rc = GNTST_eagain;
+        goto out;
+    }
 
     if ( evaluate_nospec(gt->gt_version == 1) )
     {
--
generated by git-patchbot for /home/xen/git/xen.git#master



 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.