[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Device model operation hypercall (DMOP, re qemu depriv)

To: "Jennifer Herbert" <Jennifer.Herbert@xxxxxxxxxx>
From: "Jan Beulich" <JBeulich@xxxxxxxx>
Date: Mon, 12 Sep 2016 08:32:09 -0600
Cc: StefanoStabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wei.liu2@xxxxxxxxxx>, George Dunlap <George.Dunlap@xxxxxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Ian Jackson <ian.jackson@xxxxxxxxxxxxx>, Tim Deegan <tim@xxxxxxx>, David Vrabel <david.vrabel@xxxxxxxxxx>, Anthony Perard <anthony.perard@xxxxxxxxxx>, xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, dgdegra@xxxxxxxxxxxxx
Delivery-date: Mon, 12 Sep 2016 14:32:19 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

>>> On 09.09.16 at 17:16, <Jennifer.Herbert@xxxxxxxxxx> wrote:
> The following code illustrates this idea:
> 
> typedef struct dm_op_buffer {
>      XEN_GUEST_HANDLE(void) h;
>      size_t len;
> } dm_op_buffer_t;

This implies that we'll lose all type safety on the handles passed, as
is also emphasized by the use of raw_copy_from_guest() in the code
outline further down.

> int
> HYPERVISOR_device_model_op(
>      domid_t domid,
>      unsigned int nr_buffers,
>      XEN_GUEST_HANDLE_PARAM(dm_op_buffer_t) buffers)

Along the same lines this will add implicit agreements (presumably
solely written out as comments, or maybe via manifest constants)
about which element of the buffer array has which meaning, quite
contrary to the otherwise enforced agreement (through use of
structure fields).

> int copy_dm_buffer_from_guest(
>      void *dst,                        /* Kernel destination buffer      */
>      size_t max_len,                   /* Size of destination buffer     */
>      XEN_GUEST_HANDLE_PARAM(dm_op_buffer_t) buffers,
>                                        /* dm_op_buffers passed into DMOP */
>      unsigned int nr_buffers,          /* total number of dm_op_buffers  */
>      unsigned int idx)                 /* Index of buffer we require     */

Looking at other hypercalls, it is not uncommon that arrays get
read element by element. While of course this function can be
extended suitably (perhaps with additional macro wrappers to
deal with the base types of such arrays), it will then become more
cumbersome to use, extending the "Minor stylistic issue" mentioned
in the disadvantages section further down.

Jan

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel

Follow-Ups:
- Re: [Xen-devel] Device model operation hypercall (DMOP, re qemu depriv)
  - From: David Vrabel
- Re: [Xen-devel] Device model operation hypercall (DMOP, re qemu depriv)
  - From: George Dunlap

References:
- Re: [Xen-devel] Device model operation hypercall (DMOP, re qemu depriv)
  - From: Jennifer Herbert

Prev by Date: Re: [Xen-devel] [RFC] x86/vm_event: Allow returning i-cache for emulation
Next by Date: Re: [Xen-devel] [RFC] x86/vm_event: Allow returning i-cache for emulation
Previous by thread: Re: [Xen-devel] Device model operation hypercall (DMOP, re qemu depriv)
Next by thread: Re: [Xen-devel] Device model operation hypercall (DMOP, re qemu depriv)
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.