[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v2] dm_op: Add xendevicemodel_modified_memory_bulk.



>>> On 23.03.17 at 15:54, <Jennifer.Herbert@xxxxxxxxxx> wrote:
> On 23/03/17 08:35, Jan Beulich wrote:
>>>>> On 22.03.17 at 20:55, <Jennifer.Herbert@xxxxxxxxxx> wrote:
>>>>> --- a/xen/arch/x86/hvm/dm.c
>>>>> +++ b/xen/arch/x86/hvm/dm.c
>>>>> @@ -119,56 +119,89 @@ static int set_isa_irq_level(struct domain *d, 
>>>>> uint8_t 
> isa_irq,
>>>>>    }
>>>>>    
>>>>>    static int modified_memory(struct domain *d,
>>>>> -                           struct xen_dm_op_modified_memory *data)
>>>>> +                           struct xen_dm_op_modified_memory *header,
>>>>> +                           xen_dm_op_buf_t* buf)
>>>>>    {
>>>>> -    xen_pfn_t last_pfn = data->first_pfn + data->nr - 1;
>>>>> -    unsigned int iter = 0;
>>>>> +    /* Process maximum of 256 pfns before checking for continuation */
>>>>> +    const unsigned int cont_check_interval = 0xff;
>>>> Iirc the question was asked on v1 already: 256 (as the comment
>>>> says) or 255 (as the value enforces)?
>>> aw shucks!  I had it as 255, and Paul said "255 or 256?" and I changed
>>> it to 256, without thinking, assuming an off by one error, and that he
>>> was right.  But, with a seconds thought, it should be 255, and Paul  was
>>> actually referring to a comment later in the code, which was 256.
>> Yet batches of 256 would seem a little more "usual".
> 
> Ok, I can set cont_check_interval = 0x100; and leave the comment as 256.
> 
>>>>> --- a/xen/include/public/hvm/dm_op.h
>>>>> +++ b/xen/include/public/hvm/dm_op.h
>>>>> @@ -237,13 +237,24 @@ struct xen_dm_op_set_pci_link_route {
>>>>>     * XEN_DMOP_modified_memory: Notify that a set of pages were modified 
>>>>> by
>>>>>     *                           an emulator.
>>>>>     *
>>>>> - * NOTE: In the event of a continuation, the @first_pfn is set to the
>>>>> - *       value of the pfn of the remaining set of pages and @nr reduced
>>>>> - *       to the size of the remaining set.
>>>>> + * DMOP buf 1 contains an array of xen_dm_op_modified_memory_extent with
>>>>> + * @nr_extent entries.  The value of  @nr_extent will be reduced on
>>>>> + *  continuation.
>>>>> + *
>>>>> + * @pfns_processed is used for continuation, and not intended to be 
>>>>> usefull
>>>>> + * to the caller.  It gives the number of pfns already processed (and can
>>>>> + * be skipped) in the last extent. This should always be set to zero.
>>>>>     */
>>>>>    #define XEN_DMOP_modified_memory 11
>>>>>    
>>>>>    struct xen_dm_op_modified_memory {
>>>>> +    /* IN - number of extents. */
>>>>> +    uint32_t nr_extents;
>>>>> +    /* IN - should be set to 0, and is updated on continuation. */
>>>>> +    uint32_t pfns_processed;
>>>> I'd prefer if the field (if to be kept) wasn't named after its current
>>>> purpose, nor should we state anything beyond it needing to be
>>>> zero when first invoking the call. These are implementation details
>>>> which callers should not rely on.
>>> Assuming we keep it, how about calling it "reserved", with a comment in
>>> dm.c explaining what its actually for?
>> Elsewhere we use "opaque", but "reserved" is probably fine too.
>> However, we may want to name it as an OUT value, for the
>> error-on-extent indication mentioned above (of course another
>> option would be to make nr_extent IN/OUT). As an OUT, we're
>> free to use it for whatever intermediate value, just so long as
>> upon final return to the caller it has the intended value. (It's
>> debatable whether it should be IN/OUT, due to the need for it
>> to be set to zero.)
> 
> Having an indication of which extent failed seem a sensible idea. We'd 
> need that
> parameter to be initially set to something that can represent none of 
> the extents,
> such that if there is an error before we get to precessing the extents, 
> this is clear.

I don't think this is a requirement - failure outside of any extent
processing can reasonably be attached to the first extent. The
more that the actual processing of the extent (after reading the
coordinates from guest memory) can't actually fail. With that
observation I'm in fact no longer convinced we really need such
an indication - I simply didn't pay attention to this aspect when
first suggesting it. The more that your backwards processing
would invalidate a common conclusion a caller might draw: Error
on extent N means all extents lower than N were processed
successfully.

So if you wanted to stick to providing this information I'd say
use the opaque (or whatever it's going to be named) field to
provide that status. Switch back to processing extents forwards,
having the opaque field starting out as zero point to the first
extent as the failed one initially. Initial processing during
continuation handling can't fail unless the caller has fiddled with
the hypercall arguments, so I wouldn't see anything wrong with
not providing a reliable error indicator in that case.

Jan

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.