Xen project Mailing List

Re: [Xen-devel] [PATCH 1/3] tools/libxencall: use hypercall buffer device if available

To: Ian Jackson <ian.jackson@xxxxxxxxxx>

From: Juergen Gross <jgross@xxxxxxxx>

Date: Fri, 15 Jun 2018 17:50:18 +0200

Autocrypt: addr=jgross@xxxxxxxx; prefer-encrypt=mutual; keydata= xsBNBFOMcBYBCACgGjqjoGvbEouQZw/ToiBg9W98AlM2QHV+iNHsEs7kxWhKMjrioyspZKOB ycWxw3ie3j9uvg9EOB3aN4xiTv4qbnGiTr3oJhkB1gsb6ToJQZ8uxGq2kaV2KL9650I1SJve dYm8Of8Zd621lSmoKOwlNClALZNew72NjJLEzTalU1OdT7/i1TXkH09XSSI8mEQ/ouNcMvIJ NwQpd369y9bfIhWUiVXEK7MlRgUG6MvIj6Y3Am/BBLUVbDa4+gmzDC9ezlZkTZG2t14zWPvx XP3FAp2pkW0xqG7/377qptDmrk42GlSKN4z76ELnLxussxc7I2hx18NUcbP8+uty4bMxABEB AAHNHkp1ZXJnZW4gR3Jvc3MgPGpncm9zc0BzdXNlLmRlPsLAeQQTAQIAIwUCU4xw6wIbAwcL CQgHAwIBBhUIAgkKCwQWAgMBAh4BAheAAAoJELDendYovxMvi4UH/Ri+OXlObzqMANruTd4N zmVBAZgx1VW6jLc8JZjQuJPSsd/a+bNr3BZeLV6lu4Pf1Yl2Log129EX1KWYiFFvPbIiq5M5 kOXTO8Eas4CaScCvAZ9jCMQCgK3pFqYgirwTgfwnPtxFxO/F3ZcS8jovza5khkSKL9JGq8Nk czDTruQ/oy0WUHdUr9uwEfiD9yPFOGqp4S6cISuzBMvaAiC5YGdUGXuPZKXLpnGSjkZswUzY d9BVSitRL5ldsQCg6GhDoEAeIhUC4SQnT9SOWkoDOSFRXZ+7+WIBGLiWMd+yKDdRG5RyP/8f 3tgGiB6cyuYfPDRGsELGjUaTUq3H2xZgIPfOwE0EU4xwFgEIAMsx+gDjgzAY4H1hPVXgoLK8 B93sTQFN9oC6tsb46VpxyLPfJ3T1A6Z6MVkLoCejKTJ3K9MUsBZhxIJ0hIyvzwI6aYJsnOew cCiCN7FeKJ/oA1RSUemPGUcIJwQuZlTOiY0OcQ5PFkV5YxMUX1F/aTYXROXgTmSaw0aC1Jpo w7Ss1mg4SIP/tR88/d1+HwkJDVW1RSxC1PWzGizwRv8eauImGdpNnseneO2BNWRXTJumAWDD pYxpGSsGHXuZXTPZqOOZpsHtInFyi5KRHSFyk2Xigzvh3b9WqhbgHHHE4PUVw0I5sIQt8hJq 5nH5dPqz4ITtCL9zjiJsExHuHKN3NZsAEQEAAcLAXwQYAQIACQUCU4xwFgIbDAAKCRCw3p3W KL8TL0P4B/9YWver5uD/y/m0KScK2f3Z3mXJhME23vGBbMNlfwbr+meDMrJZ950CuWWnQ+d+ Ahe0w1X7e3wuLVODzjcReQ/v7b4JD3wwHxe+88tgB9byc0NXzlPJWBaWV01yB2/uefVKryAf AHYEd0gCRhx7eESgNBe3+YqWAQawunMlycsqKa09dBDL1PFRosF708ic9346GLHRc6Vj5SRA UTHnQqLetIOXZm3a2eQ1gpQK9MmruO86Vo93p39bS1mqnLLspVrL4rhoyhsOyh0Hd28QCzpJ wKeHTd0MAWAirmewHXWPco8p1Wg+V+5xfZzuQY0f4tQxvOpXpt4gQ1817GQ5/Ed/wsDtBBgB CAAgFiEEhRJncuj2BJSl0Jf3sN6d1ii/Ey8FAlrd8NACGwIAgQkQsN6d1ii/Ey92IAQZFggA HRYhBFMtsHpB9jjzHji4HoBcYbtP2GO+BQJa3fDQAAoJEIBcYbtP2GO+TYsA/30H/0V6cr/W V+J/FCayg6uNtm3MJLo4rE+o4sdpjjsGAQCooqffpgA+luTT13YZNV62hAnCLKXH9n3+ZAgJ RtAyDWk1B/0SMDVs1wxufMkKC3Q/1D3BYIvBlrTVKdBYXPxngcRoqV2J77lscEvkLNUGsu/z W2pf7+P3mWWlrPMJdlbax00vevyBeqtqNKjHstHatgMZ2W0CFC4hJ3YEetuRBURYPiGzuJXU pAd7a7BdsqWC4o+GTm5tnGrCyD+4gfDSpkOT53S/GNO07YkPkm/8J4OBoFfgSaCnQ1izwgJQ jIpcG2fPCI2/hxf2oqXPYbKr1v4Z1wthmoyUgGN0LPTIm+B5vdY82wI5qe9uN6UOGyTH2B3p hRQUWqCwu2sqkI3LLbTdrnyDZaixT2T0f4tyF5Lfs+Ha8xVMhIyzNb1byDI5FKCb

Cc: xen-devel@xxxxxxxxxxxxxxxxxxxx, wei.liu2@xxxxxxxxxx

Delivery-date: Fri, 15 Jun 2018 15:50:29 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Openpgp: preference=signencrypt

On 15/06/18 16:48, Ian Jackson wrote: > Juergen Gross writes ("[PATCH 1/3] tools/libxencall: use hypercall buffer > device if available"): >> Instead of using anonymous memory for hypercall buffers which is then >> locked into memory, use the hypercall buffer device of the Linux >> privcmd driver if available. >> >> This has the advantage of needing just a single mmap() for allocating >> the buffer and page migration or compaction can't make the buffer >> unaccessible for the hypervisor. > > This code looks reasonable to me (making some assumptions about the > behaviour of /dev/xen/privcmd-buf). However, I find myself quibbling > with the flow control style. And I have some other comments: > >> diff --git a/tools/libs/call/private.h b/tools/libs/call/private.h >> index 533f0c4a8b..06d159cfb8 100644 >> --- a/tools/libs/call/private.h >> +++ b/tools/libs/call/private.h >> @@ -21,6 +21,7 @@ struct xencall_handle { >> xentoollog_logger *logger, *logger_tofree; >> unsigned flags; >> int fd; >> + int buf_fd; > > I think this deserves a comment, along the following lines: > > /* partially with no */ > /* initialised privcmd-buf privcmd-buf */ > int fd; /* any >=0 -1 */ > + int buf_fd; /* any >=0 >=0 */ > > or some such. Okay. > >> static int all_restrict_cb(Xentoolcore__Active_Handle *ah, domid_t domid) { >> xencall_handle *xcall = CONTAINER_OF(ah, *xcall, tc_ah); >> - return xentoolcore__restrict_by_dup2_null(xcall->fd); >> + int rc; >> + >> + rc = xentoolcore__restrict_by_dup2_null(xcall->buf_fd); >> + if ( !rc ) >> + rc = xentoolcore__restrict_by_dup2_null(xcall->fd); >> + return rc; >> } > > Would a `goto out' approach not be clearer here ? Can do. > >> xcall->fd = fd; >> + >> + /* >> + * Try the same for the hypercall buffer device. >> + */ >> + fd = open("/dev/xen/privcmd-buf", O_RDWR|O_CLOEXEC); >> + if ( fd == -1 && ( errno == ENOENT || errno == ENXIO || errno == ENODEV >> ) ) >> + { >> + /* Fallback to /proc/xen/privcmd-buf */ >> + fd = open("/proc/xen/privcmd-buf", O_RDWR|O_CLOEXEC); > > Firstly, is it necessary to try both /proc/xen and /dev/xen ? Surely > nowadays only /dev/xen is relevant. Unless we intend to backport this > new driver to 2.6.18-based Classic Xen Linux kernels which are > probably not affected by the bug anyway ? Hmm, yes. > > Secondly, please treat errors other than ENOENT on opening > /dev/xen/privcmd-buf as fatal (ie, make osdep_xencall_open return -1 > in those cases). Okay. > >> int osdep_xencall_close(xencall_handle *xcall) >> { >> int fd = xcall->fd; >> + >> + if ( xcall->buf_fd >= 0 ) >> + close(xcall->buf_fd); >> if (fd == -1) >> return 0; >> return close(fd); > > This now looks quite clumsy. I would do this: > > - int fd = xcall->fd; > - > - if (fd == -1) > - return 0; > > + if ( xcall->fd >= 0 ) > + close(xcall->fd); >> + if ( xcall->buf_fd >= 0 ) >> + close(xcall->buf_fd); > + return 0; > > which is equivalent but makes the symmetry and idempotency much > clearer. Right. > >> @@ -78,6 +93,14 @@ void *osdep_alloc_pages(xencall_handle *xcall, size_t >> npages) >> void *p; >> int rc, i, saved_errno; >> >> + if ( xcall->buf_fd >= 0 ) >> + { >> + p = mmap(NULL, size, PROT_READ|PROT_WRITE, MAP_SHARED, >> xcall->buf_fd, 0); >> + if ( p == MAP_FAILED ) >> + PERROR("alloc_pages: mmap failed"); >> + return p; >> + } >> + > > I find this early exit approach a bit clumsy, but maybe putting all > the rest in an else branch would be worse. What about two sub-functions and osdep_alloc_pages() just deciding which to call? > > If you do decide to lift the rest into an else branch, I think you > should keep the `out' clause outside it. (It's a shame we don't have > the libxl-style correct error handling approach here, ie: initialise > p=NULL at the top; always `goto out' rather than `return NULL' on > error; and have the out section check p before calling munmap. > >> @@ -119,8 +142,10 @@ out: >> void osdep_free_pages(xencall_handle *xcall, void *ptr, size_t npages) >> { >> int saved_errno = errno; >> - /* Recover the VMA flags. Maybe it's not necessary */ >> - madvise(ptr, npages * PAGE_SIZE, MADV_DOFORK); >> + >> + if ( xcall->buf_fd < 0 ) >> + /* Recover the VMA flags. Maybe it's not necessary */ >> + madvise(ptr, npages * PAGE_SIZE, MADV_DOFORK); > > This part LGTM but given the multiple lines inside the if, maybe { } > would be warranted. Okay. Juergen _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/mailman/listinfo/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.