[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v3 04/15] argo: init, destroy and soft-reset, with enable command line opt

To: "Andrew Cooper" <andrew.cooper3@xxxxxxxxxx>
From: "Jan Beulich" <JBeulich@xxxxxxxx>
Date: Mon, 14 Jan 2019 08:12:37 -0700
Cc: Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wei.liu2@xxxxxxxxxx>, ross.philipson@xxxxxxxxx, Jason Andryuk <jandryuk@xxxxxxxxx>, Daniel Smith <dpsmith@xxxxxxxxxxxxxxxxxxxx>, Tim Deegan <tim@xxxxxxx>, Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx>, Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>, Christopher Clark <christopher.w.clark@xxxxxxxxx>, Rich Persaud <persaur@xxxxxxxxx>, James McKenzie <james@xxxxxxxxxxx>, George Dunlap <George.Dunlap@xxxxxxxxxxxxx>, Julien Grall <julien.grall@xxxxxxx>, Paul Durrant <paul.durrant@xxxxxxxxxx>, xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, eric chanudet <eric.chanudet@xxxxxxxxx>, Roger Pau Monne <roger.pau@xxxxxxxxxx>
Delivery-date: Mon, 14 Jan 2019 15:14:48 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

>>> On 14.01.19 at 15:58, <andrew.cooper3@xxxxxxxxxx> wrote:
> On 07/01/2019 07:42, Christopher Clark wrote:
>> --- a/xen/common/argo.c
>> +++ b/xen/common/argo.c
>>  long
>>  do_argo_op(unsigned int cmd, XEN_GUEST_HANDLE_PARAM(void) arg1,
> 
> I know I'm commenting on the wrong patch, but please use unsigned long
> cmd, so the type definition here doesn't truncate the caller provided
> value.  We have similar buggy code all over Xen, but its too late to fix
> that, and I'd prefer not to propagate the error.

Why buggy? It all depends on how the interface is specified. If
the input is 32 bits wide, it is clear that higher bits are supposed
to be ignored. Nothing says that the full register width is
significant.

>>             XEN_GUEST_HANDLE_PARAM(void) arg2, unsigned long arg3,
>>             unsigned long arg4)
>>  {
>> -    return -ENOSYS;
>> +    struct domain *currd = current->domain;
>> +    long rc = -EFAULT;
>> +
>> +    argo_dprintk("->do_argo_op(%u,%p,%p,%d,%d)\n", cmd,
>> +                 (void *)arg1.p, (void *)arg2.p, (int) arg3, (int) arg4);
> 
> For debugging purposes, you don't want to truncate any of these values,
> or you'll have a print message which doesn't match what the guest
> provided.  I'd use %ld for arg3 and arg4.

Perhaps better %lx, for the output being easier to recognize
for both bitmaps (e.g. flag values) and sufficiently large values.

>> +
>> +    if ( unlikely(!opt_argo_enabled) )
>> +    {
>> +        rc = -EOPNOTSUPP;
> 
> Shouldn't this be ENOSYS instead?  There isn't a conceptual difference
> between CONFIG_ARGO compiled out, and opt_argo clear on the command
> line, and I don't think a guest should be able to tell the difference.

I admit it's a boundary case, but I think ENOSYS should strictly
only ever be (and have been) returned for unrecognized major
hypercall numbers.

Jan



_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

Follow-Ups:
- Re: [Xen-devel] [PATCH v3 04/15] argo: init, destroy and soft-reset, with enable command line opt
  - From: Christopher Clark

References:
- [Xen-devel] [PATCH v3 00/15] Argo: hypervisor-mediated interdomain communication
  - From: Christopher Clark
- [Xen-devel] [PATCH v3 04/15] argo: init, destroy and soft-reset, with enable command line opt
  - From: Christopher Clark
- Re: [Xen-devel] [PATCH v3 04/15] argo: init, destroy and soft-reset, with enable command line opt
  - From: Andrew Cooper

Prev by Date: Re: [Xen-devel] [PATCH] x86emul: fix test harness and fuzzer build dependencies
Next by Date: [Xen-devel] PING ARM [PATCH v2] xen/cmdline: Fix buggy strncmp(s, LITERAL, ss - s) construct
Previous by thread: Re: [Xen-devel] [PATCH v3 04/15] argo: init, destroy and soft-reset, with enable command line opt
Next by thread: Re: [Xen-devel] [PATCH v3 04/15] argo: init, destroy and soft-reset, with enable command line opt
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.