[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH RFC V2 01/45] xen/sched: add inline wrappers for calling per-scheduler functions

  • To: Jan Beulich <JBeulich@xxxxxxxx>
  • From: Juergen Gross <jgross@xxxxxxxx>
  • Date: Thu, 9 May 2019 14:44:11 +0200
  • Autocrypt: addr=jgross@xxxxxxxx; prefer-encrypt=mutual; keydata= mQENBFOMcBYBCACgGjqjoGvbEouQZw/ToiBg9W98AlM2QHV+iNHsEs7kxWhKMjrioyspZKOB ycWxw3ie3j9uvg9EOB3aN4xiTv4qbnGiTr3oJhkB1gsb6ToJQZ8uxGq2kaV2KL9650I1SJve dYm8Of8Zd621lSmoKOwlNClALZNew72NjJLEzTalU1OdT7/i1TXkH09XSSI8mEQ/ouNcMvIJ NwQpd369y9bfIhWUiVXEK7MlRgUG6MvIj6Y3Am/BBLUVbDa4+gmzDC9ezlZkTZG2t14zWPvx XP3FAp2pkW0xqG7/377qptDmrk42GlSKN4z76ELnLxussxc7I2hx18NUcbP8+uty4bMxABEB AAG0H0p1ZXJnZW4gR3Jvc3MgPGpncm9zc0BzdXNlLmNvbT6JATkEEwECACMFAlOMcK8CGwMH CwkIBwMCAQYVCAIJCgsEFgIDAQIeAQIXgAAKCRCw3p3WKL8TL8eZB/9G0juS/kDY9LhEXseh mE9U+iA1VsLhgDqVbsOtZ/S14LRFHczNd/Lqkn7souCSoyWsBs3/wO+OjPvxf7m+Ef+sMtr0 G5lCWEWa9wa0IXx5HRPW/ScL+e4AVUbL7rurYMfwCzco+7TfjhMEOkC+va5gzi1KrErgNRHH kg3PhlnRY0Udyqx++UYkAsN4TQuEhNN32MvN0Np3WlBJOgKcuXpIElmMM5f1BBzJSKBkW0Jc Wy3h2Wy912vHKpPV/Xv7ZwVJ27v7KcuZcErtptDevAljxJtE7aJG6WiBzm+v9EswyWxwMCIO RoVBYuiocc51872tRGywc03xaQydB+9R7BHPuQENBFOMcBYBCADLMfoA44MwGOB9YT1V4KCy vAfd7E0BTfaAurbG+Olacciz3yd09QOmejFZC6AnoykydyvTFLAWYcSCdISMr88COmmCbJzn sHAogjexXiif6ANUUlHpjxlHCCcELmZUzomNDnEOTxZFeWMTFF9Rf2k2F0Tl4E5kmsNGgtSa aMO0rNZoOEiD/7UfPP3dfh8JCQ1VtUUsQtT1sxos8Eb/HmriJhnaTZ7Hp3jtgTVkV0ybpgFg w6WMaRkrBh17mV0z2ajjmabB7SJxcouSkR0hcpNl4oM74d2/VqoW4BxxxOD1FcNCObCELfIS auZx+XT6s+CE7Qi/c44ibBMR7hyjdzWbABEBAAGJAR8EGAECAAkFAlOMcBYCGwwACgkQsN6d 1ii/Ey9D+Af/WFr3q+bg/8v5tCknCtn92d5lyYTBNt7xgWzDZX8G6/pngzKyWfedArllp0Pn fgIXtMNV+3t8Li1Tg843EXkP7+2+CQ98MB8XvvPLYAfW8nNDV85TyVgWlldNcgdv7nn1Sq8g HwB2BHdIAkYce3hEoDQXt/mKlgEGsLpzJcnLKimtPXQQy9TxUaLBe9PInPd+Ohix0XOlY+Uk QFEx50Ki3rSDl2Zt2tnkNYKUCvTJq7jvOlaPd6d/W0tZqpyy7KVay+K4aMobDsodB3dvEAs6 ScCnh03dDAFgIq5nsB11j3KPKdVoPlfucX2c7kGNH+LUMbzqV6beIENfNexkOfxHf4kBrQQY AQgAIBYhBIUSZ3Lo9gSUpdCX97DendYovxMvBQJa3fDQAhsCAIEJELDendYovxMvdiAEGRYI AB0WIQRTLbB6QfY48x44uB6AXGG7T9hjvgUCWt3w0AAKCRCAXGG7T9hjvk2LAP99B/9FenK/ 1lfifxQmsoOrjbZtzCS6OKxPqOLHaY47BgEAqKKn36YAPpbk09d2GTVetoQJwiylx/Z9/mQI CUbQMg1pNQf9EjA1bNcMbnzJCgt0P9Q9wWCLwZa01SnQWFz8Z4HEaKldie+5bHBL5CzVBrLv 81tqX+/j95llpazzCXZW2sdNL3r8gXqrajSox7LR2rYDGdltAhQuISd2BHrbkQVEWD4hs7iV 1KQHe2uwXbKlguKPhk5ubZxqwsg/uIHw0qZDk+d0vxjTtO2JD5Jv/CeDgaBX4Emgp0NYs8IC UIyKXBtnzwiNv4cX9qKlz2Gyq9b+GdcLYZqMlIBjdCz0yJvgeb3WPNsCOanvbjelDhskx9gd 6YUUFFqgsLtrKpCNyy203a58g2WosU9k9H+LcheS37Ph2vMVTISMszW9W8gyORSgmw==
  • Cc: Tim Deegan <tim@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wei.liu2@xxxxxxxxxx>, Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx>, George Dunlap <George.Dunlap@xxxxxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Dario Faggioli <dfaggioli@xxxxxxxx>, Julien Grall <julien.grall@xxxxxxx>, xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • Delivery-date: Thu, 09 May 2019 12:44:26 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Openpgp: preference=signencrypt
On 09/05/2019 14:31, Jan Beulich wrote:
>>>> On 09.05.19 at 14:03, <jgross@xxxxxxxx> wrote:
>> On 09/05/2019 13:50, Jan Beulich wrote:
>>>>>> On 09.05.19 at 12:56, <jgross@xxxxxxxx> wrote:
>>>> On 09/05/2019 12:04, George Dunlap wrote:
>>>>> On 5/9/19 6:32 AM, Juergen Gross wrote:
>>>>>> On 08/05/2019 18:24, George Dunlap wrote:
>>>>>>> On 5/6/19 7:56 AM, Juergen Gross wrote:
>>>>>>>> Instead of using the SCHED_OP() macro to call the different scheduler
>>>>>>>> specific functions add inline wrappers for that purpose.
>>>>>>>>
>>>>>>>> Signed-off-by: Juergen Gross <jgross@xxxxxxxx>
>>>>>>>
>>>>>>> This seems like a great idea.  One minor comment...
>>>>>>>
>>>>>>>> +static inline int sched_init(struct scheduler *s)
>>>>>>>> +{
>>>>>>>> +    ASSERT(s->init);
>>>>>>>> +    return s->init(s);
>>>>>>>> +}
>>>>>>>> +
>>>>>>>> +static inline void sched_deinit(struct scheduler *s)
>>>>>>>> +{
>>>>>>>> +    ASSERT(s->deinit);
>>>>>>>> +    s->deinit(s);
>>>>>>>> +}
>>>>>>>
>>>>>>> I think these would better as BUG_ON()s.  These aren't hot paths, and if
>>>>>>> we do somehow hit this situation in production, 1) it's safer to
>>>>>>> BUG_ON() than dereferencing NULL, and 2) you'll get a more helpful error
>>>>>>> message.
>>>>>>
>>>>>> Only for those 2 instances above? Or would you like BUG_ON() instead of
>>>>>> ASSERT() in the other added inlines, too (maybe not for pick_cpu, but
>>>>>> e.g. the ones in free_*) ?
>>>>>
>>>>> Why not for pick_cpu()?  It's the same basic logic -- in production, if
>>>>> it *is* NULL, then you'll either crash with a segfault, or start
>>>>> executing an exploit.  Much better to BUG_ON().
>>>>
>>>> pick_cpu is called rather often, so maybe we should avoid additional
>>>> tests.
>>>>
>>>> Hmm, thinking more about it: why don't we just drop those ASSERT/BUG_ON
>>>> for mandatory functions and test them when doing the global_init() loop
>>>> over all schedulers. We could just reject schedulers with missing
>>>> functions.
>>>
>>> This would imply pointers can't be zapped off the structures.
>>> IMO this would require, as minimal (language level) protection,
>>> that all instances of struct scheduler be const, which doesn't
>>> look doable without some further rework
>>
>> They are const already.
>>
>> The default scheduler's struct is copied to a non-const struct scheduler
>> in scheduler_init().
> 
> Exactly, and then we have things like
> 
> static int
> rt_init(struct scheduler *ops)
> {
>     ...
>     ops->sched_data = prv;
> 
> I.e. it would be quite easy for a specific scheduler to zap one or more
> of its pointers.

So you suggest to ASSERT all pointers before dereferencing them? Why
don't we have such ASSERTs in places where we use function vectors
hooked to dynamic data (and I don't mean the single functions, but the
pointers to the vector, e.g. domain->arch.ctxt_switch)?

Seriously, that would be a major programming bug and I don't think
we need to catch that by debug code sprinkled around everywhere.

After my core scheduling series is finished I'd like to do a major
scheduler cleanup series. One action item will be to have a single
instance const scheduler_funcs structure for each scheduler and a
per-cpupool scheduler_data pointer.


Juergen

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.