[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH] xen/public: arch-arm: Restrict the visibility of struct vcpu_guest_core_regs

To: Artem Mygaiev <Artem_Mygaiev@xxxxxxxx>, "JBeulich@xxxxxxxx" <JBeulich@xxxxxxxx>
From: Julien Grall <julien.grall@xxxxxxx>
Date: Sun, 2 Jun 2019 11:37:37 +0100
Cc: "wei.liu2@xxxxxxxxxx" <wei.liu2@xxxxxxxxxx>, "sstabellini@xxxxxxxxxx" <sstabellini@xxxxxxxxxx>, "Ian.Jackson@xxxxxxxxxxxxx" <Ian.Jackson@xxxxxxxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, "andrew.cooper3@xxxxxxxxxx" <andrew.cooper3@xxxxxxxxxx>
Delivery-date: Sun, 02 Jun 2019 10:37:52 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Hi Artem,

On 5/22/19 7:05 PM, Artem Mygaiev wrote:

On Wed, 2019-05-22 at 14:00 +0100, Julien Grall wrote:

On 22/05/2019 13:29, Jan Beulich wrote:

On 22.05.19 at 14:20, <
julien.grall@xxxxxxx

wrote:

On 21/05/2019 10:55, Julien Grall wrote:

Hi Jan,

On 5/21/19 10:43 AM, Jan Beulich wrote:

On 21.05.19 at 11:35, <
julien.grall@xxxxxxx

wrote:


On 5/21/19 10:26 AM, Jan Beulich wrote:

On 20.05.19 at 20:12, <
julien.grall@xxxxxxx

wrote:


        As this is now Xen and tools only, I am
wondering whether the check on
        GNU_C is still necessary. I am happy to send a
follow-up patch (or fold
        in this one) if it can be removed.


I think this should be dropped if it can be without
breaking any
part of the build


This is because all the tools are part of xen.git, right?


Right - no-one else is supposed to define __XEN_TOOLS__, or
if anyone does, they're on their own.


Thanks for the information. I will do a full build check.


I thought about this again, long term there are an attempt to
build xen with
other compiler not necessarily supporting GNU C extension.
While this would probably not be the only place that need to be
reworked, we
would have to revert part of this change. So I will not drop the
#ifdef here.


Well, I don't know how it is for Arm, but on x86 we actually use
the
"extended" naming quite extensively, so building with a compiler
that doesn't support this extension is not really an option there.


For the Arm, I think only cpu_user_regs is using "extended" naming.
It should be
possible to remove it without too much trouble here.

@Artem, is there any restriction to use anonymous union in functional
safety?


In general, unions are not allowed in safety regulated programming,
they always require a "deviation" - e.g. unions use for data packing is
usually accepted disregarding anonymous or not.

That's good to know. I am going to keep for now the two definitions of__DECL_REG. We can remove them later on if it is not necessary.


Couple of other things I wanted to mention:
1. all protective programming standards e.g. MISRA recommend reducing
visibility of functions and variables to reduce API surface ans thus
need for test coverage and systematic fault probability.


In general, we want to limit the API exposed to guest as this is stable.

Let us know if you see other places where we could potentially reducethe API without impacting existing guest.

2. current implementation xen tools are very hard to use in safety for
many reasons, I hope to follow up on this soon...


Thank you for the feedback!

Cheers,

--
Julien Grall

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

Prev by Date: [Xen-devel] [PATCH v2] xen/arm: irq: Don't use _IRQ_PENDING when handling host interrupt
Next by Date: [Xen-devel] [linux-3.18 test] 137110: regressions - FAIL
Previous by thread: [Xen-devel] [PATCH v2] xen/arm: irq: Don't use _IRQ_PENDING when handling host interrupt
Next by thread: [Xen-devel] [linux-3.18 test] 137110: regressions - FAIL
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.