[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Checking INVALID_MFN in mfn_add (WAS: Re: [PATCH MM-PART3 v2 04/12] xen/arm: mm: Only increment mfn when valid in xen_pt_update)



Hi,

On 11/06/2019 21:24, Andrew Cooper wrote:
On 11/06/2019 20:56, Julien Grall wrote:
On 11/06/2019 19:37, Stefano Stabellini wrote:
On Tue, 14 May 2019, Julien Grall wrote:
Currently, the MFN will be incremented even if it is invalid. This will
result to have a valid MFN after the first iteration.

While this is not a major problem today, this will be in the future if
the code expect an invalid MFN at every iteration.

Such behavior is prevented by avoiding to increment an invalid MFN.

Signed-off-by: Julien Grall <julien.grall@xxxxxxx>
Reviewed-by: Andrii Anisov <andrii_anisov@xxxxxxxx>

---
      Changes in v2:
          - Move the patch earlier on in the series
          - Add Andrii's reviewed-by
---
   xen/arch/arm/mm.c | 5 ++++-
   1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/xen/arch/arm/mm.c b/xen/arch/arm/mm.c
index f956aa6399..9de2a1150f 100644
--- a/xen/arch/arm/mm.c
+++ b/xen/arch/arm/mm.c
@@ -1051,11 +1051,14 @@ static int xen_pt_update(enum xenmap_operation op,
spin_lock(&xen_pt_lock); - for(; addr < addr_end; addr += PAGE_SIZE, mfn = mfn_add(mfn, 1))
+    for( ; addr < addr_end; addr += PAGE_SIZE )
       {
           rc = xen_pt_update_entry(op, addr, mfn, flags);
           if ( rc )
               break;
+
+        if ( !mfn_eq(mfn, INVALID_MFN) )
+            mfn = mfn_add(mfn, 1);
       }
This is OK but got me thinking: should we be updating the mfn in mfn_add
if the mfn is INVALID? The mfn_eq(mfn, INVALID_MFN) could live inside
the static inline mfn_t mfn_add function. What do you think? I don't
think there are any valid scenarios where we want to increment
INVALID_MFN...
My first thought is mfn_add(...) may be used in place where we know the
mfn is not INVALID_MFN. So we would add extra check when it may not be
necessary. Although, I am not sure if it is important.

I have added Andrew & Jan to get any opinions.

mfn_add(foo, bar) is shorthand for foo += bar, and should remain as such.

It exists only because we can't overload operators in C, and want
something slightly more readable than _mfn(mfn_x(foo) + bar)

Behind the scenes, the compiler will turn it back into a single add
instruction.

The saturating behaviour here is specific to the pagetable opereations
where passing INVALID_MFN is an alias for unmap, and is therefore not
useful in the majority of the users of mfn_add(), and certainly not
something we should have a hidden branch for in the middle of many tight
loops.

Thank you for the input! I will keep mfn_add() as it is.

Cheers,

--
Julien Grall

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.