Xen project Mailing List

Re: [PATCH 1/2] x86: correct is_pv_domain() when !CONFIG_PV

To: Roger Pau Monné <roger.pau@xxxxxxxxxx>

Date: Tue, 13 Apr 2021 10:02:03 +0200

Cc: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>

Delivery-date: Tue, 13 Apr 2021 08:02:14 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 13.04.2021 09:56, Roger Pau Monné wrote: > On Mon, Apr 12, 2021 at 05:51:17PM +0200, Jan Beulich wrote: >> On 12.04.2021 17:40, Roger Pau Monné wrote: >>> On Mon, Apr 12, 2021 at 05:24:41PM +0200, Jan Beulich wrote: >>>> On 12.04.2021 16:49, Roger Pau Monné wrote: >>>>> On Mon, Apr 12, 2021 at 12:07:12PM +0200, Jan Beulich wrote: >>>>>> On 12.04.2021 11:34, Roger Pau Monné wrote: >>>>>>> On Fri, Nov 27, 2020 at 05:54:57PM +0100, Jan Beulich wrote: >>>>>>>> --- a/xen/include/xen/sched.h >>>>>>>> +++ b/xen/include/xen/sched.h >>>>>>>> @@ -985,7 +985,7 @@ static always_inline bool is_control_dom >>>>>>>> >>>>>>>> static always_inline bool is_pv_domain(const struct domain *d) >>>>>>>> { >>>>>>>> - return IS_ENABLED(CONFIG_PV) && >>>>>>>> + return IS_ENABLED(CONFIG_X86) && >>>>>>>> evaluate_nospec(!(d->options & XEN_DOMCTL_CDF_hvm)); >>>>>>>> } >>>>>>>> >>>>>>>> @@ -1011,7 +1011,7 @@ static always_inline bool is_pv_32bit_vc >>>>>>>> >>>>>>>> static always_inline bool is_pv_64bit_domain(const struct domain *d) >>>>>>>> { >>>>>>>> - if ( !is_pv_domain(d) ) >>>>>>>> + if ( !IS_ENABLED(CONFIG_PV) || !is_pv_domain(d) ) >>>>>>>> return false; >>>>>>> >>>>>>> I think overall is confusing to have a domain that returns true for >>>>>>> is_pv_domain but false for both is_pv_{64,32}bit_domain checks. >>>>>>> >>>>>>> I know those are only the system domains, but it feels confusing and >>>>>>> could cause mistakes in the future IMO, as then we would have to >>>>>>> carefully think where to use ( is_pv_64bit_domain(d) >>>>>>> || is_pv_32bit_domain(d) ) vs just using is_pv_domain(d), or >>>>>>> IS_ENABLED(CONFIG_PV) && is_pv_domain(d) >>>>>> >>>>>> Imo it's not "then we would have to carefully think where to use ..." >>>>>> but instead this patch is an indication that we should have been for >>>>>> quite some time. For this reason (coming back to your first comment >>>>>> at the top) I'm not sure adding a comment _there_ is actually useful. >>>>>> Every use of is_pv_*() needs carefully considering which domains are >>>>>> really meant. >>>>> >>>>> Maybe we shouldn't have used is_pv_domain as a way to hide code from >>>>> the compiler and instead always provide dummy functions, as even with >>>>> PV support compiled out we still need some of it for system domains. >>>>> >>>>> I'm not sure I have a good proposal to make, but it seems wrong to me >>>>> that is_pv_domain(d) could be different than is_pv_64bit_domain(d) || >>>>> is_pv_32bit_domain(d). >>>> >>>> Hmm, so we're of opposite opinions - not sure what to do. Short of >>>> having / introducing is_system_domain() or some such (with all the >>>> needed auditing) I can't see how assuming the two would mean the >>>> same could ever have been true. With what we have is_pv_domain() is >>>> legitimately true for them, and both is_pv_{32,64}bit_domain() ought >>>> to be false (as there's no specific bitness associated with them) >>>> imo _at least_ when !PV. >>> >>> It's all quite ugly, but I wasn't really getting your reasoning that >>> system domains can be considered PV domains without a bitness. >>> >>> I think we both agree that long term having is_system_domain would be >>> the cleanest solution, but it needs a lot of auditing. >> >> Yes. >> >>> I think I would >>> be fine if you could add a comment somewhere noting that system >>> domains can be identified as PV domains without a bitness, so that >>> it's likely less confusing in the future. >> >> I've added >> >> /* >> * Note that is_pv_domain() can return true (for system domains) even when >> * both is_pv_64bit_domain() and is_pv_32bit_domain() return false. IOW >> * system domains can be considered PV without specific bitness. >> */ >> >> immediately ahead of is_pv_domain(). Does this sound okay? > > Yes, I think the text is fine, I'm however confused by the resulting > code in is_pv_64bit_domain: > > static always_inline bool is_pv_64bit_domain(const struct domain *d) > { > if ( !IS_ENABLED(CONFIG_PV) || !is_pv_domain(d) ) > return false; > > #ifdef CONFIG_PV32 > return !d->arch.pv.is_32bit; > #else > return true; > #endif > } > > Won't this return true for system domains if CONFIG_PV is enabled, and > hence the distinction that system domains are PV domain without a > bitness won't be true anymore? > > Sorry if I'm missing something, I find this all quite confusing. Earlier I said "With what we have is_pv_domain() is legitimately true for them, and both is_pv_{32,64}bit_domain() ought to be false (as there's no specific bitness associated with them) imo _at least_ when !PV." Note the emphasis on "at least". For the "normal" case (PV enabled) I'm again uncertain we can easily change present behavior. Hence the new comment also is worded such that this not fully consistent behavior is still covered. Jan

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.