[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 6/9] xen/arm: introduce alloc_staticmem_pages and alloc_domstatic_pages


On 06/07/2021 10:59, Jan Beulich wrote:
On 06.07.2021 11:39, Julien Grall wrote:
Hi Jan & Penny,

On 06/07/2021 07:53, Jan Beulich wrote:
On 06.07.2021 07:58, Penny Zheng wrote:
From: Jan Beulich <jbeulich@xxxxxxxx>
Sent: Thursday, June 10, 2021 6:23 PM

On 07.06.2021 04:43, Penny Zheng wrote:
--- a/xen/common/page_alloc.c
+++ b/xen/common/page_alloc.c
@@ -1065,6 +1065,75 @@ static struct page_info *alloc_heap_pages(
       return pg;

+ * Allocate nr_mfns contiguous pages, starting at #smfn, of static memory.
+ * It is the equivalent of alloc_heap_pages for static memory  */
+static struct page_info *alloc_staticmem_pages(unsigned long nr_mfns,
+                                               mfn_t smfn,
+                                               unsigned int memflags)
+    bool need_tlbflush = false;
+    uint32_t tlbflush_timestamp = 0;
+    unsigned long i;
+    struct page_info *pg;
+    /* For now, it only supports allocating at specified address. */
+    if ( !mfn_valid(smfn) || !nr_mfns )
+    {
+        printk(XENLOG_ERR
+               "Invalid %lu static memory starting at %"PRI_mfn"\n",

Reading a log containing e.g. "Invalid 0 static memory starting at ..." I don't
think I would recognize that the "0" is the count of pages.

Sure. How about "try to allocate out of range page %"PRI_mfn"\n"?

This still doesn't convey _both_ parts of the if() that would cause
the log message to be issued.

+               nr_mfns, mfn_x(smfn));
+        return NULL;
+    }
+    pg = mfn_to_page(smfn);
+    for ( i = 0; i < nr_mfns; i++ )
+    {
+        /*
+         * Reference count must continuously be zero for free pages
+         * of static memory(PGC_reserved).
+         */
+        ASSERT(pg[i].count_info & PGC_reserved);

What logic elsewhere guarantees that this will hold? ASSERT()s are to verify
that assumptions are met. But I don't think you can sensibly assume the caller
knows the range is reserved (and free), or else you could get away without any
allocation function.

The caller shall only call alloc_staticmem_pages when it knows range is 
like, alloc_staticmem_pages is only called in the context of 
for now.

If the caller knows the static ranges, this isn't really "allocation".
I.e. I then question the need for "allocating" in the first place.

We still need to setup the page so the reference counting works
properly. So can you clarify whether you are objecting on the name? If
yes, do you have a better suggestion?

It's not the name alone but the disconnect between name and actual
behavior. Note that here we've started from an ASSERT(), which is
reasonable to have if the caller knows where static pages are, but
which should be converted to an if() when talking about allocation
(i.e. the caller may not have enough knowledge). If it's not really
allocation, how about naming it "acquire" or "obtain" (and the
config option perhaps STATIC_MEMORY)?

The caller will fetch the information from the Device Tree but it doesn't sanity check it. I think it can be easy to make mistake as the information will be scattered in various node of the DT.

So I think it would be better if we have a check in both prod and debug build to ease the integration.

Regarding the name itself, anyone of the one you suggested are fine with me because to me the difference between them is too subtle to be understood by most of the users.


Julien Grall



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.