[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v5 01/11] xen/arm: xc_domain_ioport_permission(..) not supported on ARM.

On Tue, 12 Oct 2021, Ian Jackson wrote:
> Bertrand Marquis writes ("Re: [PATCH v5 01/11] xen/arm: 
> xc_domain_ioport_permission(..) not supported on ARM."):
> > I can add something in the commit message about the fact that we improve
> > performance and prevent to do a call that is and will not be supported in 
> > Xen.
> Thanks but I'm afraid I don't think that is a correct summary of the
> thread.  Nor would it be an adequate justification for the change.  At
> least, not unless you plan to write something considerably longer (and
> more precise).
> Firstly, I'm not convinced this change would be justified by the
> performance impact.  This is a small number of hypercalls during
> domain startup.  Usually none, I think ?  If someone wants to optimise
> domain startup speed then I am very open to that but I think this
> change will make negligible change in practice.  Unless someone wants
> to tell me I'm wrong about that ?  And if I am wrong about that then
> an explanation of why my suppositions are wrong ought to go in the
> commit message.
> Secondly, there is no justification there for the change in error
> status.
> Why is this change needed ?  (What goes wrong if it is omitted ?)
> That is what the commit message ought to answer.
> Plus, given that it stubs out a function to make it into a no-op, that
> itself requires an explanation.  Why is it OK for this function which
> is supposed to do a thing, to in fact not do anything at all and
> return successfully saying "yes I did that" ?
> I think (having read the thread) that I know the answers to these
> questions but it needs to be clearly and explicitly written down.
> > I saw your change in CODING_STYLE and I understand the request.
> > I will try to see if we can handle this change before the feature freeze.
> Thanks.  I doubt that this will be hard.  I am more worried about the
> commit message.
> Indeed, since we haven't had the rationale for this change explicitly
> written down, there is a risk that when we do so, we will discover
> some problem with the approach that we had previously overlooked.
> Discovering that kind of thing is one reason to explicitly write down
> why we are doing what we are doing, but this situation does mean we
> shouldn't feel we've yet achieved confidence that this patch is right.

I don't think it is about performance. From a performance point of view,
we could make as many (unneeded) hypercalls as required. It is mostly
about minimizing unwanted changes to common libxl code. Let me explain.

IO ports on ARM don't exist so all IO ports related hypercalls are going
to fail. This is expected. Today, a failure of
xc_domain_ioport_permission would turn into a critical failure at domain
creation. We need to avoid this outcome; instead we want to continue
with domain creation as normal even if xc_domain_ioport_permission
fails. (FYI the underlying hypercall XEN_DOMCTL_ioport_permission is not
implemented on ARM so it would return -ENOSYS.)

We have a few options to achieve this goal:

1) No xc_domain_ioport_permission calls on ARM

   Use #ifdefs or similar checks in libxl_pci.c to avoid calling
   xc_domain_ioport_permission on ARM. This could be best but it would
   cause some churn in arch-neutral libxl code.

2) Handle xc_domain_ioport_permission errors in libxl

   Introduce checks on the return value of xc_domain_ioport_permission
   and ignore specific errors on ARM in libxl_pci.c.
   For instance: if (ARM && rc == -ENOSYS) continue.

   This might cause less churn than 1) but still requires a few changes
   in arch-neutral libxl code.

3) Force XEN_DOMCTL_ioport_permission to return zero on ARM

   Force the hypercall to return success even if it did nothing.
   Currently it returns -ENOSYS.

   This is possible but it wasn't chosen for the implementation as we
   felt that the hypercall should reflect what was actually done
   (nothing) and it should be userspace to handle the error. I guess
   this could be argued either way.

4) Force xc_domain_ioport_permission to return zero on ARM

   Force xc_domain_ioport_permission to return success even if the
   hypercall would return -ENOSYS. This way there are no changes to
   This is what the patch currently implements by using  #ifdef in
   xc_domain_ioport_permission. It could also have achieved the same
   goal by making the implementation of xc_domain_ioport_permission
   arch-specific, and in the ARM implementation returning 0.

All options above achieve the goal of a successful domain creation with
PCI device assigned on ARM. You might be able to think of other options
as well. I think noone here is really set on using one option over the
other -- as long as xc_domain_ioport_permission failures don't turn into
domain creation failures on ARM we are good.

Let us know what you think.



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.