|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [PATCH] xen/include/public: add macro for invalid grant reference
On 21.02.22 16:31, Jan Beulich wrote: On 21.02.2022 16:05, Juergen Gross wrote:On 21.02.22 15:31, Jan Beulich wrote:On 21.02.2022 15:27, Juergen Gross wrote:On 21.02.22 15:18, Jan Beulich wrote:On 21.02.2022 13:42, Juergen Gross wrote:Providing a macro for an invalid grant reference would be beneficial for users, especially as some are using the wrong value "0" for that purpose. Signed-off-by: Juergen Gross <jgross@xxxxxxxx>Over the years I've been considering to add such to the public interface, perhaps even more than once. But I'm afraid it's not that easy. In principle 0xffffffff (which btw isn't necessarily ~0u) couldI can change that to use 0xffffffff explicitly.be a valid ref. It is really internal agreement by users of the interface to set for themselves that they're not ever going to make a valid grant behind that reference.As the grant reference is an index into the grant table this would limit the size of the grant table to "only" UINT_MAX - 1. I don't think this will be ever a concern (other than an academical one).That wasn't my point. Limiting the table to one less entry is not a big deal indeed. But we have no reason to mandate which gref(s) to consider invalid. A guest could consider gref 0 the invalid one.With the gref being an index starting with 0 (gref 0 is valid, as it is used for the console ring page), the natural choice for an invalid value is the highest one being representable. A gref is of type uint32_t resulting in this value being 0xffffffff. While in theory a grant table could be that large, in practice this will never happen.The hypervisor doesn't care. Imo this simply is an aspect which isThis isn't true. The hypervisor needs to allocate resources for being able to handle the highest possible gref value for a guest. For a v1 grant table this would mean 32GB of grant table size. Are you really concerned we will ever hit this limit? This isn't at the guest's choice, after all, as the max grant table size is limited by Xen.If we're not going to hit that limit, what's wrong with declaring the entire upper half of uint32_t space "invalid" for use a gref? If we won't ever go up to 32Gb, we quite certainly also won't ever reach 16Gb. Yes, you probably already guessed it, we can then repeat this process iteratively until we reach 4kb. This reasoning is nonsense, and you know it. not in need of pinning down in the ABI. Yet if it was pinned down like you do, then the hypervisor would need to make sure it refuses to act on this mandated invalid gref.This is an easy one. We could just refuse to have a grant table of that size. I can add this to the patch if you really think it is necessary.Since grant table size is measured in pages, you'd then have to refuse use of more than just that single gref. This would still not be an immediate problem, but demonstrates again that it's unclear where to draw such a boundary, if one is to be artificially drawn. It should be as high as possible. I wouldn't mind just refusing the last possible gref, but I don't think this is necessary. TBH, I think such completely theoretical concerns should not stand in the way of additions to the ABI making life easier for consumers.In case it wasn't clear - my concern isn't that sacrificing this one entry may cause a problem, or that we'd ever see grant tables grow this big (albeit for the latter: you never really know). Instead my concern is that it is conceptually wrong for us to (now) introduce such a value. I have understood that this is your concern. I continue to think that this concern is of purely academical nature. Juergen Attachment:
OpenPGP_0xB0DE9DD628BF132F.asc Attachment:
OpenPGP_signature
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |