[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 1/4] xen: Introduce non-broken hypercalls for the p2m pool size

To: Jan Beulich <jbeulich@xxxxxxxx>
From: Julien Grall <julien@xxxxxxx>
Date: Thu, 27 Oct 2022 10:27:44 +0100
Cc: Roger Pau Monne <roger.pau@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>, Bertrand Marquis <bertrand.marquis@xxxxxxx>, Henry Wang <Henry.Wang@xxxxxxx>, Anthony Perard <anthony.perard@xxxxxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Andrew Cooper <Andrew.Cooper3@xxxxxxxxxx>
Delivery-date: Thu, 27 Oct 2022 09:27:54 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Hi Jan,

On 27/10/2022 07:56, Jan Beulich wrote:

On 26.10.2022 23:24, Julien Grall wrote:

On 26/10/2022 20:22, Andrew Cooper wrote:

--- a/xen/arch/x86/mm/hap/hap.c
+++ b/xen/arch/x86/mm/hap/hap.c
@@ -345,6 +345,16 @@ unsigned int hap_get_allocation(struct domain *d)
               + ((pg & ((1 << (20 - PAGE_SHIFT)) - 1)) ? 1 : 0));
   }

+int hap_get_allocation_bytes(struct domain *d, uint64_t *size)

+{
+    unsigned long pages = (d->arch.paging.hap.total_pages +
+                           d->arch.paging.hap.p2m_pages);

Unlike for Arm no ACCESS_ONCE() here? Also the addition can in
principle overflow, because being done only in 32 bits.


I'm not actually convinced ARM needs ACCESS_ONCE() to begin with.  I
can't see any legal transformation of that logic which could result in a
torn load.


AFAIU, ACCESS_ONCE() is not only about torn load but also making sure
that the compiler will only read the value once.

When LTO is enabled (not yet supported) in Xen, can we guarantee the
compiler will not try to access total_pages twice (obviously it would be
caller dependent)?


Aren't all accesses (supposed to be) under paging lock? At which point
there's no issue with multiple (or torn) accesses?

Not in the current code base for Arm. I haven't checked whether this isthe case with the new version.

If it is suitably locked, then I think we should remove all theACCESS_ONCE() and add an ASSERT(spin_is_locked(...)) to make clear thisshould be called with the lock held.


Cheers,

--
Julien Grall

References:
- [PATCH for-4.17 0/4] XSA-409 fixes
  - From: Andrew Cooper
- [PATCH 1/4] xen: Introduce non-broken hypercalls for the p2m pool size
  - From: Andrew Cooper
- Re: [PATCH 1/4] xen: Introduce non-broken hypercalls for the p2m pool size
  - From: Jan Beulich
- Re: [PATCH 1/4] xen: Introduce non-broken hypercalls for the p2m pool size
  - From: Andrew Cooper
- Re: [PATCH 1/4] xen: Introduce non-broken hypercalls for the p2m pool size
  - From: Julien Grall
- Re: [PATCH 1/4] xen: Introduce non-broken hypercalls for the p2m pool size
  - From: Jan Beulich

Prev by Date: Re: [PATCH v1 09/12] accel/xen/xen-all: export xenstore_record_dm_state
Next by Date: [PATCH][4.17] Arm32: prune (again) ld warning about mismatched wchar_t sizes
Previous by thread: Re: [PATCH 1/4] xen: Introduce non-broken hypercalls for the p2m pool size
Next by thread: Re: [PATCH 1/4] xen: Introduce non-broken hypercalls for the p2m pool size
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.