[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH for-4.17?] x86/paging: return -EINVAL for paging domctls for dying domains


  • To: Roger Pau Monné <roger.pau@xxxxxxxxxx>
  • From: Jan Beulich <jbeulich@xxxxxxxx>
  • Date: Tue, 8 Nov 2022 18:03:54 +0100
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=mIwhKR6A6y6PoKtR5lrUX/3UkdxxKbE4L4T14bNkSGc=; b=PebWJZGtbA6BAO9j4uQt2cBprYozPC15eBQU6lEyLcOqFrEHz//uFfdlrQlCryEPJFddUltWXWQKWjFCQsZdfPSXORP2J+QfU3GUtGgbY28Vq4iOziqz/tJnKxVZ1p1I+HQ8+rVgm8YhVv0HnhnPTGEHY/FHj8zUmA6D/ZwyjwSwmTyuRoh7gJsVocRzjNiCMtfY+Nus78yPadvXQn74UWj9faWC6g5cgNAF9hVjv09kJqvwFV1IpkfDP32w8sELP6xIhVZrR1xuiJtqDuxhUIFdsv0SgJW24TbcjHnrj9U8x8NlPUMg40Nc68rlbDR+YjB3QiwXxFPtapNcoM+AoQ==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=NhjLirYx8UoAZC4CW/S8M21/trTezCwc03cGWGcp9wHPPSiesUwtS7yI1xZFg7YrbKa51rhhKZdkAkl8+YTkgMTc4Im93YtGiM/qBCzTKxdHTLlfyKNJHUyRq7DHxtpJO1fMOG9wb6ueW2+9RyhbovgWJxWOhV3M8iB19kmWfiL5r/zBUXKcyqAfp6YAsI7m57E77OzZcfGwg0X7UnvjfbJd2eB6G2Ht8AuVfKdk4m+YPuJ9JWLwu3mqzUp+rhNbHpqOj9qJ3Gc9eIG5GObDWvsu7ypm4xRbe9iSEs5HdvQGowCsOM+jyX2xKKo3GBM6uim8aToUxFkuN+TPIx+gRQ==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;
  • Cc: Henry.Wang@xxxxxxx, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Edwin Török <edvin.torok@xxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx
  • Delivery-date: Tue, 08 Nov 2022 17:04:11 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 08.11.2022 17:43, Roger Pau Monné wrote:
> On Tue, Nov 08, 2022 at 05:14:40PM +0100, Jan Beulich wrote:
>> On 08.11.2022 12:38, Roger Pau Monne wrote:
>>> Like on the Arm side, return -EINVAL when attempting to do a p2m
>>> operation on dying domains.
>>>
>>> The current logic returns 0 and leaves the domctl parameter
>>> uninitialized for any parameter fetching operations (like the
>>> GET_ALLOCATION operation), which is not helpful from a toolstack point
>>> of view, because there's no indication that the data hasn't been
>>> fetched.
>>
>> While I can see how the present behavior is problematic when it comes
>> to consuming supposedly returned data, ...
>>
>>> --- a/xen/arch/x86/mm/paging.c
>>> +++ b/xen/arch/x86/mm/paging.c
>>> @@ -694,9 +694,10 @@ int paging_domctl(struct domain *d, struct 
>>> xen_domctl_shadow_op *sc,
>>>  
>>>      if ( unlikely(d->is_dying) )
>>>      {
>>> -        gdprintk(XENLOG_INFO, "Ignoring paging op on dying domain %u\n",
>>> +        gdprintk(XENLOG_INFO,
>>> +                 "Tried to do a paging domctl op on dying domain %u\n",
>>>                   d->domain_id);
>>> -        return 0;
>>> +        return -EINVAL;
>>>      }
>>
>> ... going from "success" to "failure" here has a meaningful risk of
>> regressing callers. It is my understanding that it was deliberate to
>> mimic success in this case (without meaning to assign "good" or "bad"
>> to that decision).
> 
> I would assume that was the original intention, yes, albeit the commit
> message doesn't go into details about why mimicking success is
> required, it's very well possible the code relying on this was xend.

Quite possible, but you never know who else has cloned code from there.

>> Can you instead fill the data to be returned in
>> some simple enough way? I assume a mere memset() isn't going to be
>> good enough, though (albeit public/domctl.h doesn't explicitly name
>> any input-only fields, so it may not be necessary to preserve
>> anything). Maybe zeroing ->mb and ->stats would do?
> 
> Hm, it still feels kind of wrong.  We do return errors elsewhere for
> operations attempted against dying domains, and that seems all fine,
> not sure why paging operations need to be different in this regard.
> Arm does also return -EINVAL in that case.
> 
> So what about postponing this change to 4.18 in order to avoid
> surprises, but then taking it in its current form at the start of the
> development window, as to have time to detect any issues?

Maybe, but to be honest I'm not convinced. Arm can't really be taken
for comparison, since the op is pretty new there iirc.

>> As a minor remark: _If_ you're changing the printk(), then please
>> also switch to using %pd.
> 
> I've considered this, but then printing: "Tried to do a paging domctl
> op on dying domain dX" felt kind of repetitive to me because of the
> usage of domain and dX in the same sentence.  Anyway, will adjust.

Simply drop the word "domain", as we've done elsewhere when switching
to %pd?

Jan



 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.