[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 1/2] x86/ucode: allow cpu_request_microcode() to skip memory allocation


  • To: Jan Beulich <jbeulich@xxxxxxxx>, Sergey Dyasli <sergey.dyasli@xxxxxxxxx>
  • From: Andrew Cooper <Andrew.Cooper3@xxxxxxxxxx>
  • Date: Mon, 12 Dec 2022 15:18:24 +0000
  • Accept-language: en-GB, en-US
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=DAStDX5uv6E6Da33HcG8ZkQczFa5m89i2z6Uo18Hb5s=; b=S3XMFq7CaSFP1qAOk+SQQw7PfZH2uMltS14LFV2WQTbyHqoYxtNZMbmQtrjJ0Xv3+zqt/6ZqLApDOz6ZqEIhnhfQHW6XcEDJsJIAjjjopNUAlAuWUPqQ/k88aYKh2JF1lTznTOiaKohzvDyaBLPnlJFb+h2nomRi29sr84cQjGgsViklvdUDVXttNpcgMIIHHeGG3QPZ0SWfBsz8uH3BfgfMiT6J4ycVG2sageG3gOchnQVpiU8uz4FQl1RAOL6CpRj1fS+t5XhoCBOdHIlO3AodAazKP9TNmKh9PLwMuzbiQG7mf8LmzHHdlNtu6QfLdqNK243rlSVaC+E9D+bdVQ==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=JUyojaM/X0043SKuBKBiJcH8VezBjcWA5eM8gwk37j6fUg795LKj27CY+8kS1Mk5cMeYka4yKHVP88S39VchGoCrwXgiYl4SW5l+NeTah3kJVfzRNVEvSsePUR0hdA0H9OZSdLDF5Q0zwai5OqIWFr9KyXvbLItyO7GvQPzpdUMs6jff6PXrWlLmtfkhCJaXGksSCmu3pLrUGYjqVYeRe2s/D/G1cYmVhW9Oom3t/40rqOmGmaBP4U/ajMd0TuaCQVcMS7Isgw57AeJsr2jSbMZIunqSNLDTiIYBEJJr0ZKDFD+mr2uDS3GCxhEnuEcCR81jbe1l3CDKpzUUEqbrnw==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=citrix.com;
  • Cc: Roger Pau Monne <roger.pau@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • Delivery-date: Mon, 12 Dec 2022 15:18:48 +0000
  • Ironport-data: A9a23:6SwNza8vtRJQKttV8pgbDrUDRX+TJUtcMsCJ2f8bNWPcYEJGY0x3y DEZXD+EOKqOYGbyLopyaoyz905Su8LUm9FiGQNrrys8E34SpcT7XtnIdU2Y0wF+jCHgZBk+s 5hBMImowOQcFCK0SsKFa+C5xZVE/fjUAOG6UKucYHsZqTZMEE8JkQhkl/MynrlmiN24BxLlk d7pqojUNUTNNwRcawr40Ire7kIx1BjOkGlA5AZnP6kR5Aa2e0Q9V/rzG4ngdxMUfaEMdgKKb 76r5K20+Grf4yAsBruN+losWhRXKlJ6FVHmZkt+A8BOsDAbzsAB+v9T2M4nQVVWk120c+VZk 72hg3ASpTABZcUgkMxFO/VR/roX0aduoNcrKlDn2SCfItGvn9IBDJyCAWlvVbD09NqbDkljy aYycRIXUyqdluGk/+qZErJM2egKeZyD0IM34hmMzBn/JNN/G9XpZfWP4tVVmjAtmspJAPDSI dIDbiZiZwjBZBsJPUoLDJU5n6GjgXyXnz9w8QrJ4/ZopTWOilUuidABM/KMEjCObexTklyVu STt+GPhDwtBHNee1SCE4jSngeqncSbTCN1OSO3op6YCbFu79n0PVQFOC0KCkPScpW2YYetuN 0cqw397xUQ13AnxJjXnZDW6qnOZuh8XW/JLDvY3rgqKz8L8+AuDCWUVCDJQYccitec9QTs32 hmCmNaBLSNrmK2YTzSa7Lj8hSO/P20ZIHEPYQcATBAZ+J/zrYcrlBXNQ91/VqmvgbXI9SrYx jmLqG00geUVhMtSjaGjpwmY2nSru4TDSRMz6kPPRGW54whlZYmjIYu19Vzc6vUGJ4GcJrWcg EU5dwGlxLhmJfmweOalHY3hwJnBCy65DQDh
  • Ironport-hdrordr: A9a23:1i5xsqAAeTyL59nlHemi55DYdb4zR+YMi2TDtnocdfUxSKelfq +V88jzuSWbtN9yYhEdcKG7WZVoKEm0nfQZ3WB7B8bAYOCJghrMEKhSqafk3j38C2nf24dmpM NdmnFFeb/NMWQ=
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Thread-index: AQHZCwjAky6i1T4UZEeH7yXOYJiUd65kBHMAgAAalYCABjaCAIAACQQAgAAFVAA=
  • Thread-topic: [PATCH 1/2] x86/ucode: allow cpu_request_microcode() to skip memory allocation

On 12/12/2022 14:59, Jan Beulich wrote:
> On 12.12.2022 15:27, Sergey Dyasli wrote:
>> On Thu, Dec 8, 2022 at 3:34 PM Jan Beulich <jbeulich@xxxxxxxx> wrote:
>>> On 08.12.2022 14:59, Andrew Cooper wrote:
>>>> On 08/12/2022 13:26, Sergey Dyasli wrote:
>>>>> @@ -240,20 +240,20 @@ static const struct microcode_patch *nmi_patch = 
>>>>> ZERO_BLOCK_PTR;
>>>>>   * patch is found and an error occurs during the parsing process. 
>>>>> Otherwise
>>>>>   * return NULL.
>>>>>   */
>>>>> -static struct microcode_patch *parse_blob(const char *buf, size_t len)
>>>>> +static const struct microcode_patch *parse_blob(const char *buf, size_t 
>>>>> len)
>>>>>  {
>>>>>      alternative_vcall(ucode_ops.collect_cpu_info);
>>>>>
>>>>> -    return alternative_call(ucode_ops.cpu_request_microcode, buf, len);
>>>>> +    return alternative_call(ucode_ops.cpu_request_microcode, buf, len, 
>>>>> true);
>>>>>  }
>>>>>
>>>>> -static void microcode_free_patch(struct microcode_patch *patch)
>>>>> +static void microcode_free_patch(const struct microcode_patch *patch)
>>>>>  {
>>>>> -    xfree(patch);
>>>>> +    xfree((void *)patch);
>>>> This hunk demonstrates why the hook wants to return a non-const
>>>> pointer.  Keeping it non-const will shrink this patch quite a bit.
>>> Alternatively it demonstrates why xfree() should take const void *,
>>> just like e.g. unmap_domain_page() or vunmap() already do. We've
>>> talked about this before, and the argument hasn't changed: Neither
>>> unmapping nor freeing really alters the contents of the pointed to
>>> area from the perspective of the caller, as the contents simply
>>> disappears altogether.
>> Despite my love of const, const correctness in C is quite a pain. I've
>> tried to make xfree() take a const pointer but then issues began with
>> add/strip_padding() functions and I couldn't overcome those without
>> further (void *) casts which just takes the problem to a different
>> layer.
> There is exactly one such cast needed according to my attempt, and that's
> in an internal (static) helper function. See below (and feel free to use).
>
> Jan
>
> mm: make a couple of freeing functions take const void*
>
> freeing functions, from the perspective of their callers, don't alter
> contents of the freed block; the block simply disappears. Plus it is not
> uncommon that some piece of memory is allocated, filled, and henceforth
> supposed to only be read from. In such cases, with the parameters of the
> freeing functions not being pointer-to-const, callers have to either
> omit the use of const where it would be indicated or add risky casts.
>
> The goal being to make xfree() fit the intended pattern, alter other
> functions at the same time to limit the number of casts needed to just
> one. strip_padding() necessarily has to have a such a cast, as it's
> effectively strchr()- or memchr()-like: Input may be pointer-to-const,
> bot for its output to also be usable when the input isn't, const needs
> to be cast away. Note that the risk with such a cast is quite a bit
> lower when it's an internal (static) function wich is affected.
>
> Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>

If you can persuade the C standards committee that your interpretation
of how to use const is more correct than theirs, and get them to change
free() to take const void, then we can continue discussing this patch.

Until then, there's a damn good reason why free() takes a non-const
pointer (nothing handed out by a memory allocator can ever be const, and
it is never acceptable to free via a const alias), and contorted
arguments about how its "technically fine" are missing the point.

~Andrew

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.