[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH 4/4] xen/version: Introduce non-truncating XENVER_* subops
- To: Jan Beulich <jbeulich@xxxxxxxx>
- From: Andrew Cooper <Andrew.Cooper3@xxxxxxxxxx>
- Date: Thu, 5 Jan 2023 22:28:10 +0000
- Accept-language: en-GB, en-US
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=i+0q0drz1PnYzIVvpMPaNg9lgG7Tam6XO5zaVwxxGiE=; b=PZ0g6YEEIh7hXrQbCWrB9z1NAEBfTf2KCL7tBdDvmHBbfFK4+LZ1c7UyhpztHJM41qsBeZ4wS5gjUyVExpKukv+MLxhfMKQlJLCh3A9sAgHncY1yqp+wN2rpjkl8ZKBcnizxxwVWMt/4AQ7LdnHN9/g0lK2CCtEEC6zH9N03KUxQ4p5msV7+5G1fSCl/JKKkDV2PCbgbd0f4qgxQ6NkzWZjXQMr2/j05d5WqXW4WMmS8SOb6+R6EGR85cbfNny6fsfyCqdRxxde5CaNLs9Mzzb/J+2R7cXtZ65XW5x7148vtlgiaR0H8xpjTcytwLu38cohCENh4qau0qEDwfoFgFg==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Zrb9IreDg66tjwfw1OkaJB+jjOghiDSYRM2vPTx61fiYRuQP88+ePftaMXsQBH7q6NptTGAzj7i313qvAx1uxZ7IIeZAgh7uHrx0FVqOA9jCNLkL8nOg0LS3PVAkRddDQ8KyX+Y+sGG2L5WvjZ8sQMW17X9QGer4Gd+jgdj4eNTW7oMyd0H/eV9s/F4ZNhySG2DkQyaXzxxelxU1sS9wVH1aECJQfDc/T1I9ArqCNbAquZSRL16tyWjE2F8Nby60UMSqHOK+g1JyjwU3x8EE3DrNH2JKENlNrqI1Snr5TTZ+tyW46+a22rX5V6EeN74SkicpGj6C4+nZ0/3i2zm+gg==
- Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=citrix.com;
- Cc: George Dunlap <George.Dunlap@xxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Julien Grall <julien@xxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>
- Delivery-date: Thu, 05 Jan 2023 22:28:28 +0000
- Ironport-data: A9a23:wiET/qBXMbvdIhVW/+Piw5YqxClBgxIJ4kV8jS/XYbTApGsg1GRTx 2scWj/SOqvbNGfwetgjbYXjpksO6p/TxtZgQQY4rX1jcSlH+JHPbTi7wuUcHAvJd5GeExg3h yk6QoOdRCzhZiaE/n9BCpC48T8nk/nNHuCnYAL9EngZbRd+Tys8gg5Ulec8g4p56fC0GArIs t7pyyHlEAbNNwVcbyRFtcpvlDs15K6p4GpA4wRlDRx2lAS2e0c9Xcp3yZ6ZdxMUcqEMdsamS uDKyq2O/2+x13/B3fv8z94X2mVTKlLjFVDmZkh+AsBOsTAbzsAG6Y4pNeJ0VKtio27hc+ada jl6ncfYpQ8BZsUgkQmGOvVSO3kW0aZuoNcrLZUj2CA6IoKvn3bEmp1T4E8K0YIw2utICmhVx b8hAx8VbiyFqf+m3Je/Y7w57igjBJGD0II3nFhFlGucJ9B2BJfJTuPN+MNS2yo2ioZWB/HCa sEFaD1pKhPdfxlIPVRRA5U79AuqriCnL3sE9xTI+OxuvDK7IA9ZidABNPL8fNCQSNoTtUGfv m/cpEzyAw0ANczZwj2Amp6prr6WwXijAtxOfFG+3r0xg3eamWYyMzg9VleJg9aQh3S0As0Kf iT4/QJr98De7neDTNPwQhm5q36spQMHVpxbFOhSwBqW1qPe7gKdB24FZj1MctorsIkxXzNC/ kCNt8PkA3poqrL9YXCA8raZqxuiNC5TKnUNDQcUQA1A79T9rYUbihPUUs0lAKOzlsfyGzz73 3aNtidWulkIpcsC1qH+91aXhTup/8LNVlRsuV+RWX+55ARkYoLjf5av9VXQ8fdHKsCeU0WFu 38H3cOZ6YjiEK2wqcBEe81VdJnB2hpPGGe0bYJHd3X5ywmQxg==
- Ironport-hdrordr: A9a23:5z2GP67If76j9ysXNwPXwPfXdLJyesId70hD6qm+c20tTiX4rb HXoB1/73XJYVkqKRQdcLy7Scu9qDbnhP1ICOoqXItKPjOW3FdARbsKheDfKn/bexEWndQtsp uIHZIObuEYzmIXsS852mSF+hobr+VvOZrHudvj
- List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
- Thread-index: AQHZH69eYU4qCMuPJUaHOPPUV+yM+a6OfdiAgAAZEwCAAOVUAIAA7l0A
- Thread-topic: [PATCH 4/4] xen/version: Introduce non-truncating XENVER_* subops
On 05/01/2023 8:15 am, Jan Beulich wrote:
> On 04.01.2023 19:34, Andrew Cooper wrote:
>> On 04/01/2023 5:04 pm, Jan Beulich wrote:
>>> On 03.01.2023 21:09, Andrew Cooper wrote:
>>>> API/ABI wise, XENVER_build_id could be merged into xenver_varstring_op(),
>>>> but
>>>> the internal infrastructure is awkward.
>>> I guess build-id also doesn't fit the rest because of not returning strings,
>>> but indeed an array of bytes. You also couldn't use strlen() on the array.
>> The format is unspecified, but it is a base64 encoded ASCII string (not
>> NUL terminated).
> Where are you taking this base64 encoding from? I see the build ID being pure
> binary data, which could easily have an embedded nul.
Oh, so it is.
I'd failed to spot that libxl formats it automatically on behalf of the
caller.
>>>> + if ( sz > INT32_MAX )
>>>> + return -E2BIG; /* Compat guests. 2G ought to be plenty. */
>>> While the comment here and in the public header mention compat guests,
>>> the check is uniform. What's the deal?
>> Well its either this, or a (comat ? INT32_MAX : INT64_MAX) check, along
>> with the ifdefary and predicates required to make that compile.
>>
>> But there's not a CPU today which can actually move 2G of data (which is
>> 4G of L1d bandwidth) without suffering the watchdog (especially as we've
>> just read it once for strlen(), so that's 6G of bandwidth), nor do I
>> expect this to change in the forseeable future.
>>
>> There's some boundary (probably far lower) beyond which we can't use the
>> algorithm here.
>>
>> There wants to be some limit, and I don't feel it is necessary to make
>> it variable on the guest type.
> Sure. My question was merely because of the special mentioning of 32-bit /
> compat guests. I'm fine with the universal limit, and I'd also be fine
> with a lower (universal) bound. All I'm after is that the (to me at least)
> confusing comments be adjusted.
How about 16k then?
>> But overall, I'm not seeing a major objection to this change? In which
>> case I'll go ahead and do the tools/ cleanup too for v2.
> Well, I'm not entirely convinced of the need for the new subops (we could
> as well introduce build time checks to make sure no truncation will occur
> for the existing ones), but I also won't object to their introduction. At
> least for the command line I can see that we will want (need) to support
> more than 1k worth of a string, considering how many options we have
> accumulated.
I've legitimate customer bugs caused by the cmdline limit, and real test
problems caused by the extraversion limit which I'm unwilling to "fix"
by sticking to the current API/ABI.
~Andrew
|
