[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] xen/arm: bootfdt: Check return code of device_tree_for_each_node()

  • To: Julien Grall <julien@xxxxxxx>, <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • From: Michal Orzel <michal.orzel@xxxxxxx>
  • Date: Thu, 7 Dec 2023 15:34:40 +0100
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=xen.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0)
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=5OJSWzsMJ2qf1OlMoUCQENudpQI71Sk8yuICQafUiak=; b=Hy48ymBtMLR4+anBEe4KKL/LhfHOjGEj7I5ERmb+k02Yj7jmB2G2CLyvuXUuxx3998RucCuugp/7IU2mGZQWvsTbLtcAcmu4pMxkgHNJDEGpnzaCyFFv3dRldXOkkH75qa2m0Kmpl29aSpuEXBsqDieCOleBCgZdT7ESk1lbh4OGYRxE6gpj66elm5DkKo46J8Aiu5dXmfaPkyHJWG93aWvB3WJIZlAkhU1W/pP4gf32lCQPa0zQ+C8pLZxYsseAvHDaoODvi7BC6sZN5sqRi7F17XZpg9etano0oGHvteX/vrP4mhGTBSpYl9216MUxKHIbpvGY9d/7gS0msdB8vw==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=gMYYXM9r5UdD1hAY1IbTYHAV62NDeG9BeyOv7UiL4l/QK4U4heR9viTBvoLDfcfkru0YOyCzL60rClJ6bWv2Meq3kmCHeoL5/OeeSTwnX4USX4DmyGOPzrh1E6Av3cmy0jHtmPjlYehd9FXXGSN6hFjKr6OERIS/q5FBcJDJNH0GFESdAyTEaTDWeQAU6vaHCbYm2d6M4Ho6+uiQCXMidekJLFTMhf8Gpd94bVZDwSDph3DtE/OZ0MU5t4la8UHlEFKyv1CE10wh6ij+daqG6flk3rGbVVQR4RyZvZ9ULtqotQM2Yx++VDl1+P1lv0qrVcekDjCDz7imiTrqgea9Tg==
  • Cc: Stefano Stabellini <sstabellini@xxxxxxxxxx>, Bertrand Marquis <bertrand.marquis@xxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>
  • Delivery-date: Thu, 07 Dec 2023 14:34:52 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 07/12/2023 13:54, Julien Grall wrote:
> 
> 
> Hi Michal,
> 
> On 07/12/2023 12:39, Michal Orzel wrote:
>> On 07/12/2023 13:20, Julien Grall wrote:
>>>
>>>
>>> Hi Michal,
>>>
>>> On 07/12/2023 10:14, Michal Orzel wrote:
>>>> As a result of not checking the return code of device_tree_for_each_node()
>>>> in boot_fdt_info(), any error occured during early FDT parsing does not
>>>> stop Xen from booting. This can result in an unwanted behavior in later
>>>> boot stages. Fix it by checking the return code and panicing on an error.
>>>>
>>>> Fixes: 9cf4a9a46717 ("device tree: add device_tree_for_each_node()")
>>>> Signed-off-by: Michal Orzel <michal.orzel@xxxxxxx>
>>>
>>> With one remark below:
>>>
>>> Acked-by: Julien Grall <jgrall@xxxxxxxxxx>
>>>
>>>> ---
>>>> I've lost count how many times I had to fix missing rc check. However, I 
>>>> have
>>>> not yet found any checker for this (-Wunused-result is pretty useless).
>>>> ---
>>>>    xen/arch/arm/bootfdt.c | 4 +++-
>>>>    1 file changed, 3 insertions(+), 1 deletion(-)
>>>>
>>>> diff --git a/xen/arch/arm/bootfdt.c b/xen/arch/arm/bootfdt.c
>>>> index b1f03eb2fcdd..f496a8cf9494 100644
>>>> --- a/xen/arch/arm/bootfdt.c
>>>> +++ b/xen/arch/arm/bootfdt.c
>>>> @@ -541,7 +541,9 @@ size_t __init boot_fdt_info(const void *fdt, paddr_t 
>>>> paddr)
>>>>
>>>>        add_boot_module(BOOTMOD_FDT, paddr, fdt_totalsize(fdt), false);
>>>>
>>>> -    device_tree_for_each_node((void *)fdt, 0, early_scan_node, NULL);
>>>> +    ret = device_tree_for_each_node((void *)fdt, 0, early_scan_node, 
>>>> NULL);
>>>> +    if ( ret )
>>>> +        panic("Early FDT parsing failed (%d)\n", ret);
>>>
>>> AFAIU, the parsing is done before the console is setup. This means a
>>> user would not be able to get some logs unless they are re-compiling Xen
>>> with earlyprintk.
>>>
>>> I understand this is not a new issue, but I am getting concerned of the
>>> amount of check we add before the console is up and running.
>>>
>>> What is the impact if we don't check the return here? Is it missing regions?
>> There are many things that can go wrong.
>> Quite recently, I faced an issue where I specified 2 dom0less domUs in 
>> configuration
>> and due to the error while parsing the last node of domU1, domU2 node was 
>> skipped and
>> Xen booted only domU1 without giving any errors.
>>
>> Issues with shared memory led to either Xen continue to run with improper 
>> configuration,
>> silencing overlap conditions, errors at later boot stages that were 
>> impossible to deduct
>> from the logs.
>>
>> All in all, early boot code parsing assume the error to result in a failure 
>> and the parsing
>> for domain creation makes this assumption as well (checks are more relaxed 
>> to avoid duplication).
>>
>> For now, we can't do anything better than panicing early if we want to avoid 
>> unwanted behavior.
>>
>>>
>>> I wonder whether we can either enable the console earlier, or make
>>> earlyprintk more dynamic (similar to what Linux is doing with
>>> earlyprintk=...).
>> The most imporatant part is early fdt parsing. The main console init cannot 
>> be moved that early.
> 
> I think we need to understand a bit more why because on x86
> consoel_init_preirq() is called very early. So we ought to be able to do
> the same on Arm.
But this won't cover early fdt parsing. I don't think we can get away without 
adding earlycon
and earlycon helpers in all the serial drivers. arm_uart_init depends on 
unflattening fdt which
depends on relocating fdt which is done after parsing FDT. We want to be able 
to print messages
after early_fdt_map. Once FDT is mapped, the only thing we need is to retrieve 
the bootargs to parse
for earlycon= , add the region to fixmap and register the handlers.

~Michal

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.