[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 1/7] xen/arm: Lookup bootinfo shm bank during the mapping

  • To: Luca Fancellu <luca.fancellu@xxxxxxx>, <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • From: Michal Orzel <michal.orzel@xxxxxxx>
  • Date: Mon, 6 May 2024 15:24:36 +0200
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=arm.com smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0)
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=oRoXz1QYnq0OFNHm9Okr8mA1DLAHSVfztTFO/qbJjbw=; b=DPISDOhe1SfiNBsN7eQh9Uj3NN2oTFSOh/pR5KFW/gmxlwk6qzVT1CUkLBx+8wPD9qKhpNfEoGL9BbIvd5gWHZrx802BucupTZWN4Z+ukyzeXgOYZgypCn+4qtvM6XIPD/o62ambgEUlY82s8xsE+pDAEp5KiBI9kwT/nt4INk4Q5MOMfVLomzbTfhcFGdIYU5H1tJRCh8o9E1nz+4KV23yYR35zzkNURyYJaLHxrI2PC29X2vTwk47gXcGDYW3BENPEamNAfoKbuivgCi1SYzkyPX8Re80BPWivg2j7lCgGWUTfX6rbkOfUNreblwZFCu6zN5KiY9LdhMIvQA54yA==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=VUe7yHXCpA2Z6emPQnmF8zbqoy2MaJ8fKCwd6J0f1QKXRdejTq39rD+YyKli7iKJCieAtii08kNb6Qxk2r9/zU1sc0EG2Qtmw3KkPFAvBMUHUUDTEOfvRr4AwteJ4RpOrqTSxKD9MoZpLMEewPw/MMflCaGYfDGdsWcEMFn6Q6/eCbIKviLVvBArvKwvbaMFYUNDFqq79F36aba+7NdRAVoZ1NlkMDcOvIipBXOSR/J41OfN71cnN6YQowMXzLdgKjdZTboxb3GVy7cB2/0VMtw3jTf5F8nlk7g7t1Iod686FzTnPk9HwgRfeN4cPtaRorewkC/dmKWdJzpZ3bmksQ==
  • Cc: Stefano Stabellini <sstabellini@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Bertrand Marquis <bertrand.marquis@xxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>
  • Delivery-date: Mon, 06 May 2024 13:24:59 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
Hi Luca,

On 23/04/2024 10:25, Luca Fancellu wrote:
> 
> 
> The current static shared memory code is using bootinfo banks when it
> needs to find the number of borrower, so every time assign_shared_memory
s/borrower/borrowers

> is called, the bank is searched in the bootinfo.shmem structure.
> 
> There is nothing wrong with it, however the bank can be used also to
> retrieve the start address and size and also to pass less argument to
> assign_shared_memory. When retrieving the information from the bootinfo
> bank, it's also possible to move the checks on alignment to
> process_shm_node in the early stages.
Is this change really required for what you want to achieve? At the moment the 
alignment checks
are done before first use, which requires these values to be aligned. FDT 
processing part does not need it.

> 
> So create a new function find_shm() which takes a 'struct shared_meminfo'
Can we name it find_shm_bank() or find_shm_bank_by_id()?
I agree that it's better to use a unique ID rather than matching by address/size

> structure and the shared memory ID, to look for a bank with a matching ID,
> take the physical host address and size from the bank, pass the bank to
> assign_shared_memory() removing the now unnecessary arguments and finally
> remove the acquire_nr_borrower_domain() function since now the information
> can be extracted from the passed bank.
> Move the "xen,shm-id" parsing early in process_shm to bail out quickly in
> case of errors (unlikely), as said above, move the checks on alignment
> to process_shm_node.
> 
> Drawback of this change is that now the bootinfo are used also when the
> bank doesn't need to be allocated, however it will be convinient later
> to use it as an argument for assign_shared_memory when dealing with
> the use case where the Host physical address is not supplied by the user.
> 
> Signed-off-by: Luca Fancellu <luca.fancellu@xxxxxxx>
> ---
>  xen/arch/arm/static-shmem.c | 105 ++++++++++++++++++++----------------
>  1 file changed, 58 insertions(+), 47 deletions(-)
> 
> diff --git a/xen/arch/arm/static-shmem.c b/xen/arch/arm/static-shmem.c
> index 09f474ec6050..f6cf74e58a83 100644
> --- a/xen/arch/arm/static-shmem.c
> +++ b/xen/arch/arm/static-shmem.c
> @@ -19,29 +19,24 @@ static void __init __maybe_unused build_assertions(void)
>                   offsetof(struct shared_meminfo, bank)));
>  }
> 
> -static int __init acquire_nr_borrower_domain(struct domain *d,
> -                                             paddr_t pbase, paddr_t psize,
> -                                             unsigned long *nr_borrowers)
> +static const struct membank __init *find_shm(const struct membanks *shmem,
> +                                             const char *shm_id)
>  {
> -    const struct membanks *shmem = bootinfo_get_shmem();
>      unsigned int bank;
> 
> -    /* Iterate reserved memory to find requested shm bank. */
> +    BUG_ON(!shmem || !shm_id);
Is it really necessary? For example, before calling find_shm(), strlen is used 
on shm_id

> +
>      for ( bank = 0 ; bank < shmem->nr_banks; bank++ )
>      {
> -        paddr_t bank_start = shmem->bank[bank].start;
> -        paddr_t bank_size = shmem->bank[bank].size;
> -
> -        if ( (pbase == bank_start) && (psize == bank_size) )
> +        if ( strncmp(shm_id, shmem->bank[bank].shmem_extra->shm_id,
> +                     MAX_SHM_ID_LENGTH) == 0 )
Why not strcmp? AFAICS it's been validated many times already

>              break;
>      }
> 
>      if ( bank == shmem->nr_banks )
> -        return -ENOENT;
> -
> -    *nr_borrowers = shmem->bank[bank].shmem_extra->nr_shm_borrowers;
> +        return NULL;
> 
> -    return 0;
> +    return &shmem->bank[bank];
>  }
> 
>  /*
> @@ -103,14 +98,20 @@ static mfn_t __init acquire_shared_memory_bank(struct 
> domain *d,
>      return smfn;
>  }
> 
> -static int __init assign_shared_memory(struct domain *d,
> -                                       paddr_t pbase, paddr_t psize,
> -                                       paddr_t gbase)
> +static int __init assign_shared_memory(struct domain *d, paddr_t gbase,
> +                                       const struct membank *shm_bank)
>  {
>      mfn_t smfn;
>      int ret = 0;
>      unsigned long nr_pages, nr_borrowers, i;
>      struct page_info *page;
> +    paddr_t pbase, psize;
> +
> +    BUG_ON(!shm_bank || !shm_bank->shmem_extra);
Is it really necessary? Isn't shm_bank already validated? It's not very common 
to have NULL checks in internal functions.

> +
> +    pbase = shm_bank->start;
> +    psize = shm_bank->size;
> +    nr_borrowers = shm_bank->shmem_extra->nr_shm_borrowers;
> 
>      printk("%pd: allocate static shared memory BANK 
> %#"PRIpaddr"-%#"PRIpaddr".\n",
>             d, pbase, pbase + psize);
> @@ -135,14 +136,6 @@ static int __init assign_shared_memory(struct domain *d,
>          }
>      }
> 
> -    /*
> -     * Get the right amount of references per page, which is the number of
> -     * borrower domains.
> -     */
> -    ret = acquire_nr_borrower_domain(d, pbase, psize, &nr_borrowers);
> -    if ( ret )
> -        return ret;
> -
>      /*
>       * Instead of letting borrower domain get a page ref, we add as many
>       * additional reference as the number of borrowers when the owner
> @@ -199,6 +192,7 @@ int __init process_shm(struct domain *d, struct 
> kernel_info *kinfo,
> 
>      dt_for_each_child_node(node, shm_node)
>      {
> +        const struct membank *boot_shm_bank;
>          const struct dt_property *prop;
>          const __be32 *cells;
>          uint32_t addr_cells, size_cells;
> @@ -212,6 +206,23 @@ int __init process_shm(struct domain *d, struct 
> kernel_info *kinfo,
>          if ( !dt_device_is_compatible(shm_node, 
> "xen,domain-shared-memory-v1") )
>              continue;
> 
> +        if ( dt_property_read_string(shm_node, "xen,shm-id", &shm_id) )
> +        {
> +            printk("%pd: invalid \"xen,shm-id\" property", d);
> +            return -EINVAL;
> +        }
> +        BUG_ON((strlen(shm_id) <= 0) || (strlen(shm_id) >= 
> MAX_SHM_ID_LENGTH));
> +
> +        boot_shm_bank = find_shm(bootinfo_get_shmem(), shm_id);
> +        if ( !boot_shm_bank )
> +        {
> +            printk("%pd: static shared memory bank not found: '%s'", d, 
> shm_id);
> +            return -ENOENT;
> +        }
> +
> +        pbase = boot_shm_bank->start;
> +        psize = boot_shm_bank->size;
> +
>          /*
>           * xen,shared-mem = <pbase, gbase, size>;
>           * TODO: pbase is optional.
> @@ -221,20 +232,7 @@ int __init process_shm(struct domain *d, struct 
> kernel_info *kinfo,
>          prop = dt_find_property(shm_node, "xen,shared-mem", NULL);
>          BUG_ON(!prop);
>          cells = (const __be32 *)prop->value;
> -        device_tree_get_reg(&cells, addr_cells, addr_cells, &pbase, &gbase);
> -        psize = dt_read_paddr(cells, size_cells);
> -        if ( !IS_ALIGNED(pbase, PAGE_SIZE) || !IS_ALIGNED(gbase, PAGE_SIZE) )
> -        {
> -            printk("%pd: physical address 0x%"PRIpaddr", or guest address 
> 0x%"PRIpaddr" is not suitably aligned.\n",
> -                   d, pbase, gbase);
> -            return -EINVAL;
> -        }
> -        if ( !IS_ALIGNED(psize, PAGE_SIZE) )
> -        {
> -            printk("%pd: size 0x%"PRIpaddr" is not suitably aligned\n",
> -                   d, psize);
> -            return -EINVAL;
> -        }
> +        gbase = dt_read_paddr(cells + addr_cells, addr_cells);
> 
>          for ( i = 0; i < PFN_DOWN(psize); i++ )
>              if ( !mfn_valid(mfn_add(maddr_to_mfn(pbase), i)) )
> @@ -251,13 +249,6 @@ int __init process_shm(struct domain *d, struct 
> kernel_info *kinfo,
>          if ( dt_property_read_string(shm_node, "role", &role_str) == 0 )
>              owner_dom_io = false;
> 
> -        if ( dt_property_read_string(shm_node, "xen,shm-id", &shm_id) )
> -        {
> -            printk("%pd: invalid \"xen,shm-id\" property", d);
> -            return -EINVAL;
> -        }
> -        BUG_ON((strlen(shm_id) <= 0) || (strlen(shm_id) >= 
> MAX_SHM_ID_LENGTH));
> -
>          /*
>           * DOMID_IO is a fake domain and is not described in the Device-Tree.
>           * Therefore when the owner of the shared region is DOMID_IO, we will
> @@ -270,8 +261,8 @@ int __init process_shm(struct domain *d, struct 
> kernel_info *kinfo,
>               * We found the first borrower of the region, the owner was not
>               * specified, so they should be assigned to dom_io.
>               */
> -            ret = assign_shared_memory(owner_dom_io ? dom_io : d,
> -                                       pbase, psize, gbase);
> +            ret = assign_shared_memory(owner_dom_io ? dom_io : d, gbase,
> +                                       boot_shm_bank);
>              if ( ret )
>                  return ret;
>          }
> @@ -440,6 +431,26 @@ int __init process_shm_node(const void *fdt, int node, 
> uint32_t address_cells,
>      device_tree_get_reg(&cell, address_cells, address_cells, &paddr, &gaddr);
>      size = dt_next_cell(size_cells, &cell);
> 
> +    if ( !IS_ALIGNED(paddr, PAGE_SIZE) )
> +    {
> +        printk("fdt: physical address 0x%"PRIpaddr" is not suitably 
> aligned.\n",
> +               paddr);
> +        return -EINVAL;
> +    }
> +
> +    if ( !IS_ALIGNED(gaddr, PAGE_SIZE) )
> +    {
> +        printk("fdt: guest address 0x%"PRIpaddr" is not suitably aligned.\n",
> +               gaddr);
> +        return -EINVAL;
> +    }
> +
> +    if ( !IS_ALIGNED(size, PAGE_SIZE) )
What sense does it make to check for size being aligned before checking for 
size being 0? It would pass this check.

> +    {
> +        printk("fdt: size 0x%"PRIpaddr" is not suitably aligned\n", size);
> +        return -EINVAL;
> +    }
> +
>      if ( !size )
>      {
>          printk("fdt: the size for static shared memory region can not be 
> zero\n");
> --
> 2.34.1
> 

~Michal

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.