[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] Arm: tidy page_get_owner_and_nr_reference()

  • To: Julien Grall <julien@xxxxxxx>
  • From: Jan Beulich <jbeulich@xxxxxxxx>
  • Date: Mon, 14 Jul 2025 09:26:00 +0200
  • Autocrypt: addr=jbeulich@xxxxxxxx; keydata= xsDiBFk3nEQRBADAEaSw6zC/EJkiwGPXbWtPxl2xCdSoeepS07jW8UgcHNurfHvUzogEq5xk hu507c3BarVjyWCJOylMNR98Yd8VqD9UfmX0Hb8/BrA+Hl6/DB/eqGptrf4BSRwcZQM32aZK 7Pj2XbGWIUrZrd70x1eAP9QE3P79Y2oLrsCgbZJfEwCgvz9JjGmQqQkRiTVzlZVCJYcyGGsD /0tbFCzD2h20ahe8rC1gbb3K3qk+LpBtvjBu1RY9drYk0NymiGbJWZgab6t1jM7sk2vuf0Py O9Hf9XBmK0uE9IgMaiCpc32XV9oASz6UJebwkX+zF2jG5I1BfnO9g7KlotcA/v5ClMjgo6Gl MDY4HxoSRu3i1cqqSDtVlt+AOVBJBACrZcnHAUSuCXBPy0jOlBhxPqRWv6ND4c9PH1xjQ3NP nxJuMBS8rnNg22uyfAgmBKNLpLgAGVRMZGaGoJObGf72s6TeIqKJo/LtggAS9qAUiuKVnygo 3wjfkS9A3DRO+SpU7JqWdsveeIQyeyEJ/8PTowmSQLakF+3fote9ybzd880fSmFuIEJldWxp Y2ggPGpiZXVsaWNoQHN1c2UuY29tPsJgBBMRAgAgBQJZN5xEAhsDBgsJCAcDAgQVAggDBBYC AwECHgECF4AACgkQoDSui/t3IH4J+wCfQ5jHdEjCRHj23O/5ttg9r9OIruwAn3103WUITZee e7Sbg12UgcQ5lv7SzsFNBFk3nEQQCACCuTjCjFOUdi5Nm244F+78kLghRcin/awv+IrTcIWF hUpSs1Y91iQQ7KItirz5uwCPlwejSJDQJLIS+QtJHaXDXeV6NI0Uef1hP20+y8qydDiVkv6l IreXjTb7DvksRgJNvCkWtYnlS3mYvQ9NzS9PhyALWbXnH6sIJd2O9lKS1Mrfq+y0IXCP10eS FFGg+Av3IQeFatkJAyju0PPthyTqxSI4lZYuJVPknzgaeuJv/2NccrPvmeDg6Coe7ZIeQ8Yj t0ARxu2xytAkkLCel1Lz1WLmwLstV30g80nkgZf/wr+/BXJW/oIvRlonUkxv+IbBM3dX2OV8 AmRv1ySWPTP7AAMFB/9PQK/VtlNUJvg8GXj9ootzrteGfVZVVT4XBJkfwBcpC/XcPzldjv+3 HYudvpdNK3lLujXeA5fLOH+Z/G9WBc5pFVSMocI71I8bT8lIAzreg0WvkWg5V2WZsUMlnDL9 mpwIGFhlbM3gfDMs7MPMu8YQRFVdUvtSpaAs8OFfGQ0ia3LGZcjA6Ik2+xcqscEJzNH+qh8V m5jjp28yZgaqTaRbg3M/+MTbMpicpZuqF4rnB0AQD12/3BNWDR6bmh+EkYSMcEIpQmBM51qM EKYTQGybRCjpnKHGOxG0rfFY1085mBDZCH5Kx0cl0HVJuQKC+dV2ZY5AqjcKwAxpE75MLFkr wkkEGBECAAkFAlk3nEQCGwwACgkQoDSui/t3IH7nnwCfcJWUDUFKdCsBH/E5d+0ZnMQi+G0A nAuWpQkjM1ASeQwSHEeAWPgskBQL
  • Cc: Stefano Stabellini <sstabellini@xxxxxxxxxx>, Volodymyr Babchuk <volodymyr_babchuk@xxxxxxxx>, Bertrand Marquis <bertrand.marquis@xxxxxxx>, Michal Orzel <michal.orzel@xxxxxxx>, Oleksii Kurochko <oleksii.kurochko@xxxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • Delivery-date: Mon, 14 Jul 2025 07:26:13 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 12.07.2025 12:37, Julien Grall wrote:
> Hi Jan,
> 
> Sorry for the late answer.
> 
> On 03/07/2025 11:04, Jan Beulich wrote:
>> On 03.07.2025 10:52, Julien Grall wrote:
>>> On 02/07/2025 14:37, Jan Beulich wrote:
>>>> On 02.07.2025 15:18, Julien Grall wrote:
>>>>> On 02/07/2025 14:06, Jan Beulich wrote:
>>>>>> When the bumping by <nr> (instead of just 1) was introduced, a comment
>>>>>> was left untouched, and a bogus ASSERT_UNREACHABLE() was inserted. That
>>>>>> code path can in principle be taken (depending on configuration coming
>>>>>> from the outside), and we shouldn't assert anything we didn't check
>>>>>> elsewhere.
>>>>>
>>>>> I suggested to add the ASSERT_UNREACHABLE (see [1]). My take is the
>>>>> overflow is not something that should happen and it is good to be able
>>>>> to catch very clearly in debug build.
>>>>
>>>> But catching an anomalous entry in DT (which aiui the values come from,
>>>> even if perhaps indirectly) isn't going to depend on people using debug
>>>> builds. It depends on what DT blobs they use. And issues there shouldn't
>>>> be checked by assertions, as those blobs live outside of Xen.
>>>
>>> I agree we probably want check upfront. But I still don't think we want
>>> to remove this ASSERT_UNREACHABLE().
>>>
>>> By the way, I am not asking you to add those checks.
>>
>> Sure, I wouldn't even know where and what. I can re-send just the comment
>> change, but that would feel wrong as long as the ASSERT_UNREACHABLE() is
>> actually reachable.
> 
> I am guessing you mean this change:
> 
>           /*
> -         * Count ==  0: Page is not allocated, so we cannot take a 
> reference.
> -         * Count == -1: Reference count would wrap, which is invalid.
> +         * Count ==   0: Page is not allocated, so we cannot take a 
> reference.
> +         * Count >= -nr: Reference count would wrap, which is invalid.
>            */
> 
> If so, I think it is still valid regardless whether we continue to use 
> ASSERT_UNREACHABLE(). 

Yes, that's the comment change which is valid regardless. My reply was about
the dropping of the ASSERT_UNREACHABLE(), though: To me, dropping that
change simply feels wrong, as it was put there by mistake at the same time
as the comment was left unaltered. So to me both changes still go together,
unless by a patch going in earlier the unreachability of that return path
was indeed guaranteed.

In fact I guess I should have added a Fixes: tag to the patch.

Jan

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.