Xen project Mailing List

Re: [Xen-devel] [PATCH 2/2] xen/x86: hap: Clean-up and harden hap_enable()

To: Roger Pau Monné <roger.pau@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>

From: George Dunlap <george.dunlap@xxxxxxxxxx>

Date: Tue, 4 Feb 2020 11:33:31 +0000

Authentication-results: esa2.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none; spf=None smtp.pra=george.dunlap@xxxxxxxxxx; spf=Pass smtp.mailfrom=George.Dunlap@xxxxxxxxxx; spf=None smtp.helo=postmaster@xxxxxxxxxxxxxxx

Autocrypt: addr=george.dunlap@xxxxxxxxxx; prefer-encrypt=mutual; keydata= mQINBFPqG+MBEACwPYTQpHepyshcufo0dVmqxDo917iWPslB8lauFxVf4WZtGvQSsKStHJSj 92Qkxp4CH2DwudI8qpVbnWCXsZxodDWac9c3PordLwz5/XL41LevEoM3NWRm5TNgJ3ckPA+J K5OfSK04QtmwSHFP3G/SXDJpGs+oDJgASta2AOl9vPV+t3xG6xyfa2NMGn9wmEvvVMD44Z7R W3RhZPn/NEZ5gaJhIUMgTChGwwWDOX0YPY19vcy5fT4bTIxvoZsLOkLSGoZb/jHIzkAAznug Q7PPeZJ1kXpbW9EHHaUHiCD9C87dMyty0N3TmWfp0VvBCaw32yFtM9jUgB7UVneoZUMUKeHA fgIXhJ7I7JFmw3J0PjGLxCLHf2Q5JOD8jeEXpdxugqF7B/fWYYmyIgwKutiGZeoPhl9c/7RE Bf6f9Qv4AtQoJwtLw6+5pDXsTD5q/GwhPjt7ohF7aQZTMMHhZuS52/izKhDzIufl6uiqUBge 0lqG+/ViLKwCkxHDREuSUTtfjRc9/AoAt2V2HOfgKORSCjFC1eI0+8UMxlfdq2z1AAchinU0 eSkRpX2An3CPEjgGFmu2Je4a/R/Kd6nGU8AFaE8ta0oq5BSFDRYdcKchw4TSxetkG6iUtqOO ZFS7VAdF00eqFJNQpi6IUQryhnrOByw+zSobqlOPUO7XC5fjnwARAQABtCRHZW9yZ2UgVy4g RHVubGFwIDxkdW5sYXBnQHVtaWNoLmVkdT6JAlcEEwEKAEECGwMFCwkIBwMFFQoJCAsFFgID AQACHgECF4ACGQEWIQTXqBy2bTNXPzpOYFimNjwxBZC0bQUCXEowWQUJDCJ7dgAKCRCmNjwx BZC0beKvEACJ75YlJXd7TnNHgFyiCJkm/qPeoQ3sFGSDZuZh7SKcdt9+3V2bFEb0Mii1hQaz 3hRqZb8sYPHJrGP0ljK09k3wf8k3OuNxziLQBJyzvn7WNlE4wBEcy/Ejo9TVBdA4ph5D0YaZ nqdsPmxe/xlTFuSkgu4ep1v9dfVP1TQR0e+JIBa/Ss+cKC5intKm+8JxpOploAHuzaPu0L/X FapzsIXqgT9eIQeBEgO2hge6h9Jov3WeED/vh8kA7f8c6zQ/gs5E7VGALwsiLrhr0LZFcKcw kI3oCCrB/C/wyPZv789Ra8EXbeRSJmTjcnBwHRPjnjwQmetRDD1t+VyrkC6uujT5jmgOBzaj KCqZ8PcMAssOzdzQtKmjUQ2b3ICPs2X13xZ5M5/OVs1W3TG5gkvMh4YoHi4ilFnOk+v3/j7q 65FG6N0JLb94Ndi80HkIOQQ1XVGTyu6bUPaBg3rWK91Csp1682kD/dNVF3FKHrRLmSVtmEQR 5rK0+VGc/FmR6vd4haKGWIRuPxzg+pBR77avIZpU7C7+UXGuZ5CbHwIdY8LojJg2TuUdqaVj yxmEZLOA8rVHipCGrslRNthVbJrGN/pqtKjCClFZHIAYJQ9EGLHXLG9Pj76opfjHij3MpR3o pCGAh6KsCrfrsvjnpDwqSbngGyEVH030irSk4SwIqZ7FwA==

Cc: Wei Liu <wl@xxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Julien Grall <jgrall@xxxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx

Delivery-date: Tue, 04 Feb 2020 11:33:44 +0000

Ironport-sdr: srC/OjxWeqPEkC942bGPaZTTr5mpwRGChBtEtH3ONo9RpkhZsdHlaf71cVg9zjsrmTrmm1Puk5 cbIaqE5uJZ7GBn/ulM/kurd+hs+4HKh0TokRj+qbfve7p0iEVmGnv8Nt1Sthanc6wKYVtfwOo+ nmc20/f5X3QIwlJM5iHiZCCw3b/U+76d3VleWAzKMsr9R5PHtngpAOA8C/vlCz0t8wNkCD0xpa ISw/d2vnPoWgoT5n1Mc8B+YaBF8RZrPDo1Se5pdk2PWd5ioMrqvqyoHBy+JxRCBH4ZzhE3ZwhI zoc=

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Openpgp: preference=signencrypt

On 2/4/20 11:28 AM, Roger Pau Monné wrote: > On Tue, Feb 04, 2020 at 11:11:11AM +0000, Julien Grall wrote: >> >> >> On 04/02/2020 10:51, Roger Pau Monné wrote: >>> On Tue, Feb 04, 2020 at 09:34:11AM +0000, Julien Grall wrote: >>>> From: Julien Grall <jgrall@xxxxxxxxxx> >>>> >>>> Unlike shadow_enable(), hap_enable() can only be called once during >>>> domain creation and with the mode equal to mode equal to >>> ^ equals to >> >> Will fix it. >> >>>> PG_external | PG_translate | PG_refcounts. >>>> >>>> If it were called twice, then we might have something interesting >>> ^ a problem >>>> problem as the p2m tables would be re-allocated (and therefore all the >>>> mappings would be lost). >>>> >>>> Add code to sanity check the mode and that the function is only called >>>> once. Take the opportunity to an if checking that PG_translate is set. >>> ^ add an if >> >> Will fix it. >> >>>> >>>> Signed-off-by: Julien Grall <jgrall@xxxxxxxxxx> >>>> >>>> --- >>>> >>>> It is not entirely clear when PG_translate was enforced. >>>> --- >>>> xen/arch/x86/mm/hap/hap.c | 18 +++++++++++------- >>>> 1 file changed, 11 insertions(+), 7 deletions(-) >>>> >>>> diff --git a/xen/arch/x86/mm/hap/hap.c b/xen/arch/x86/mm/hap/hap.c >>>> index 31362a31b6..b734e2e6d3 100644 >>>> --- a/xen/arch/x86/mm/hap/hap.c >>>> +++ b/xen/arch/x86/mm/hap/hap.c >>>> @@ -445,6 +445,13 @@ int hap_enable(struct domain *d, u32 mode) >>>> unsigned int i; >>>> int rv = 0; >>>> + if ( mode != (PG_external | PG_translate | PG_refcounts) ) >>>> + return -EINVAL; >>>> + >>>> + /* The function can only be called once */ >>>> + if ( d->arch.paging.mode != 0 ) >>>> + return -EINVAL; >>> >>> If you want to return EINVAL for both they can be merged into a single >>> if. Also note that this would usually be written as >>> if ( d->arch.paging.mode ) to keep it shorter. >> >> To be honest, this is a matter of taste. There is also an argument that for >> MISRA, your suggestion is not compliant (see Rule 14.4). > > Oh, then we should add those rules to CODING_STYLE if they are to be > enforced. > > So far the style of most of the hypervisor code is to omit the value > when comparing against 0 or NULL AFAIK. > > I don't have an issue with requiring explicit comparisons, but it > needs to be documented so we can aim to have an homogeneous style, > because so far I've been recommending the other way around. Indeed, the general preference of the codebase as a whole is to favor conciseness in this case; there's value in being consistent. I don't want to be annoying about this. I don't agree with the MISRA rule here; but I do think that MISRA is important. OTOH this is in x86 code, which I don't think anyone has suggested become MISRA compliant. And if we're going to start making these sorts of changes, I agree that we should have a discussion about it, rather than implicitly do things sometimes one way and sometimes another. -George _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/mailman/listinfo/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.