[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [PATCH v8 09/12] xen: add runtime parameter access support to hypfs
On 08.05.2020 17:34, Juergen Gross wrote: > --- a/xen/arch/arm/xen.lds.S > +++ b/xen/arch/arm/xen.lds.S > @@ -89,6 +89,13 @@ SECTIONS > __start_schedulers_array = .; > *(.data.schedulers) > __end_schedulers_array = .; > + > +#ifdef CONFIG_HYPFS > + . = ALIGN(8); > + __paramhypfs_start = .; > + *(.data.paramhypfs) > + __paramhypfs_end = .; > +#endif > *(.data.rel) > *(.data.rel.*) > CONSTRUCTORS I'm not the maintainer of this code, but I think it would be better if there was either no blank line inserted, or two (a 2nd one after your insertion). > --- a/xen/arch/x86/pv/domain.c > +++ b/xen/arch/x86/pv/domain.c > @@ -52,9 +52,27 @@ static __read_mostly enum { > PCID_OFF, > PCID_ALL, > PCID_XPTI, > - PCID_NOXPTI > + PCID_NOXPTI, > + PCID_END > } opt_pcid = PCID_XPTI; Is this change really needed? The only use looks to be ... > +#ifdef CONFIG_HYPFS > +static const char opt_pcid_2_string[PCID_END][7] = { ... here, yet the arry would end up the same when using [][7]. > --- a/xen/common/grant_table.c > +++ b/xen/common/grant_table.c > @@ -85,8 +85,43 @@ struct grant_table { > struct grant_table_arch arch; > }; > > -static int parse_gnttab_limit(const char *param, const char *arg, > - unsigned int *valp) > +unsigned int __read_mostly opt_max_grant_frames = 64; > +static unsigned int __read_mostly opt_max_maptrack_frames = 1024; > + > +#ifdef CONFIG_HYPFS > +#define GRANT_CUSTOM_VAL_SZ 12 > +static char __read_mostly opt_max_grant_frames_val[GRANT_CUSTOM_VAL_SZ]; > +static char __read_mostly opt_max_maptrack_frames_val[GRANT_CUSTOM_VAL_SZ]; > + > +static void update_gnttab_par(struct param_hypfs *par, unsigned int val, > + char *parval) > +{ > + snprintf(parval, GRANT_CUSTOM_VAL_SZ, "%u", val); > + custom_runtime_set_var_sz(par, parval, GRANT_CUSTOM_VAL_SZ); > +} > + > +static void __init gnttab_max_frames_init(struct param_hypfs *par) > +{ > + update_gnttab_par(par, opt_max_grant_frames, opt_max_grant_frames_val); > +} > + > +static void __init max_maptrack_frames_init(struct param_hypfs *par) > +{ > + update_gnttab_par(par, opt_max_maptrack_frames, > + opt_max_maptrack_frames_val); > +} > +#else > +#define opt_max_grant_frames_val NULL > +#define opt_max_maptrack_frames_val NULL This looks latently dangerous to me (in case new uses of these two identifiers appeared), but I guess my alternative suggestion will be at best controversial, too: #define update_gnttab_par(par, val, unused) update_gnttab_par(par, val) #define parse_gnttab_limit(par, arg, valp, unused) parse_gnttab_limit(par, arg, valp) (placed right here) > @@ -281,6 +282,36 @@ int hypfs_write_bool(struct hypfs_entry_leaf *leaf, > return 0; > } > > +int hypfs_write_custom(struct hypfs_entry_leaf *leaf, > + XEN_GUEST_HANDLE_PARAM(void) uaddr, unsigned long > ulen) > +{ > + struct param_hypfs *p; > + char *buf; > + int ret; > + > + buf = xzalloc_array(char, ulen); > + if ( !buf ) > + return -ENOMEM; > + > + ret = -EFAULT; > + if ( copy_from_guest(buf, uaddr, ulen) ) As just indicated in an extra reply to patch 4, ulen not getting truncated here silently is well obscured (the max_size field type and the check against it elsewhere looks to guarantee this). > + goto out; > + > + ret = -EDOM; > + if ( memchr(buf, 0, ulen) != (buf + ulen - 1) ) > + goto out; > + > + p = container_of(leaf, struct param_hypfs, hypfs); > + ret = p->param->par.func(buf); > + > + if ( !ret ) > + leaf->e.size = ulen; Why? For "ept", "no-exec-sp" would yield "exec-sp=0", and hence you'd wrongly extend the size from what parse_ept_param_runtime() has already set through custom_runtime_set_var(). It looks to me as if there's no reason to update e.size here at all; it's the par.func() handlers which need to take care of this. > --- a/xen/drivers/char/console.c > +++ b/xen/drivers/char/console.c > @@ -75,12 +75,35 @@ enum con_timestamp_mode > TSM_DATE_MS, /* [YYYY-MM-DD HH:MM:SS.mmm] */ > TSM_BOOT, /* [SSSSSS.uuuuuu] */ > TSM_RAW, /* [XXXXXXXXXXXXXXXX] */ > + TSM_END > }; Just like for the PCID enumeration I don't think a sentinel is needed here. > static enum con_timestamp_mode __read_mostly opt_con_timestamp_mode = > TSM_NONE; > > +#ifdef CONFIG_HYPFS > +static const char con_timestamp_mode_2_string[TSM_END][7] = { > + [TSM_NONE] = "none", > + [TSM_DATE] = "date", > + [TSM_DATE_MS] = "datems", > + [TSM_BOOT] = "boot", > + [TSM_RAW] = "raw" Add a trailing comma please (and as I notice only now then also in the similar PCID array). To the subsequent code the gnttab comment applies as well. > @@ -80,7 +81,120 @@ extern const struct kernel_param __param_start[], > __param_end[]; > > #define __rtparam __param(__dataparam) > > -#define custom_runtime_only_param(_name, _var) \ > +#ifdef CONFIG_HYPFS > + > +struct param_hypfs { > + const struct kernel_param *param; > + struct hypfs_entry_leaf hypfs; > + void (*init_leaf)(struct param_hypfs *par); > +}; > + > +extern struct param_hypfs __paramhypfs_start[], __paramhypfs_end[]; > + > +#define __paramhypfs __used_section(".data.paramhypfs") > + > +#define __paramfs static __paramhypfs \ > + __attribute__((__aligned__(sizeof(void *)))) struct param_hypfs Why the attribute? > +#define custom_runtime_set_var_sz(parfs, var, sz) \ > + { \ > + (parfs)->hypfs.content = var; \ > + (parfs)->hypfs.e.max_size = sz; \ var and sz want parentheses around them. > + (parfs)->hypfs.e.size = strlen(var) + 1; \ > + } > +#define custom_runtime_set_var(parfs, var) \ > + custom_runtime_set_var_sz(parfs, var, sizeof(var)) > + > +#define param_2_parfs(par) &__parfs_##par > + > +/* initfunc needs to set size and content, e.g. via > custom_runtime_set_var(). */ > +#define custom_runtime_only_param(_name, _var, initfunc) \ I've started noticing it here, but the issue exists further up (and down) as well - please can you avoid identifiers with leading underscores that are in violation of the C standard? Even more so that here you're not even consistent across macro parameter names. > + __rtparam __rtpar_##_var = \ > + { .name = _name, \ > + .type = OPT_CUSTOM, \ > + .par.func = _var }; \ > + __paramfs __parfs_##_var = \ > + { .param = &__rtpar_##_var, \ > + .init_leaf = initfunc, \ > + .hypfs.e.type = XEN_HYPFS_TYPE_STRING, \ > + .hypfs.e.encoding = XEN_HYPFS_ENC_PLAIN, \ > + .hypfs.e.name = _name, \ > + .hypfs.e.read = hypfs_read_leaf, \ > + .hypfs.e.write = hypfs_write_custom } > +#define boolean_runtime_only_param(_name, _var) \ > + __rtparam __rtpar_##_var = \ > + { .name = _name, \ > + .type = OPT_BOOL, \ > + .len = sizeof(_var) + \ > + BUILD_BUG_ON_ZERO(sizeof(_var) != sizeof(bool)), \ > + .par.var = &_var }; \ > + __paramfs __parfs_##_var = \ > + { .param = &__rtpar_##_var, \ > + .hypfs.e.type = XEN_HYPFS_TYPE_BOOL, \ > + .hypfs.e.encoding = XEN_HYPFS_ENC_PLAIN, \ > + .hypfs.e.name = _name, \ > + .hypfs.e.size = sizeof(_var), \ > + .hypfs.e.max_size = sizeof(_var), \ > + .hypfs.e.read = hypfs_read_leaf, \ > + .hypfs.e.write = hypfs_write_bool, \ > + .hypfs.content = &_var } > +#define integer_runtime_only_param(_name, _var) \ > + __rtparam __rtpar_##_var = \ > + { .name = _name, \ > + .type = OPT_UINT, \ > + .len = sizeof(_var), \ > + .par.var = &_var }; \ > + __paramfs __parfs_##_var = \ > + { .param = &__rtpar_##_var, \ > + .hypfs.e.type = XEN_HYPFS_TYPE_UINT, \ > + .hypfs.e.encoding = XEN_HYPFS_ENC_PLAIN, \ > + .hypfs.e.name = _name, \ > + .hypfs.e.size = sizeof(_var), \ > + .hypfs.e.max_size = sizeof(_var), \ > + .hypfs.e.read = hypfs_read_leaf, \ > + .hypfs.e.write = hypfs_write_leaf, \ > + .hypfs.content = &_var } > +#define size_runtime_only_param(_name, _var) \ > + __rtparam __rtpar_##_var = \ > + { .name = _name, \ > + .type = OPT_SIZE, \ > + .len = sizeof(_var), \ > + .par.var = &_var }; \ > + __paramfs __parfs_##_var = \ > + { .param = &__rtpar_##_var, \ > + .hypfs.e.type = XEN_HYPFS_TYPE_UINT, \ > + .hypfs.e.encoding = XEN_HYPFS_ENC_PLAIN, \ > + .hypfs.e.name = _name, \ > + .hypfs.e.size = sizeof(_var), \ > + .hypfs.e.max_size = sizeof(_var), \ > + .hypfs.e.read = hypfs_read_leaf, \ > + .hypfs.e.write = hypfs_write_leaf, \ > + .hypfs.content = &_var } > +#define string_runtime_only_param(_name, _var) \ > + __rtparam __rtpar_##_var = \ > + { .name = _name, \ > + .type = OPT_STR, \ > + .len = sizeof(_var), \ > + .par.var = &_var }; \ > + __paramfs __parfs_##_var = \ > + { .param = &__rtpar_##_var, \ > + .hypfs.e.type = XEN_HYPFS_TYPE_STRING, \ > + .hypfs.e.encoding = XEN_HYPFS_ENC_PLAIN, \ > + .hypfs.e.name = _name, \ > + .hypfs.e.size = sizeof(_var), \ Is this really correct here? > + .hypfs.e.max_size = sizeof(_var), \ > + .hypfs.e.read = hypfs_read_leaf, \ > + .hypfs.e.write = hypfs_write_leaf, \ > + .hypfs.content = &_var } > + > +#else > + > +struct param_hypfs { > +}; > + > +#define param_2_parfs(par) NULL Along the lines of the earlier comment, this looks latently dangerous. Jan
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |