>>> On 04.03.16 at 12:00, <shuai.r...@linux.intel.com> wrote:
> --- a/xen/arch/x86/domctl.c
> +++ b/xen/arch/x86/domctl.c
> @@ -934,8 +934,14 @@ long arch_do_domctl(
>                      goto vcpuextstate_out;
>                  }
>  
> -                expand_xsave_states(v, xsave_area,
> -                                    size - 2 * sizeof(uint64_t));
> +                ret = expand_xsave_states(v, xsave_area,
> +                                          size - 2 * sizeof(uint64_t));
> +                if ( ret )
> +                {
> +                    xfree(xsave_area);
> +                    vcpu_unpause(v);
> +                    goto vcpuextstate_out;
> +                }

Well, while this is one way to deal with the problem, it's certainly
not the most desirable one: We should try to avoid runtime
allocations, failures of which then cause other things to fail (in
perhaps not very graceful ways). And doing so is pretty simple
here, and you even have two options: Either allocate a per-CPU
array, or - considering that XCNTXT_MASK has only a limited
number of bits set - even use an on-stack array of suitable
(compile time determined from XCNTXT_MASK) size. If you
want to save space, this could presumably even be uint16_t[],
in which case I think it would further be okay if all 63 possible
features were known (totaling to a variable size of 126 bytes).

This is even more so considering that you forgot to adjust
hvm.c in a similar manner.

> @@ -111,21 +111,27 @@ static int setup_xstate_features(bool_t bsp)
>      for ( leaf = 2; leaf < xstate_features; leaf++ )
>      {
>          if ( bsp )
> +        {
>              cpuid_count(XSTATE_CPUID, leaf, &xstate_sizes[leaf],
> -                        &xstate_offsets[leaf], &tmp, &tmp);
> +                        &xstate_offsets[leaf], &ecx, &edx);
> +            if ( ecx & XSTATE_ALIGN64 )
> +                set_bit(leaf, &xstate_align);

__set_bit()

> @@ -134,22 +140,26 @@ static void __init setup_xstate_comp(void)
>       * in the fixed offsets in the xsave area in either compacted form
>       * or standard form.
>       */
> -    xstate_comp_offsets[0] = 0;
>      xstate_comp_offsets[1] = XSAVE_SSE_OFFSET;
>  
>      xstate_comp_offsets[2] = FXSAVE_SIZE + XSAVE_HDR_SIZE;
>  
>      for ( i = 3; i < xstate_features; i++ )
>      {
> -        xstate_comp_offsets[i] = xstate_comp_offsets[i - 1] +
> -                                 (((1ul << i) & xfeature_mask)
> -                                  ? xstate_sizes[i - 1] : 0);
> -        ASSERT(xstate_comp_offsets[i] + xstate_sizes[i] <= xsave_cntxt_size);
> +        if ( (1ul << i) & xcomp_bv )
> +        {
> +            xstate_comp_offsets[i] = test_bit(i, &xstate_align) ?
> +                                     ROUNDUP(xstate_comp_offsets[i - 1], 64) 
> :
> +                                     xstate_comp_offsets[i -1];
> +            xstate_comp_offsets[i] += xstate_sizes[i - 1];
> +            ASSERT(xstate_comp_offsets[i] + xstate_sizes[i] <= 
> xsave_cntxt_size);
> +        }

This now seems wrong for the case when there are discontiguous
bits in xcomp_bv, as you leave zeros in the array (which by itself
is fine, but confuses the subsequent iteration). I think you'd
benefit from having a local variable holding the offset you're
currently at:

    offset = xstate_comp_offsets[2];
    for ( i = 2; i < xstate_features; i++ )
    {
        if ( (1ul << i) & xcomp_bv )
        {
            if ( test_bit(i, &xstate_align) )
                offset = ROUNDUP(offset, 64);
            xstate_comp_offsets[i] = offset;
            offset += xstate_sizes[i];
            ASSERT(offset <= xsave_cntxt_size);
        }
    }

or something along those lines.

>  static void *get_xsave_addr(struct xsave_struct *xsave,
> -        unsigned int xfeature_idx)
> +                            unsigned int *xstate_comp_offsets,

const

> @@ -94,8 +96,8 @@ bool_t xsave_enabled(const struct vcpu *v);
>  int __must_check validate_xstate(u64 xcr0, u64 xcr0_accum,
>                                   const struct xsave_hdr *);
>  int __must_check handle_xsetbv(u32 index, u64 new_bv);
> -void expand_xsave_states(struct vcpu *v, void *dest, unsigned int size);
> -void compress_xsave_states(struct vcpu *v, const void *src, unsigned int 
> size);
> +int expand_xsave_states(struct vcpu *v, void *dest, unsigned int size);
> +int compress_xsave_states(struct vcpu *v, const void *src, unsigned int 
> size);

While with the above I assume these are going to remain what
they have been, a general advice: If you convert a function
from having void return type to something else, and that
something else can indicate an error, use __must_check so the
compiler can tell you whether you've forgotten to update some
caller.

Jan

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

Reply via email to