>>> On 07.03.16 at 17:28, <lichong...@gmail.com> wrote:
> On Mon, Mar 7, 2016 at 6:59 AM, Jan Beulich <jbeul...@suse.com> wrote:
>>>>> On 06.03.16 at 18:55, <lichong...@gmail.com> wrote:
>>>      switch ( op->cmd )
>>>      {
>>> -    case XEN_DOMCTL_SCHEDOP_getinfo:
>>> -        if ( d->max_vcpus > 0 )
>>> -        {
>>> -            spin_lock_irqsave(&prv->lock, flags);
>>> -            svc = rt_vcpu(d->vcpu[0]);
>>> -            op->u.rtds.period = svc->period / MICROSECS(1);
>>> -            op->u.rtds.budget = svc->budget / MICROSECS(1);
>>> -            spin_unlock_irqrestore(&prv->lock, flags);
>>> -        }
>>> -        else
>>> -        {
>>> -            /* If we don't have vcpus yet, let's just return the defaults. 
>>> */
>>> -            op->u.rtds.period = RTDS_DEFAULT_PERIOD;
>>> -            op->u.rtds.budget = RTDS_DEFAULT_BUDGET;
>>> -        }
>>> +    case XEN_DOMCTL_SCHEDOP_getinfo: /* return the default parameters */
>>> +        spin_lock_irqsave(&prv->lock, flags);
>>> +        op->u.rtds.period = RTDS_DEFAULT_PERIOD / MICROSECS(1);
>>> +        op->u.rtds.budget = RTDS_DEFAULT_BUDGET / MICROSECS(1);
>>> +        spin_unlock_irqrestore(&prv->lock, flags);
>>>          break;
>>
>> This alters the values returned when d->max_vcpus == 0 - while
>> this looks to be intentional, I think calling out such a bug fix in the
>> description is a must.
> 
> Based on previous discussion, XEN_DOMCTL_SCHEDOP_getinfo only returns
> the default parameters,
> no matter whether vcpu is created yet or not. But I can absolutely
> explain this in the description.

That wasn't the point of the comment. Instead the change (fix) to
divide by MICROSECS(1) is what otherwise would go in silently.

>>> @@ -1163,6 +1173,96 @@ rt_dom_cntl(
>>>          }
>>>          spin_unlock_irqrestore(&prv->lock, flags);
>>>          break;
>>> +    case XEN_DOMCTL_SCHEDOP_getvcpuinfo:
>>> +        if ( guest_handle_is_null(op->u.v.vcpus) )
>>> +        {
>>> +            rc = -EINVAL;
>>
>> Perhaps rather -EFAULT? But then again - what is this check good for
>> (considering that it doesn't cover other obviously bad handle values)?
> 
> Dario suggested this in the last post, because vcpus is a handle and
> needs to be validated.

Well, as said - the handle being non-null doesn't make it a valid
handle. Any validation can be left to copy_{to,from}_guest*()
unless you mean to give a null handle some special meaning.

>>> +            {
>>> +                rc = -EINVAL;
>>> +                break;
>>> +            }
>>> +
>>> +            spin_lock_irqsave(&prv->lock, flags);
>>> +            svc = rt_vcpu(d->vcpu[local_sched.vcpuid]);
>>> +            local_sched.s.rtds.budget = svc->budget / MICROSECS(1);
>>> +            local_sched.s.rtds.period = svc->period / MICROSECS(1);
>>> +            spin_unlock_irqrestore(&prv->lock, flags);
>>> +
>>> +            if ( __copy_to_guest_offset(op->u.v.vcpus, index,
>>> +                    &local_sched, 1) )
>>> +            {
>>> +                rc = -EFAULT;
>>> +                break;
>>> +            }
>>> +            if ( (++index > 0x3f) && hypercall_preempt_check() )
>>> +                break;
>>
>> So how is the caller going to be able to reliably read all vCPU-s'
>> information for a guest with more than 64 vCPU-s?
> 
> In libxc, we re-issue hypercall if the current one is preempted.

And with the current code - how does libxc know? (And anyway,
this should only be a last resort, if the hypervisor can't by itself
arrange for a continuation. If done this way, having a code
comment referring to the required caller behavior would seem to
be an absolute must.)

>>> +        }
>>> +
>>> +        if ( !rc && (op->u.v.nr_vcpus != index) )
>>> +            op->u.v.nr_vcpus = index;
>>
>> I don't think the right side of the && is really necessary / useful.
> 
> The right side is to check whether the vcpus array is fully processed.
> When it is true and no error occurs (rc == 0), we
> update op->u.v.nr_vcpus, which is returned to libxc, and helps xc
> function figuring out how many un-processed vcpus should
> be taken care of in the next hypercall.

Just consider what the contents of op->u.v.nr_vcpus is after
this piece of code was executed, once with the full conditional,
and another time with the right side of the && omitted.

Jan

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

Reply via email to