On 06.03.2025 23:03, Jason Andryuk wrote:
> --- a/xen/common/grant_table.c
> +++ b/xen/common/grant_table.c
> @@ -4346,6 +4346,16 @@ static void gnttab_usage_print(struct domain *rd)
> printk("no active grant table entries\n");
> }
>
> +void gnttab_seed_entry(struct domain *d, int idx, domid_t be_domid,
Can idx be negative? If not, unsigned int please.
Furthermore, as with any additions to common code, please keep in mind
Misra: We better wouldn't gain new unreachable code for certain configs,
even if - didn't check - the respective rule continues to be non-blocking.
> + uint64_t frame, unsigned int flags)
> +{
> + struct grant_table *gt = d->grant_table;
This looks like it could be pointer-to-const. Same apparently for the d
function parameter. Question is - would it perhaps make sense to have
const struct grant_table *gt be the function parameter in the first place?
> + shared_entry_v1(gt, idx).flags = flags;
> + shared_entry_v1(gt, idx).domid = be_domid;
> + shared_entry_v1(gt, idx).frame = frame;
> +}
In common code there shouldn't be an assumption that gnttab v1 is in use.
Jan
