On 26/11/2018 11:58, Jan Beulich wrote: >>>> On 23.11.18 at 14:25, <jgr...@suse.com> wrote: >> In debug builds the hypervisor will deliberately clobber processed >> elements of the multicall structure. In order to ease diagnostic data >> printout in the affected guest only clobber elements which didn't >> return an error. > > Besides what Andrew has said such a relaxation reduces > the guarding against bad guest side code. If a guest really > wishes to produce diagnostics, I think it should go to the > lengths of copying arguments (if they can't be re-calculated > anyway). Suppressing the clobbering in more cases merely > invites guests to read the arguments after the call, which > they simply should not do. Not clobbering the values in > release builds is a performance choice, and we ought to be > allowed to change our opinion regarding this implementation > detail at any point in time.
Right. And not copying the values before the call is a performance choice on guest side, as errors are not the common case. I know there is no guarantee for the guest that the values are preserved after the call, but in the error case (which should be _very_ rare) it will make diagnosis of that case much easier. I don't think the hypervisor should explicitly try to make it as hard as possible for the guest to find problems in the code. Juergen _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel
