xen/common/memory.c | 44 +++++++++++++++++++++----------------------- 1 file changed, 21 insertions(+), 23 deletions(-)
From: Julien Grall <jgrall@amazon.com>
Xen is heavily relying on the DCE stage to remove unused code so the
linker doesn't throw an error because a function is not implemented
yet we defined a prototype for it.
On some GCC version (such as 9.4 provided by Debian sid), the compiler
will DCE stage will not managed to figure that out for
xenmem_add_to_physmap_batch():
ld: ld: prelink.o: in function `xenmem_add_to_physmap_batch':
/xen/xen/common/memory.c:942: undefined reference to `xenmem_add_to_physmap_one'
/xen/xen/common/memory.c:942:(.text+0x22145): relocation truncated
to fit: R_X86_64_PLT32 against undefined symbol `xenmem_add_to_physmap_one'
prelink-efi.o: in function `xenmem_add_to_physmap_batch':
/xen/xen/common/memory.c:942: undefined reference to `xenmem_add_to_physmap_one'
make[2]: *** [Makefile:215: /root/xen/xen/xen.efi] Error 1
make[2]: *** Waiting for unfinished jobs....
ld: /xen/xen/.xen-syms.0: hidden symbol `xenmem_add_to_physmap_one' isn't defined
ld: final link failed: bad value
It is not entirely clear why the compiler DCE is not detecting the
unused code. However, moving the permission check from do_memory_op()
to xenmem_add_to_physmap_batch() does the trick.
Note that this required to move the implementation of
xapt_permision_check() earlier on so it can be called in
xemem_add_to_physmap_batch().
No functional change intended.
Fixes: d4f699a0df6c ("x86/mm: p2m_add_foreign() is HVM-only")
Reported-by: Oleksandr Tyshchenko <oleksandr_tyshchenko@epam.com>
Signed-off-by: Julien Grall <jgrall@amazon.com>
---
This also resolves a randconfig issue on the gitlab CI.
The gitlab CI is used to provide basic testing on a per-series basis. So
I would like to request this patch to be merged in Xen 4.15 in order to
reduce the number of failure not related to the series tested.
Note that there are a few more randconfig issues that needs to be
addressed.
---
xen/common/memory.c | 44 +++++++++++++++++++++-----------------------
1 file changed, 21 insertions(+), 23 deletions(-)
diff --git a/xen/common/memory.c b/xen/common/memory.c
index 01cab7e4930e..b047a93a703a 100644
--- a/xen/common/memory.c
+++ b/xen/common/memory.c
@@ -898,11 +898,32 @@ int xenmem_add_to_physmap(struct domain *d, struct xen_add_to_physmap *xatp,
return rc;
}
+static long xatp_permission_check(struct domain *d, unsigned int space)
+{
+ if ( !paging_mode_translate(d) )
+ return -EACCES;
+
+ /*
+ * XENMAPSPACE_dev_mmio mapping is only supported for hardware Domain
+ * to map this kind of space to itself.
+ */
+ if ( (space == XENMAPSPACE_dev_mmio) &&
+ (!is_hardware_domain(d) || (d != current->domain)) )
+ return -EACCES;
+
+ return xsm_add_to_physmap(XSM_TARGET, current->domain, d);
+}
+
static int xenmem_add_to_physmap_batch(struct domain *d,
struct xen_add_to_physmap_batch *xatpb,
unsigned int extent)
{
union add_to_physmap_extra extra = {};
+ int rc;
+
+ rc = xatp_permission_check(d, xatpb->space);
+ if ( rc )
+ return rc;
if ( unlikely(xatpb->size < extent) )
return -EILSEQ;
@@ -1038,22 +1059,6 @@ static int get_reserved_device_memory(xen_pfn_t start, xen_ulong_t nr,
}
#endif
-static long xatp_permission_check(struct domain *d, unsigned int space)
-{
- if ( !paging_mode_translate(d) )
- return -EACCES;
-
- /*
- * XENMAPSPACE_dev_mmio mapping is only supported for hardware Domain
- * to map this kind of space to itself.
- */
- if ( (space == XENMAPSPACE_dev_mmio) &&
- (!is_hardware_domain(d) || (d != current->domain)) )
- return -EACCES;
-
- return xsm_add_to_physmap(XSM_TARGET, current->domain, d);
-}
-
unsigned int ioreq_server_max_frames(const struct domain *d)
{
unsigned int nr = 0;
@@ -1442,13 +1447,6 @@ long do_memory_op(unsigned long cmd, XEN_GUEST_HANDLE_PARAM(void) arg)
if ( d == NULL )
return -ESRCH;
- rc = xatp_permission_check(d, xatpb.space);
- if ( rc )
- {
- rcu_unlock_domain(d);
- return rc;
- }
-
rc = xenmem_add_to_physmap_batch(d, &xatpb, start_extent);
rcu_unlock_domain(d);
--
2.17.1
On 30.01.2021 16:22, Julien Grall wrote: > @@ -1442,13 +1447,6 @@ long do_memory_op(unsigned long cmd, XEN_GUEST_HANDLE_PARAM(void) arg) > if ( d == NULL ) > return -ESRCH; > > - rc = xatp_permission_check(d, xatpb.space); > - if ( rc ) > - { > - rcu_unlock_domain(d); > - return rc; > - } > - > rc = xenmem_add_to_physmap_batch(d, &xatpb, start_extent); > > rcu_unlock_domain(d); I'd be okay with the code movement if you did so consistently, i.e. also for the other invocation. I realize this would have an effect on the dm-op call of the function, but I wonder whether this wouldn't even be a good thing. If not, I think duplicating xenmem_add_to_physmap()'s early ASSERT() into xenmem_add_to_physmap_batch() would be the better course of action. Jan
Julien Grall writes ("[PATCH for-4.15] xen/mm: Fix build when CONFIG_HVM=n and CONFIG_COVERAGE=y"): > Xen is heavily relying on the DCE stage to remove unused code so the > linker doesn't throw an error because a function is not implemented > yet we defined a prototype for it. Thanks for the clear explanation. > It is not entirely clear why the compiler DCE is not detecting the > unused code. However, moving the permission check from do_memory_op() > to xenmem_add_to_physmap_batch() does the trick. How unfortunate. > Fixes: d4f699a0df6c ("x86/mm: p2m_add_foreign() is HVM-only") > Reported-by: Oleksandr Tyshchenko <oleksandr_tyshchenko@epam.com> > Signed-off-by: Julien Grall <jgrall@amazon.com> I have reviewed the diff, but not the code in context. > The gitlab CI is used to provide basic testing on a per-series basis. So > I would like to request this patch to be merged in Xen 4.15 in order to > reduce the number of failure not related to the series tested. Quite so. Jan Beulich writes ("Re: [PATCH for-4.15] xen/mm: Fix build when CONFIG_HVM=n and CONFIG_COVERAGE=y"): > On 30.01.2021 16:22, Julien Grall wrote: > > @@ -1442,13 +1447,6 @@ long do_memory_op(unsigned long cmd, XEN_GUEST_HANDLE_PARAM(void) arg) > > if ( d == NULL ) > > return -ESRCH; > > > > - rc = xatp_permission_check(d, xatpb.space); > > - if ( rc ) > > - { > > - rcu_unlock_domain(d); > > - return rc; > > - } > > - > > rc = xenmem_add_to_physmap_batch(d, &xatpb, start_extent); > > > > rcu_unlock_domain(d); > > I'd be okay with the code movement if you did so consistently, > i.e. also for the other invocation. I realize this would have > an effect on the dm-op call of the function, but I wonder > whether this wouldn't even be a good thing. If not, I think > duplicating xenmem_add_to_physmap()'s early ASSERT() into > xenmem_add_to_physmap_batch() would be the better course of > action. Jan, can you confirm whether in your opinion this patch as originally posted by Julien is *correct* as is ? In particular, Julien did not intend a functional change. Have you satisfied yourself that there is no functional change here ? I understand your objectiion above to relate to style or neatness, rather than function. Is that correct ? And that your proposed additional change would have some impact whilch would have to be assessed. In which case I think it would be better to defer the style improvement until after the release. IOW, the original patch Release-Acked-by: Ian Jackson <iwj@xenproject.org> assuming a favourable functional code review from a relevant maintainer. Thanks, Ian.
On 01.02.2021 15:54, Ian Jackson wrote: > Julien Grall writes ("[PATCH for-4.15] xen/mm: Fix build when CONFIG_HVM=n and CONFIG_COVERAGE=y"): >> Xen is heavily relying on the DCE stage to remove unused code so the >> linker doesn't throw an error because a function is not implemented >> yet we defined a prototype for it. > > Thanks for the clear explanation. > >> It is not entirely clear why the compiler DCE is not detecting the >> unused code. However, moving the permission check from do_memory_op() >> to xenmem_add_to_physmap_batch() does the trick. > > How unfortunate. > >> Fixes: d4f699a0df6c ("x86/mm: p2m_add_foreign() is HVM-only") >> Reported-by: Oleksandr Tyshchenko <oleksandr_tyshchenko@epam.com> >> Signed-off-by: Julien Grall <jgrall@amazon.com> > > I have reviewed the diff, but not the code in context. > >> The gitlab CI is used to provide basic testing on a per-series basis. So >> I would like to request this patch to be merged in Xen 4.15 in order to >> reduce the number of failure not related to the series tested. > > Quite so. > > Jan Beulich writes ("Re: [PATCH for-4.15] xen/mm: Fix build when CONFIG_HVM=n and CONFIG_COVERAGE=y"): >> On 30.01.2021 16:22, Julien Grall wrote: >>> @@ -1442,13 +1447,6 @@ long do_memory_op(unsigned long cmd, XEN_GUEST_HANDLE_PARAM(void) arg) >>> if ( d == NULL ) >>> return -ESRCH; >>> >>> - rc = xatp_permission_check(d, xatpb.space); >>> - if ( rc ) >>> - { >>> - rcu_unlock_domain(d); >>> - return rc; >>> - } >>> - >>> rc = xenmem_add_to_physmap_batch(d, &xatpb, start_extent); >>> >>> rcu_unlock_domain(d); >> >> I'd be okay with the code movement if you did so consistently, >> i.e. also for the other invocation. I realize this would have >> an effect on the dm-op call of the function, but I wonder >> whether this wouldn't even be a good thing. If not, I think >> duplicating xenmem_add_to_physmap()'s early ASSERT() into >> xenmem_add_to_physmap_batch() would be the better course of >> action. > > Jan, can you confirm whether in your opinion this patch as originally > posted by Julien is *correct* as is ? In particular, Julien did not > intend a functional change. Have you satisfied yourself that there is > no functional change here ? Yes and yes. > I understand your objectiion above to relate to style or neatness, > rather than function. Is that correct ? Yes. > And that your proposed > additional change would have some impact whilch would have to be > assessed. The first of the proposed alternatives may need further investigation, yes. The second of the alternatives would shrink this patch to a 2-line one, i.e. far less code churn, and is not in need of any assessment afaia. In fact I believe this latter alternative was discussed as the approach to take here, before the patch was submitted. Jan > In which case I think it would be better to defer the style > improvement until after the release. > > IOW, the original patch > > Release-Acked-by: Ian Jackson <iwj@xenproject.org> > > assuming a favourable functional code review from a relevant > maintainer. > > Thanks, > Ian. >
On 01/02/2021 15:02, Jan Beulich wrote: > On 01.02.2021 15:54, Ian Jackson wrote: >> Julien Grall writes ("[PATCH for-4.15] xen/mm: Fix build when CONFIG_HVM=n and CONFIG_COVERAGE=y"): >>> Xen is heavily relying on the DCE stage to remove unused code so the >>> linker doesn't throw an error because a function is not implemented >>> yet we defined a prototype for it. >> >> Thanks for the clear explanation. >> >>> It is not entirely clear why the compiler DCE is not detecting the >>> unused code. However, moving the permission check from do_memory_op() >>> to xenmem_add_to_physmap_batch() does the trick. >> >> How unfortunate. >> >>> Fixes: d4f699a0df6c ("x86/mm: p2m_add_foreign() is HVM-only") >>> Reported-by: Oleksandr Tyshchenko <oleksandr_tyshchenko@epam.com> >>> Signed-off-by: Julien Grall <jgrall@amazon.com> >> >> I have reviewed the diff, but not the code in context. >> >>> The gitlab CI is used to provide basic testing on a per-series basis. So >>> I would like to request this patch to be merged in Xen 4.15 in order to >>> reduce the number of failure not related to the series tested. >> >> Quite so. >> >> Jan Beulich writes ("Re: [PATCH for-4.15] xen/mm: Fix build when CONFIG_HVM=n and CONFIG_COVERAGE=y"): >>> On 30.01.2021 16:22, Julien Grall wrote: >>>> @@ -1442,13 +1447,6 @@ long do_memory_op(unsigned long cmd, XEN_GUEST_HANDLE_PARAM(void) arg) >>>> if ( d == NULL ) >>>> return -ESRCH; >>>> >>>> - rc = xatp_permission_check(d, xatpb.space); >>>> - if ( rc ) >>>> - { >>>> - rcu_unlock_domain(d); >>>> - return rc; >>>> - } >>>> - >>>> rc = xenmem_add_to_physmap_batch(d, &xatpb, start_extent); >>>> >>>> rcu_unlock_domain(d); >>> >>> I'd be okay with the code movement if you did so consistently, >>> i.e. also for the other invocation. I realize this would have >>> an effect on the dm-op call of the function, but I wonder >>> whether this wouldn't even be a good thing. If not, I think >>> duplicating xenmem_add_to_physmap()'s early ASSERT() into >>> xenmem_add_to_physmap_batch() would be the better course of >>> action. >> >> Jan, can you confirm whether in your opinion this patch as originally >> posted by Julien is *correct* as is ? In particular, Julien did not >> intend a functional change. Have you satisfied yourself that there is >> no functional change here ? > > Yes and yes. > >> I understand your objectiion above to relate to style or neatness, >> rather than function. Is that correct ? > > Yes. > >> And that your proposed >> additional change would have some impact whilch would have to be >> assessed. > > The first of the proposed alternatives may need further > investigation, yes. The second of the alternatives would > shrink this patch to a 2-line one, i.e. far less code > churn, and is not in need of any assessment afaia. In > fact I believe this latter alternative was discussed as > the approach to take here, before the patch was submitted. Right, I chose this approach over the one discussed previously because it doesn't duplicate the check for auto-translated domain and I couldn't really find a good way to justify it in the code (you requested one). Regarding calling the xatp_permission_check() from xenmem_add_to_physmap(). It would means that the DM code will have two XSM check (one XSM_DM_PRIV, one XSM_TARGET). It is not clear to me whether this is going to be introducing more headache for the XSM folks. Therefore, for Xen 4.15, I would prefer to stick with my patch. Cheers, -- Julien Grall
Jan Beulich writes ("Re: [PATCH for-4.15] xen/mm: Fix build when CONFIG_HVM=n and CONFIG_COVERAGE=y [and 1 more messages]"): > On 01.02.2021 15:54, Ian Jackson wrote: > > Julien Grall writes ("[PATCH for-4.15] xen/mm: Fix build when CONFIG_HVM=n and CONFIG_COVERAGE=y"): ... > > Jan, can you confirm whether in your opinion this patch as originally > > posted by Julien is *correct* as is ? In particular, Julien did not > > intend a functional change. Have you satisfied yourself that there is > > no functional change here ? > > Yes and yes. > > > I understand your objectiion above to relate to style or neatness, > > rather than function. Is that correct ? > > Yes. Right, thanks. > > And that your proposed > > additional change would have some impact whilch would have to be > > assessed. > > The first of the proposed alternatives may need further > investigation, yes. The second of the alternatives would > shrink this patch to a 2-line one, i.e. far less code > churn, and is not in need of any assessment afaia. In > fact I believe this latter alternative was discussed as > the approach to take here, before the patch was submitted. Sorry I missed that part. I would be happy with that other approach too, so for that approach (adding a duplicated ASSERT) is also Release-Acked-by: Ian Jackson <iwj@xenproject.org> I'm not a huge fan of code duplication, in general. I suggest that if the ASSERT is duplicated it might be worth leaving comment(s) by each one pointing to the other. Ian.
© 2016 - 2024 Red Hat, Inc.