1. Patchew
  2. Xen
  3. View series

[PATCH] cmdline: document "extra_guest_irqs" upper bound

Jan Beulich posted 1 patch 1 year ago
Failed in applying to current master (apply log)
[PATCH] cmdline: document "extra_guest_irqs" upper bound
Posted by Jan Beulich 1 year ago 
PHYSDEVOP_pirq_eoi_gmfn_v<N> accepting just a single GFN implies that no
more than 32k pIRQ-s can be used by a domain. Document this upper bound.

Signed-off-by: Jan Beulich <jbeulich@suse.com>
---
I was uncertain about also introducing a bounds check in code: We don't
check for bogus / abusive values elsewhere either.

--- a/docs/misc/xen-command-line.pandoc
+++ b/docs/misc/xen-command-line.pandoc
@@ -1130,7 +1130,8 @@ common for all domUs, while the optional
 is for dom0.  Changing the setting for domU has no impact on dom0 and vice
 versa.  For example to change dom0 without changing domU, use
 `extra_guest_irqs=,512`.  The default value for Dom0 and an eventual separate
-hardware domain is architecture dependent.
+hardware domain is architecture dependent.  The upper limit for both values is
+32768.
 Note that specifying zero as domU value means zero, while for dom0 it means
 to use the default.
Re: [PATCH] cmdline: document "extra_guest_irqs" upper bound
Posted by Andrew Cooper 1 year ago 
On 04/04/2023 7:46 am, Jan Beulich wrote:
> PHYSDEVOP_pirq_eoi_gmfn_v<N> accepting just a single GFN implies that no
> more than 32k pIRQ-s can be used by a domain. Document this upper bound.
>
> Signed-off-by: Jan Beulich <jbeulich@suse.com>

Acked-by: Andrew Cooper <andrew.cooper3@citrix.com>

> ---
> I was uncertain about also introducing a bounds check in code: We don't
> check for bogus / abusive values elsewhere either.

Normally not, but in this case I suspect it's worth it.  Without a
bounds check, don't we risk wandering off the page?
Re: [PATCH] cmdline: document "extra_guest_irqs" upper bound
Posted by Jan Beulich 1 year ago 
On 04.04.2023 09:09, Andrew Cooper wrote:
> On 04/04/2023 7:46 am, Jan Beulich wrote:
>> PHYSDEVOP_pirq_eoi_gmfn_v<N> accepting just a single GFN implies that no
>> more than 32k pIRQ-s can be used by a domain. Document this upper bound.
>>
>> Signed-off-by: Jan Beulich <jbeulich@suse.com>
> 
> Acked-by: Andrew Cooper <andrew.cooper3@citrix.com>

Thanks, but because of the below I guess I'll make a v2.

>> ---
>> I was uncertain about also introducing a bounds check in code: We don't
>> check for bogus / abusive values elsewhere either.
> 
> Normally not, but in this case I suspect it's worth it.  Without a
> bounds check, don't we risk wandering off the page?

Indeed we do; in debug builds we hit assertions.

Jan

Patchew 2.1-devel-0870f84

© 2016 - 2024 Red Hat, Inc.