Re: [Xen-devel] [PATCH v5 02/10] IOMMU: handle IOMMU mapping and unmapping failures

2016-05-24 Thread Xu, Quan 
On May 23, 2016 9:41 PM, Jan Beulich  wrote:
> >>> On 18.05.16 at 10:08,  wrote:
> > No spamming can occur.
> 
> May I suggest "No spamming of the log can occur", to set some context for
> what follows?
> 

Make sense.

> > --- a/xen/drivers/passthrough/iommu.c
> > +++ b/xen/drivers/passthrough/iommu.c
> > @@ -240,21 +240,49 @@ int iommu_map_page(struct domain *d,
> unsigned long gfn, unsigned long mfn,
> > unsigned int flags)  {
> >  const struct domain_iommu *hd = dom_iommu(d);
> > +int rc;
> >
> >  if ( !iommu_enabled || !hd->platform_ops )
> >  return 0;
> >
> > -return hd->platform_ops->map_page(d, gfn, mfn, flags);
> > +rc = hd->platform_ops->map_page(d, gfn, mfn, flags);
> > +
> > +if ( unlikely(rc) )
> 
> A more general word on the use of blank lines: I think their use is well 
> advised
> to separate logically (mostly) independent steps. In cases like this, where 
> you
> check the return value of a function, the two things really belong together
> imo. Using too little blank lines negatively affects readability, but using 
> too
> many easily leads to not seeing enough context anymore when looking at
> some code fragment.
> 

I will also apply it to other patches.

> > +{
> > +if ( !d->is_shutting_down && printk_ratelimit() )
> > +printk(XENLOG_ERR
> > +   "d%d: IOMMU mapping gfn %#lx mfn %#lx failed %d.",
> 
> I really dislike having to repeat this yet another time: No stops in log 
> messages
> please. Also to the reader of the log it would be unclear what the number at
> the end represents. May I suggest
> 
> printk(XENLOG_ERR
>"d%d: IOMMU mapping gfn %#lx to mfn %#lx failed: %d",
>d->domain_id, gfn, mfn, rc);
> 
> (arguably one might then also remove the words "gfn" and "mfn").
> 

To me, we are better not to remove 'gfn' / 'mfn', but I really need to add a 
'\n'.. then

printk(XENLOG_ERR
   "d%d: IOMMU mapping gfn %#lx to mfn %#lx failed: %d\n",
   d->domain_id, gfn, mfn, rc);


Quan

> Apart from these cosmetic issues I think this is fine now.


___
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

Re: [Xen-devel] [PATCH v5 02/10] IOMMU: handle IOMMU mapping and unmapping failures

2016-05-23 Thread Jan Beulich 
>>> On 18.05.16 at 10:08,  wrote:
> No spamming can occur.

May I suggest "No spamming of the log can occur", to set some
context for what follows?

> --- a/xen/drivers/passthrough/iommu.c
> +++ b/xen/drivers/passthrough/iommu.c
> @@ -240,21 +240,49 @@ int iommu_map_page(struct domain *d, unsigned long gfn, 
> unsigned long mfn,
> unsigned int flags)
>  {
>  const struct domain_iommu *hd = dom_iommu(d);
> +int rc;
>  
>  if ( !iommu_enabled || !hd->platform_ops )
>  return 0;
>  
> -return hd->platform_ops->map_page(d, gfn, mfn, flags);
> +rc = hd->platform_ops->map_page(d, gfn, mfn, flags);
> +
> +if ( unlikely(rc) )

A more general word on the use of blank lines: I think their use is
well advised to separate logically (mostly) independent steps. In
cases like this, where you check the return value of a function,
the two things really belong together imo. Using too little blank
lines negatively affects readability, but using too many easily
leads to not seeing enough context anymore when looking at
some code fragment.

> +{
> +if ( !d->is_shutting_down && printk_ratelimit() )
> +printk(XENLOG_ERR
> +   "d%d: IOMMU mapping gfn %#lx mfn %#lx failed %d.",

I really dislike having to repeat this yet another time: No stops in
log messages please. Also to the reader of the log it would be
unclear what the number at the end represents. May I suggest

printk(XENLOG_ERR
   "d%d: IOMMU mapping gfn %#lx to mfn %#lx failed: %d",
   d->domain_id, gfn, mfn, rc);

(arguably one might then also remove the words "gfn" and "mfn").

Apart from these cosmetic issues I think this is fine now.

Jan


___
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

[Xen-devel] [PATCH v5 02/10] IOMMU: handle IOMMU mapping and unmapping failures

2016-05-18 Thread Quan Xu 
Treat IOMMU mapping and unmapping failures as a fatal to the DomU
If IOMMU mapping and unmapping failed, crash the DomU and propagate
the error up to the call trees.

No spamming can occur. For DomU, we avoid logging any message
for already dying domains. For Dom0, that'll still be more verbose
than we'd really like, but it at least wouldn't outright flood the
console.

Signed-off-by: Quan Xu 
Reviewed-by: Kevin Tian 

CC: Jan Beulich 
CC: Kevin Tian 
---
 xen/drivers/passthrough/iommu.c | 32 ++--
 1 file changed, 30 insertions(+), 2 deletions(-)

diff --git a/xen/drivers/passthrough/iommu.c b/xen/drivers/passthrough/iommu.c
index 9d104d2..7c70306 100644
--- a/xen/drivers/passthrough/iommu.c
+++ b/xen/drivers/passthrough/iommu.c
@@ -240,21 +240,49 @@ int iommu_map_page(struct domain *d, unsigned long gfn, 
unsigned long mfn,
unsigned int flags)
 {
 const struct domain_iommu *hd = dom_iommu(d);
+int rc;
 
 if ( !iommu_enabled || !hd->platform_ops )
 return 0;
 
-return hd->platform_ops->map_page(d, gfn, mfn, flags);
+rc = hd->platform_ops->map_page(d, gfn, mfn, flags);
+
+if ( unlikely(rc) )
+{
+if ( !d->is_shutting_down && printk_ratelimit() )
+printk(XENLOG_ERR
+   "d%d: IOMMU mapping gfn %#lx mfn %#lx failed %d.",
+   d->domain_id, gfn, mfn, rc);
+
+if ( !is_hardware_domain(d) )
+domain_crash(d);
+}
+
+return rc;
 }
 
 int iommu_unmap_page(struct domain *d, unsigned long gfn)
 {
 const struct domain_iommu *hd = dom_iommu(d);
+int rc;
 
 if ( !iommu_enabled || !hd->platform_ops )
 return 0;
 
-return hd->platform_ops->unmap_page(d, gfn);
+rc = hd->platform_ops->unmap_page(d, gfn);
+
+if ( unlikely(rc) )
+{
+if ( !d->is_shutting_down && printk_ratelimit() )
+printk(XENLOG_ERR
+   "d%d: IOMMU unmapping gfn %#lx failed %d.",
+   d->domain_id, gfn, rc);
+
+if ( !is_hardware_domain(d) )
+domain_crash(d);
+}
+
+return rc;
 }
 
 static void iommu_free_pagetables(unsigned long unused)
-- 
1.9.1


___
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel