> -Original Message-
> From: Jan Beulich
> Sent: 16 September 2020 15:43
> To: Paul Durrant
> Cc: xen-devel@lists.xenproject.org; Durrant, Paul ;
> Ian Jackson
> ; Wei Liu ; Andrew Cooper
> ; George
> Dunlap ; Julien Grall ; Stefano
> Stabellini
>
> Subject: RE: [EXTERNAL] [PATCH v8 6/8] common/domain: add a domain context
> record for shared_info...
>
> CAUTION: This email originated from outside of the organization. Do not click
> links or open
> attachments unless you can confirm the sender and know the content is safe.
>
>
>
> On 15.09.2020 18:17, Paul Durrant wrote:
> > +static int load_shared_info(struct domain *d, struct domain_context *c)
> > +{
> > +struct domain_shared_info_context ctxt;
> > +size_t hdr_size = offsetof(typeof(ctxt), buffer);
> > +unsigned int i;
> > +int rc;
> > +
> > +rc = DOMAIN_LOAD_BEGIN(SHARED_INFO, c, );
> > +if ( rc )
> > +return rc;
> > +
> > +if ( i ) /* expect only a single instance */
> > +return -ENXIO;
> > +
> > +rc = domain_load_data(c, , hdr_size);
> > +if ( rc )
> > +return rc;
> > +
> > +if ( ctxt.buffer_size > sizeof(shared_info_t) ||
> > + (ctxt.flags & ~DOMAIN_SAVE_32BIT_SHINFO) )
> > +return -EINVAL;
> > +
> > +if ( ctxt.flags & DOMAIN_SAVE_32BIT_SHINFO )
> > +{
> > +#ifdef CONFIG_COMPAT
> > +has_32bit_shinfo(d) = true;
> > +#else
> > +return -EINVAL;
> > +#endif
> > +}
> > +
> > +if ( is_pv_domain(d) )
> > +{
> > +shared_info_t *shinfo = xmalloc(shared_info_t);
> > +
> > +rc = domain_load_data(c, shinfo, sizeof(*shinfo));
>
> You need to check the allocation's success first.
Oops, yes.
> But of course the
> question is why you don't read directly into d->shared_info. The
> domain is paused at this point, isn't it?
>
It is, but domain_create() may have initialized something outside of the areas
we want to touch; I'm trying to follow what the existing restore code in
toolstack currently does.
> > +if ( rc )
> > +{
> > +xfree(shinfo);
> > +return rc;
> > +}
> > +
> > +#ifdef CONFIG_COMPAT
> > +if ( has_32bit_shinfo(d) )
> > +{
> > +memcpy(>shared_info->compat.vcpu_info,
> > + >compat.vcpu_info,
> > + sizeof(d->shared_info->compat.vcpu_info));
> > +memcpy(>shared_info->compat.arch,
> > + >compat.arch,
> > + sizeof(d->shared_info->compat.vcpu_info));
> > +memset(>shared_info->compat.evtchn_pending,
> > + 0,
> > + sizeof(d->shared_info->compat.evtchn_pending));
> > +memset(>shared_info->compat.evtchn_mask,
> > + 0xff,
> > + sizeof(d->shared_info->compat.evtchn_mask));
> > +
> > +d->shared_info->compat.arch.pfn_to_mfn_frame_list_list = 0;
> > +for ( i = 0; i < XEN_LEGACY_MAX_VCPUS; i++ )
> > +d->shared_info->compat.vcpu_info[i].evtchn_pending_sel = 0;
> > +}
> > +else
> > +{
> > +memcpy(>shared_info->native.vcpu_info,
> > + >native.vcpu_info,
> > + sizeof(d->shared_info->native.vcpu_info));
> > +memcpy(>shared_info->native.arch,
> > + >native.arch,
> > + sizeof(d->shared_info->native.arch));
> > +memset(>shared_info->native.evtchn_pending,
> > + 0,
> > + sizeof(d->shared_info->compat.evtchn_pending));
> > +memset(>shared_info->native.evtchn_mask,
> > + 0xff,
> > + sizeof(d->shared_info->native.evtchn_mask));
> > +
> > +d->shared_info->native.arch.pfn_to_mfn_frame_list_list = 0;
> > +for ( i = 0; i < XEN_LEGACY_MAX_VCPUS; i++ )
> > +d->shared_info->native.vcpu_info[i].evtchn_pending_sel = 0;
> > +}
> > +#else
> > +memcpy(>shared_info->vcpu_info,
> > + >vcpu_info,
> > + sizeof(d->shared_info->vcpu_info));
> > +memcpy(>shared_info->arch,
> > + >arch,
> > + sizeof(d->shared_info->shared));
> > +memset(>shared_info->evtchn_pending,
> > + 0,
> > + sizeof(d->shared_info->evtchn_pending));
> > +memset(>shared_info->evtchn_mask,
> > + 0xff,
> > + sizeof(d->shared_info->evtchn_mask));
> > +
> > +d->shared_info.arch.pfn_to_mfn_frame_list_list = 0;
> > +for ( i = 0; i < XEN_LEGACY_MAX_VCPUS; i++ )
> > +d->shared_info.vcpu_info[i].evtchn_pending_sel = 0;
> > +#endif
>
> A lot of redundancy; maybe it gets better if indeed you stop reading
> into an intermediate buffer.
As I said above, I think it is better if I continue to use an intermediate
buffer but I'll see if I can add some macro magic to make
