>>> On 19.06.15 at 11:52, <david.vra...@citrix.com> wrote:
> On 19/06/15 10:29, Jan Beulich wrote:
>>>>> On 18.06.15 at 12:40, <david.vra...@citrix.com> wrote:
>>> On 18/06/15 11:36, Jan Beulich wrote:
>>>>>>> On 17.06.15 at 14:02, <david.vra...@citrix.com> wrote:
>>>>> --- a/xen/common/event_channel.c
>>>>> +++ b/xen/common/event_channel.c
>>>>> @@ -1175,22 +1175,6 @@ int alloc_unbound_xen_event_channel(
>>>>>  
>>>>>  void free_xen_event_channel(struct domain *d, int port)
>>>>>  {
>>>>> -    struct evtchn *chn;
>>>>> -
>>>>> -    spin_lock(&d->event_lock);
>>>>> -
>>>>> -    if ( unlikely(d->is_dying) )
>>>>> -    {
>>>>> -        spin_unlock(&d->event_lock);
>>>>> -        return;
>>>>> -    }
>>>>> -
>>>>> -    BUG_ON(!port_is_valid(d, port));
>>>
>>> I can keep this one.
>>>
>>>>> -    chn = evtchn_from_port(d, port);
>>>>> -    BUG_ON(!consumer_is_xen(chn));
>>>>
>>>> At least in debug builds I think these would better be retained.
>>>
>>> But this one has to go because it will always trip when
>>> free_xen_event_channel() is called after evtchn_destroy() (which will
>>> have cleared xen_consumer).
>> 
>> Then why not
>> 
>>     BUG_ON(!consumer_is_xen(chn) && !d->is_dying);
>> 
>> or keep the d->is_dying check in place? I can see why accelerating
>> notify_via_xen_event_channel() is useful, but
>> free_xen_event_channel()?
> 
> This BUG_ON() is a pretty weak check and I don't really see the point of
> it.  I'm not respinning v4 just for this.

I'm not sure what makes this more weak than the other BUG_ON()
you agreed to retain - both try to validate that the callers don't do
bad things. Admitted, both would better be ASSERT()s...

As to spinning v4 - I see no need, as I can easily adjust this while
committing, as long as you don't disagree to have your name under
the result.

Jan


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

Reply via email to