| Message ID | 0d824d4b-0696-baca-a3ef-95ee641e4d08@suse.com (mailing list archive) |
|---|---|
| State | Superseded |
| Headers | show |
| Series | x86: more or less log-dirty related improvements | expand |
On 25/06/2021 14:19, Jan Beulich wrote: > minfo->p2m_size may have more than 31 significant bits. Change the > induction variable to unsigned long, and (largely for signed-ness > consistency) a helper variable to unsigned int. > > Signed-off-by: Jan Beulich <jbeulich@suse.com> > > --- a/tools/libs/guest/xg_domain.c > +++ b/tools/libs/guest/xg_domain.c > @@ -40,7 +40,7 @@ int xc_map_domain_meminfo(xc_interface * > xc_dominfo_t info; > shared_info_any_t *live_shinfo; > xen_capabilities_info_t xen_caps = ""; > - int i; > + unsigned long i; > > /* Only be initialized once */ > if ( minfo->pfn_type || minfo->p2m_table ) > @@ -116,12 +116,12 @@ int xc_map_domain_meminfo(xc_interface * > /* Retrieve PFN types in batches */ > for ( i = 0; i < minfo->p2m_size ; i+=1024 ) > { > - int count = ((minfo->p2m_size - i ) > 1024 ) ? > - 1024: (minfo->p2m_size - i); > + unsigned int count = ((minfo->p2m_size - i) > 1024) ? > + 1024 : (minfo->p2m_size - i); min(). Otherwise, Acked-by: Andrew Cooper <andrew.cooper3@citrix.com> This whole infrastructure is almost abandoned, and broken. Its used by xen-mfndump (debugging only) and xen-hptool mem-offline. The mem-offline functionally cannot possibly work usefully. It is PV only, despite not having an HVM check, and in particular reads the dead page in an attempt to restore the contents elsewhere. There is also no thought given to writes from outside sources, such as DMA from passthrough or a different dom0 foreign mapping. This is perhaps ok as an academic demonstration of "can I shuffle memory behind an alive VM in ideal circumstances", but will be killed by the dom0 kernel if you ever try running it to resolve a real memory error on a VM, because there is no possibility of recovering the data. The mem-offline functionality needs deleting. It isn't production ready, and can't credibly be made so. ~Andrew
On 25.06.2021 20:30, Andrew Cooper wrote: > On 25/06/2021 14:19, Jan Beulich wrote: >> minfo->p2m_size may have more than 31 significant bits. Change the >> induction variable to unsigned long, and (largely for signed-ness >> consistency) a helper variable to unsigned int. >> >> Signed-off-by: Jan Beulich <jbeulich@suse.com> >> >> --- a/tools/libs/guest/xg_domain.c >> +++ b/tools/libs/guest/xg_domain.c >> @@ -40,7 +40,7 @@ int xc_map_domain_meminfo(xc_interface * >> xc_dominfo_t info; >> shared_info_any_t *live_shinfo; >> xen_capabilities_info_t xen_caps = ""; >> - int i; >> + unsigned long i; >> >> /* Only be initialized once */ >> if ( minfo->pfn_type || minfo->p2m_table ) >> @@ -116,12 +116,12 @@ int xc_map_domain_meminfo(xc_interface * >> /* Retrieve PFN types in batches */ >> for ( i = 0; i < minfo->p2m_size ; i+=1024 ) >> { >> - int count = ((minfo->p2m_size - i ) > 1024 ) ? >> - 1024: (minfo->p2m_size - i); >> + unsigned int count = ((minfo->p2m_size - i) > 1024) ? >> + 1024 : (minfo->p2m_size - i); > > min(). min() using 1024UL or MIN()? (I'll use the former unless you tell me otherwise.) > Otherwise, Acked-by: Andrew Cooper <andrew.cooper3@citrix.com> Thanks. > This whole infrastructure is almost abandoned, and broken. Its used by > xen-mfndump (debugging only) and xen-hptool mem-offline. > > The mem-offline functionally cannot possibly work usefully. It is PV > only, despite not having an HVM check, and in particular reads the dead > page in an attempt to restore the contents elsewhere. There is also no > thought given to writes from outside sources, such as DMA from > passthrough or a different dom0 foreign mapping. > > This is perhaps ok as an academic demonstration of "can I shuffle memory > behind an alive VM in ideal circumstances", but will be killed by the > dom0 kernel if you ever try running it to resolve a real memory error on > a VM, because there is no possibility of recovering the data. > > The mem-offline functionality needs deleting. It isn't production > ready, and can't credibly be made so. I definitely agree; I'm merely trying to address an anomaly found while auditing the code for certain properties, without any claim that afterwards any of this would really work. Jan
--- a/tools/libs/guest/xg_domain.c +++ b/tools/libs/guest/xg_domain.c @@ -40,7 +40,7 @@ int xc_map_domain_meminfo(xc_interface * xc_dominfo_t info; shared_info_any_t *live_shinfo; xen_capabilities_info_t xen_caps = ""; - int i; + unsigned long i; /* Only be initialized once */ if ( minfo->pfn_type || minfo->p2m_table ) @@ -116,12 +116,12 @@ int xc_map_domain_meminfo(xc_interface * /* Retrieve PFN types in batches */ for ( i = 0; i < minfo->p2m_size ; i+=1024 ) { - int count = ((minfo->p2m_size - i ) > 1024 ) ? - 1024: (minfo->p2m_size - i); + unsigned int count = ((minfo->p2m_size - i) > 1024) ? + 1024 : (minfo->p2m_size - i); if ( xc_get_pfn_type_batch(xch, domid, count, minfo->pfn_type + i) ) { - PERROR("Could not get %d-eth batch of PFN types", (i+1)/1024); + PERROR("Could not get batch %lu of PFN types", (i + 1) / 1024); goto failed; } }
minfo->p2m_size may have more than 31 significant bits. Change the induction variable to unsigned long, and (largely for signed-ness consistency) a helper variable to unsigned int. Signed-off-by: Jan Beulich <jbeulich@suse.com>