RE: [PATCH v3 1/6] vfio/type1: Introduce iova list and add iommu aperture validity check
From: Shameerali Kolothum Thodi
Date: Tue Feb 20 2018 - 04:06:11 EST
> -----Original Message-----
> From: Alex Williamson [mailto:alex.williamson@xxxxxxxxxx]
> Sent: Monday, February 19, 2018 7:51 PM
> To: Shameerali Kolothum Thodi <shameerali.kolothum.thodi@xxxxxxxxxx>
> Cc: eric.auger@xxxxxxxxxx; pmorel@xxxxxxxxxxxxxxxxxx;
> kvm@xxxxxxxxxxxxxxx; linux-kernel@xxxxxxxxxxxxxxx; Linuxarm
> <linuxarm@xxxxxxxxxx>; John Garry <john.garry@xxxxxxxxxx>; xuwei (O)
> <xuwei5@xxxxxxxxxx>
> Subject: Re: [PATCH v3 1/6] vfio/type1: Introduce iova list and add iommu
> aperture validity check
>
> On Mon, 19 Feb 2018 09:50:24 +0000
> Shameerali Kolothum Thodi <shameerali.kolothum.thodi@xxxxxxxxxx> wrote:
> > > -----Original Message-----
> > > From: Alex Williamson [mailto:alex.williamson@xxxxxxxxxx]
> > > Sent: Friday, February 16, 2018 8:49 PM
> > > On Thu, 15 Feb 2018 09:44:59 +0000
> > > Shameer Kolothum <shameerali.kolothum.thodi@xxxxxxxxxx> wrote:
> > > > + node->end = end;
> > > > + continue;
> > > > + }
> > > > + /* Delete nodes after new end */
> > > > + list_del(&node->list);
> > > > + kfree(node);
> > > > + }
> > > > +
> > > > + return 0;
> > > > +}
> > > > +
> > > > +static int vfio_iommu_get_iova_copy(struct vfio_iommu *iommu,
> > > > + struct list_head *iova_copy)
> > > > +{
> > > > +
> > > > + struct list_head *iova = &iommu->iova_list;
> > > > + struct vfio_iova *n;
> > > > +
> > > > + list_for_each_entry(n, iova, list) {
> > > > + int ret;
> > > > +
> > > > + ret = vfio_insert_iova(n->start, n->end, iova_copy);
> > > > + if (ret)
> > > > + return ret;
> > >
> > > Let's delete and free any entries added to the copy here too.
> >
> > Ok. My original thought was caller will free up in case of error.
>
> This comes down to Rusty's suggestions of how to make an API hard to
> misuse rather than simply easy to use to me. Placing the onus on the
> caller to cleanup a list sounds simple, but the caller passed an empty
> list and the function failed, why should the caller bother to check if
> the function left any cruft on the list in the course of failing? This
> is not a hard to misuse interface, in fact it's very easy to forget
> that cleanup. Thanks,
Ok. I understand the concerns. I will sent out a revised one soon.
Thanks,
Shameer