Xen project Mailing List

RE: [Xen-devel] yanked share problem

To: "Mark Williamson" <mark.williamson@xxxxxxxxxxxx>

From: "Tian, Kevin" <kevin.tian@xxxxxxxxx>

Date: Thu, 15 Dec 2005 09:51:19 +0800

Cc: NAHieu <nahieu@xxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxx, "King, Steven R" <steven.r.king@xxxxxxxxx>

Delivery-date: Thu, 15 Dec 2005 01:53:17 +0000

List-id: Xen developer discussion <xen-devel.lists.xensource.com>

Thread-index: AcYA0IXqUSikdp9ZRKq8sFqY+J/vSQAR0Abg

Thread-topic: [Xen-devel] yanked share problem

>From: Mark Williamson [mailto:mark.williamson@xxxxxxxxxxxx] >Sent: 2005年12月15日 0:57 > >> >> Could you tell me what happen if the DomU_A crash while DomU_B still >> >> accesses the memory it is granted? And moreover, how can DomU_A knows >> >> that his friend has just "died"? >> > >> >AFAIK, A will be prevented from being fully destroyed until B drops the >> >reference to that page of memory. The page will be around as long as B >> > wants it. >> > >> >Cheers, >> >Mark >> >> How about B is waiting for A's notification to end reference, but A crashed >> before sending out notification? One immediate example is the shared ring >> buf between backend and frontend. Backend may not access the shared ring >> buf when A is crashed. But that doesn't mean backend won't access that >> address later since that virtual address is legally allocated from linux >> buddy pool. We need provide a way to notify reference side something going >> abnormally, and let reference side to drop reference and release local >> resource. > >So, if the frontend domain crashes but the backend driver is still accessing >the comms ring? > >It won't actually break things if the backend accesses the comms ring for a >crashed domain, it just won't be able to do sensible IO requests anymore. In >the case you describe, the virtual device in the backend would get destroyed, >since the device would disappear out of Xenstore when the crashed domain is >destroyed. This will cause the backend to unmap the granted page, which'll >then get returned to Xen (allowing the frontend domain to be fully >destroyed). > >> One possible way is to register a grant call back for each driver. When Xen >> detects A crashed, xen notifies registered callback. For example, backend >> can register a callback which check whether any reference on-going. If yes, >> waiting for those reference done. Finally release all references to grant >> entries of crashed domain and also release local resource back to linux and >> exit the driver. After all callbacks are done, Xen then free that machine >> page. > >I think you should be able to achieve most of what you want by co-ordinating >access to the share using Xenstore: you'll need to use the store to set up >the location of the shared memory anyhow, so you might as well use it to be >notified of when the other domain goes away? > >Does that sound about right? > >Cheers, >Mark Yes, that's the desired way in most cases, as long as domain crash event can be notified to xenstore and then watches upon specific node can work for this purpose. Normal shutdown command issued from user can follow this process due to driver code aware to send traffic on xenbus. But abnormal crash may not go to such branch. Maybe we need a heartbeat check between xenstore and hooked domains? ;-) Thanks, Kevin _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.