[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH 0 of 2] x86/mm: Unsharing ENOMEM handling
> At 11:29 -0400 on 12 Mar (1331551776), Andres Lagar-Cavilla wrote: >> These two patches were originally posted on Feb 15th as part of a larger >> series. >> >> They were left to simmer as a discussion on wait queues took precedence. >> >> Regardless of the ultimate fate of wait queues, these two patches are >> necessary >> as they solve some bugs on the memory sharing side. When unsharing >> fails, >> domains would spin forever, hosts would crash, etc. >> >> The patches also clarify the semantics of unsharing, and comment how >> it's >> handled. >> >> Two comments against the Feb 15th series taken care of here: >> - We assert that the unsharing code can only return success or ENOMEN. >> - Acked-by Tim Deegan added to patch #1 > > Applied, thanks. > > I'm a bit uneasy about the way this increases the amount of boilerplate > and p2m-related knowledge that's needed at call sites, but it fixes real > problems and I can't see an easy way to avoid it. > Agreed, completely. Luckily it's all internal to the hypervisor. I'm gonna float an idea right now, risking egg-in-the-face again. Our main issue is that going to sleep on a wait queue is disallowed in an atomic context. For good reason, the vcpu goes to sleep holding locks. Therefore, we can't magically hide all the complexity behind get_gfn, and callers need to know things they shouldn't. However, sleeping only deadlocks if the "waker upper" would need to grab any of those locks. This is not the case intrinsically for mem event ring congestion. Although how congestion is handled may run into the problem. Let's see: It is not at all the case for mem access: helpers take note of what happened and issue a wake up. It is not necessarily the case for sharing enomem: dom0 could balloon, or any other domain could relinquish pages somehow (luckily no more global sharing lock!). But it is the case for paging, as paging_load and paging_resume would need to grab the p2m lock. In this case, it is the sleeper's responsibility to not go to sleep holding the p2m lock. Which I believe to be the case, save for the get_two_gfn cases. So, maybe we could just go to sleep on a wait queue holding locks. Which would be extremely fragile semantics, and serious constraints for the "waker uppers" ("nothing but RCU!"). But it would make for a nice API into the p2m. Andres > Tim. > _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |