[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v2 5/6] tools/xenstored: partially handle domains without a shared ring

  • To: Julien Grall <julien@xxxxxxx>
  • From: Roger Pau Monné <roger.pau@xxxxxxxxxx>
  • Date: Wed, 22 Sep 2021 11:58:03 +0200
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=iOweIw6GDgJGrSJfIfCc3qcy8BGDuRSYU6DmWE4tBrg=; b=hCve4hT35pE5scLUtLBHQ0ecfBhSdNec6PqedYKZGTLhlh1kReopuz410utedyTYBB1+2WkM0y/gh9P8vMoBgFv3j804IyWnc7WPIztzJUNz8rtmgnMIEmFxDEpRueFMiAOF1+mtA5IxXmykckSaCZuMDlkPW8rhTwbVkymHVF3cKAtLCkTY3C6uRYr8S3WCvM+tb0ksLFYSND5PeaKgnW2j7xttGUBdpFjuTaaKSuWqnjvkKq3yN0skWI77Kk4sMyWw6oYvVCwqWmGDQg7dEUlaSKQc7H7DZm1TlbIFMGyXNeTgsMKHXtogRYqd3Z9uWqGXD5mnASuVkh/v7tSDsg==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Wvrf4ja4K8Dubs5Mniqt7EAlltXf7wexR9fasCOjBksLJvTwalMuTq9kPpp5r4HhPsiw34L0nRBeWMFExKFU3gPVoM3A/X5xqSS0SoYpDuMfJccqtAuo223Ex7R8bfaA6mNYrm7YzjhhuzHTIN2mrAGTYMnj7n0+i7PhhA/kBQ0WiH538H4KrKJ1XX7Ss9jdeNxmKILaHVdtzzLMuHaKOgpDO4+TyCtAR02k6VOXkNtpTsltq3tof/m34aEXPQKEW9nnmAk+OaUCr9fvi3I1JEbEEV9+95JRKpVUJ7yinEu4MvsDG5J8UycBUFeif5lJ+q6N3fvsySnexK+3GI0NIA==
  • Authentication-results: esa6.hc3370-68.iphmx.com; dkim=pass (signature verified) header.i=@citrix.onmicrosoft.com
  • Cc: <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Ian Jackson <iwj@xxxxxxxxxxxxxx>, "Wei Liu" <wl@xxxxxxx>, Juergen Gross <jgross@xxxxxxxx>
  • Delivery-date: Wed, 22 Sep 2021 09:58:32 +0000
  • Ironport-data: A9a23:4PATpq07erMgiyz30fbD5et2kn2cJEfYwER7XKvMYLTBsI5bpzJSy TccCmzUOfqPMDP2Ltt/PYW0/UwHvpXUy4IwSVRvpC1hF35El5HIVI+TRqvS04J+DSFhoGZPt Zh2hgzodZhsJpPkS5PE3oHJ9RGQ74nRLlbHILOCan0ZqTNMEn970EoywbRh2OaEvPDia++zk YKqyyHgEAfNNw5cagr4PIra9XuDFNyr0N8plgRWicJj5TcypFFMZH4rHomjLmOQf2VhNrXSq 9Avbl2O1jixEx8FUrtJm1tgG6EAaua60QOm0hK6V0U+6/TrS+NbPqsTbZIhhUlrZzqhnI1/+ ehQr5GLFiwCIKvMgMI6VyVWOnQrVUFG0OevzXmXtMWSywvNcmf2wuUoB0YzVWEa0r8pWycUr 6VecW1TKEDY7w616OvTpu1EnMMsIdOtJIoCknph0SvYHbAtRpWrr6DiuIQDhG9s1pkm8fD2f PA/bBxvQDX8SARfMGgYAqslv8qpiSyqG9FfgA3M/vdmi4TJ9yRu1JD9PdyTfcaFLe1XkVyfv Xnu5HniD1cRM9n34Tua8Fq8i+nXhyT5VYkOUrqi+ZZCgkCXx2EVIA0bUx28u/bRol6zXZdTJ lIZ/gIqrLMu7wq7Q9/lRRq6rXWY+BkGVLJt//YSsV/XjPCOukDAWzZCHmUphMEaWNEeRmEk5 2KUhd7SWhdErruVUVS68ouahGbnUcQKFlPudRPoXCNcvYK5+dFt0kqWJjpwOPXq1YyuQFkc1 xjP9XJn1utJ1abnwo3mpQivvt66mnTeoufZDC3sV2S550tSYIe/buREAnCKsK4dcO51orSH1 UXoevRyDshVVvlhdwTXGY3h+Y1FAN7fa1XhbaZHRcVJythU0yfLkXpsDNRCGauUGpxcJW+Bj LDvVfN5u8YIYSrCgV5fSIOtEcU6pZXd+SDefqmMNLJmO8EpHCfepX0GTRPAjgjFzRl3+Ylia MjzTCpZJStDYUiR5GHtHLl1PH5C7n1W+F4/srihnkz7juLBNCDKIVrHWXPXBt0EAGq/iFy92 /5UNteQygUZV+v7YyLN9pUUI0xMJn8+ba0aYeQNHgJaCgY5SmwnFdHLxrYtJ95sk6hPz7+a9 XChQE5IjlH4gCSfewmNb3libpLpXIp+8i1nbXB9Yw7w1ihxe5ur4Ycea4AzIest+tt8wKMmV PICYciBXKhCE2yV5zQHYJDhh4V+bxD31xmWNi+obWFnLZ5tTgDE4PH+eQ7r+HVcBya7r5Jm8 bahyhnaUdwIQAE7VJTab/emzlWQu3kBmb0tAxuUc4cLIEi1qdpkMS38iPMzMvogExSby2vIz RuSDDcZufLJ/90//u7WiP3WtIyuCeZ/QBZXRjGJ8basOCDG1WO/2oscAv2QdDXQWW6oqqWvY eJZk6P1PPEdxQsYtoN9F/BgzL4k5suprLhfl1w2EHLOZlWtK7VhPnjZgpUf6vwTnudU6VmsR 0aC2thGIrHYasrqHWkYKBchcuneh+ofnSPf7KhtLUj3jMOtEGFrjamG08GwtRFg
  • Ironport-hdrordr: A9a23:yR2iRaF++gSehrmYpLqFdJHXdLJyesId70hD6qkvc3Jom52j+P xGws526faVslYssHFJo6HnBEClewKgyXcT2/hsAV7CZnidhILMFuBfBOTZsljd8kHFh4pgPO JbAtdD4b7LfChHZKTBkXGF+r8bqbHtms3Y5pa9vgRQpENRGtpdBm9Ce3em+yZNNXB77PQCZf 2hDp0tnUvfRZ1bVLX3OlA1G8z44/HbnpPvZhALQzYh9Qm1lDutrJr3CQKR0BsyWy5Ghe5Kyx mLryXJooGY992rwB7V0GHeq7xQhdva09NGQOiBkNIcJDnAghuhIK5hR7qBljYop/zH0idnrP D85zMbe+hj4XLYeW+45TPrxgnbyT4rr0TvzFeJ6EGT6fDRdXYfMY5slIhZehzW5w4Lp9dnyp 9G2Gqfqt5+EQ7AtD6V3amJazha0m6P5VYym+8aiHJSFaEEbqVKkIAZ9ERJVL8dASPB7pw9Gu UGNrCc2B9vSyLZU5nlhBgr/DT1NU5DWituA3Jy9PB96gIm30yQlCAjtYsidnRpzuN1d3AL3Z WDDk1SrsA6ciYhV9MKOA4we7rENoXze2O5DIuzGyWtKEhVAQOGl3bIiI9Fk91CPqZ4lacPpA ==
  • Ironport-sdr: 5T8Zr5SU7sMpWSQnJVtxeJK7T/IGxN8mI2WYdPJ7uhTBmqroHO7Sf8ACna9xZlfxVRw2q7T8uL OPdmtMTzZX9Wowd3PRuOB1rvuRTRA/mvLKi5SQEI//6zGJ9outfphwqC9sEAP1OLv3KzbYkx1k X0VaIiWaivEYu+Fo6xSQqmWC/IWzkVqyyQB1WAZ+7u48JoOQmyoY0zbwRZ8ZmqUfTEiK1q7D7n vUZYw7juOA+qQQGDDDFtEXvtJFGbqblI9xJ2/pd5t090Awa03+kinaJixLmSunNjPGxucgzMnC KzYzs4UOe+aUA73DAbMIohF9
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On Wed, Sep 22, 2021 at 02:07:44PM +0500, Julien Grall wrote:
> Hi Roger,
> 
> On 22/09/2021 13:21, Roger Pau Monne wrote:
> > Failure to map the shared ring and thus establish a xenstore
> > connection with a domain shouldn't prevent the "@introduceDomain"
> > watch from firing, likewise with "@releaseDomain".
> > 
> > In order to handle such events properly xenstored should keep track of
> > the domains even if the shared communication ring cannot be mapped.
> > This was partially the case due to the restore mode, which needs to
> > handle domains that have been destroyed between the save and restore
> > period. This patch extends on the previous limited support of
> > temporary adding a domain without a valid interface ring, and modifies
> > check_domains to keep domains without an interface on the list.
> > 
> > Handling domains without a valid shared ring is required in order to
> > support domain without a grant table, since the lack of grant table
> > will prevent the mapping of the xenstore ring grant reference.
> > 
> > Signed-off-by: Roger Pau Monné <roger.pau@xxxxxxxxxx>
> > ---
> > oxenstored will need a similar treatment once grant mapping is used
> > there. For the time being it still works correctly because it uses
> > foreign memory to map the shared ring, and that will work in the
> > absence of grant tables on the domain.
> > ---
> > Changes since v1:
> >   - New in this version.
> > ---
> >   tools/xenstore/xenstored_domain.c | 30 ++++++++++++++++++------------
> >   1 file changed, 18 insertions(+), 12 deletions(-)
> > 
> > diff --git a/tools/xenstore/xenstored_domain.c 
> > b/tools/xenstore/xenstored_domain.c
> > index 9fb78d5772..150c6f082e 100644
> > --- a/tools/xenstore/xenstored_domain.c
> > +++ b/tools/xenstore/xenstored_domain.c
> > @@ -119,6 +119,11 @@ static int writechn(struct connection *conn,
> >     struct xenstore_domain_interface *intf = conn->domain->interface;
> >     XENSTORE_RING_IDX cons, prod;
> > +   if (!intf) {
> > +           errno = ENODEV;
> > +           return -1;
> > +   }
> > +
> >     /* Must read indexes once, and before anything else, and verified. */
> >     cons = intf->rsp_cons;
> >     prod = intf->rsp_prod;
> > @@ -149,6 +154,11 @@ static int readchn(struct connection *conn, void 
> > *data, unsigned int len)
> >     struct xenstore_domain_interface *intf = conn->domain->interface;
> >     XENSTORE_RING_IDX cons, prod;
> > +   if (!intf) {
> > +           errno = ENODEV;
> > +           return -1;
> > +   }
> > +
> >     /* Must read indexes once, and before anything else, and verified. */
> >     cons = intf->req_cons;
> >     prod = intf->req_prod;
> > @@ -176,6 +186,9 @@ static bool domain_can_write(struct connection *conn)
> >   {
> >     struct xenstore_domain_interface *intf = conn->domain->interface;
> > +   if (!intf)
> > +           return false;
> > +
> 
> Rather than adding an extra check, how about taking advantage of is_ignore?

Right, I just need to change the order in conn_can_read and
conn_can_write so that the is_ignored check is performed before the
can_{read,write} handler is called.

> >     return ((intf->rsp_prod - intf->rsp_cons) != XENSTORE_RING_SIZE);
> >   }
> > @@ -183,7 +196,8 @@ static bool domain_can_read(struct connection *conn)
> >   {
> >     struct xenstore_domain_interface *intf = conn->domain->interface;
> > -   if (domain_is_unprivileged(conn) && conn->domain->wrl_credit < 0)
> > +   if ((domain_is_unprivileged(conn) && conn->domain->wrl_credit < 0) ||
> > +       !intf)
> >             return false;
> >     return (intf->req_cons != intf->req_prod);
> > @@ -268,14 +282,7 @@ void check_domains(void)
> >                             domain->shutdown = true;
> >                             notify = 1;
> >                     }
> > -                   /*
> > -                    * On Restore, we may have been unable to remap the
> > -                    * interface and the port. As we don't know whether
> > -                    * this was because of a dying domain, we need to
> > -                    * check if the interface and port are still valid.
> > -                    */
> > -                   if (!dominfo.dying && domain->port &&
> > -                       domain->interface)
> > +                   if (!dominfo.dying)
> >                             continue;
> 
> This is mostly a revert on "tools/xenstore: handle dying domains in live
> update". However, IIRC, this check was necessary to release the connection
> if the domain has died in the middle of Live-Update.

But if the domain has died in the middle of live update
get_domain_info will return false, and thus the code won't get here.

If the domain is in the process of being removed (ie: dominfo.shutdown
being set for example), it would eventually get into dominfo.dying and
thus be removed normally.

I assumed those checks where needed in order to prevent having a
domain without a valid interface on the tracked list while it was on
the process of being removed. With the other changes on this patch
tracking a domain without a valid interface should be fine, and it
will eventually be removed as part of the normal flow.

Thanks, Roger.

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.