[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v2] xen/console: Skip switching serial input to non existing domains



On Thu, Mar 16, 2023 at 2:15 PM Michal Orzel <michal.orzel@xxxxxxx> wrote:


On 16/03/2023 12:11, Jan Beulich wrote:
> Caution: This message originated from an External Source. Use proper caution when opening attachments, clicking links, or responding.
>
>
> On 16.03.2023 11:26, Michal Orzel wrote:
>> --- a/xen/drivers/char/console.c
>> +++ b/xen/drivers/char/console.c
>> @@ -490,7 +490,24 @@ static void switch_serial_input(void)
>>      }
>>      else
>>      {
>> -        console_rx++;
>> +        unsigned int next_rx = console_rx + 1;
>> +
>> +        /* Skip switching serial input to non existing domains */
>> +        while ( next_rx < max_init_domid + 1 )
>> +        {
>> +            struct domain *d = rcu_lock_domain_by_id(next_rx - 1);
>> +
>> +            if ( d )
>> +            {
>> +                rcu_unlock_domain(d);
>> +                break;
>> +            }
>> +
>> +            next_rx++;
>> +        }
>> +
>> +        console_rx = next_rx;
>> +
>>          printk("*** Serial input to DOM%d", console_rx - 1);
>>      }
>
> While at the first glance (when you sent it in reply to v1) it looked okay,
> I'm afraid it really isn't: Please consider what happens when the last of
> the DomU-s doesn't exist anymore. (You don't really check whether it still
> exists, because the range check comes ahead of the existence one.) In that
> case you want to move from second-to-last to Xen. I expect the entire
> if/else construct wants to be inside the loop.
I did this deliberately because I do not think the situation you describe is possible
(i.e. no domains at all - Xen still usable). With hardware domain in place, we can e.g. destroy the domain
which would invoke domain_kill() -> domain_destroy() that would free domain struct.
Without hwdom, the domain cannot kill/destroy itself. It can do the shutdown but it will not
destroy it (at least this is what I tested). So I do not think there can be a scenario where
there is not a single domain while Xen running and be usable.

We've actually been discussing something like this.  Consider if someone wanted to use Xen as part of a system architected like Amazon's Nitro: You could have a DPU that ran the "toolstack", and gave Xen commands to create or destroy domains.  It could dynamically create SRIOV PCI devices to be passed directly through to guests.  In this case, you might run into a situation where no VMs existed, and yet the system was not dead.

 -George

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.