[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v3 1/8] domain: GADDR based shared guest area registration alternative - teardown

  • To: Roger Pau Monné <roger.pau@xxxxxxxxxx>
  • From: Jan Beulich <jbeulich@xxxxxxxx>
  • Date: Wed, 27 Sep 2023 12:46:07 +0200
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=fAbnNI3Uwd/CcUPWgQ6Jmcm6lNFK9Lp38qZYaUCTxIw=; b=Hw/iIbcCTCP1RZu68CSOLWOpLWdAKWICgUOUxnu7NDpYHfWC6NZuy5pYBoszCuElC0P0+9hMwzrm2JPNppw5fIOWe1t7Q6mMxYTy2EdRgLyBUeT4rOXv3lJ/XD8ydUng3MDOlc26v7yTDvGLH0M70PhFnGcCL0sTac5+e4Gy+QKon0bQ99fveC2FTRSrVp+7dZfzLpNIoVr+YzuRX+DrpnfgOzEy1QbTxZJOtc/U8tKzUypGPho1lY3U3QzACjBHs7MKDtyVHUSD03skvZz8KYACL4VlF2ueIYSnl6C2hP6mawJhg/xCKzQZnCY/edcEqEvPQKvEwkjdIBC/7wyjmw==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=aaw0Z8kbD7wRbwhXOR2k47JS9r05ocVVPWGOetg3YEg0LTASFJzo/kRSehAbPfx6WlPWyYgusknbsRuS2H0cqvwVeBgtW7FfdUg/m3TyWxMS3VK/nd3o49mE/sv8XVZb4+7QauG1qKC0g8dNKUKVvLv0fGsjl2/kuNJkJdLfizyxnRvrGLX03ArE7bFRos3dtq3yfgEWaPLXDZsB435pRYYqfYHSFqxg+FZK944uQy2knYpNRekYtmdDdJR0O58zOco1k36mfoXKVx/bQCr7hlCcvbC9cNk8Qdg37W4PALX1imqWOt4rPFUt90rObT4rA2dlGTgR3+hPN8G4KdnmyA==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;
  • Cc: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>
  • Delivery-date: Wed, 27 Sep 2023 10:46:17 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 27.09.2023 12:42, Roger Pau Monné wrote:
> On Wed, Sep 27, 2023 at 11:55:19AM +0200, Jan Beulich wrote:
>> On 27.09.2023 10:51, Roger Pau Monné wrote:
>>> On Wed, May 03, 2023 at 05:54:47PM +0200, Jan Beulich wrote:
>>> I guess we should also zap the runstate handlers, or else we might
>>> corrupt guest state.
>>
>> So you think the guest might re-register a different area post resume?
>> I can certainly add another patch to zap the handles; I don't think it
>> should be done right here, not the least because if we see room for
>> such behavior, that change may even want backporting.
> 
> For correctness it would be good to zap them, but there's no rush, as
> I do think guests will set to the same address on resume.

Well, I've already added a new patch coming ahead of this one.

>>>> @@ -1568,6 +1572,19 @@ void unmap_vcpu_info(struct vcpu *v)
>>>>      put_page_and_type(mfn_to_page(mfn));
>>>>  }
>>>>  
>>>> +/*
>>>> + * This is only intended to be used for domain cleanup (or more generally 
>>>> only
>>>> + * with at least the respective vCPU, if it's not the current one, 
>>>> reliably
>>>> + * paused).
>>>> + */
>>>> +void unmap_guest_area(struct vcpu *v, struct guest_area *area)
>>>
>>> vcpu param could be const given the current code, but I assume this
>>> will be changed by future patches.  Same could be said about
>>> guest_area but I'm confident that will change.
>>
>> True for both.
>>
>>>> +{
>>>> +    struct domain *d = v->domain;
>>>> +
>>>> +    if ( v != current )
>>>> +        ASSERT(atomic_read(&v->pause_count) | 
>>>> atomic_read(&d->pause_count));
>>>
>>> Isn't this racy?
>>
>> It is, yes.
>>
>>>  What guarantees that the vcpu won't be kicked just
>>> after the check has been performed?
>>
>> Nothing. This check isn't any better than assertions towards an ordinary
>> spinlock being held. I assume you realize that we've got a number of such
>> assertions elsewhere already.
> 
> Right, but different from spinlock assertions, the code here could be
> made safe just by pausing the vCPU?

That's what the assertion is checking (see also the comment ahead of the
function). It's just that the assertions cannot be made more strict, at
least from all I can tell.

Jan

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.