From: Julien Grall <julien@xen.org>
To: "Roger Pau Monné" <roger.pau@citrix.com>
Cc: Juergen Gross <jgross@suse.com>,
xen-devel@lists.xenproject.org, Ian Jackson <iwj@xenproject.org>,
Wei Liu <wl@xen.org>,
raphning@amazon.co.uk, "Doebel, Bjoern" <doebel@amazon.de>
Subject: Re: [PATCH v2 5/6] tools/xenstored: partially handle domains without a shared ring
Date: Thu, 23 Sep 2021 12:56:22 +0500 [thread overview]
Message-ID: <041bbb31-700f-0ebd-d255-47a4aec927d8@xen.org> (raw)
In-Reply-To: <YUwrZS3FOh+hCQle@MacBook-Air-de-Roger.local>
Hi Roger,
On 23/09/2021 12:23, Roger Pau Monné wrote:
> On Wed, Sep 22, 2021 at 06:46:25PM +0500, Julien Grall wrote:
>> I thought a bit more and looked at the code (I don't have access to a test
>> machine at the moment). I think there is indeed a problem.
>>
>> Some watchers of @releaseDomain (such as xenconsoled) will only remove a
>> domain from their internal state when the domain is actually dead.
>>
>> This is based on dominfo.dying which is only set when all the resources are
>> relinquished and waiting for the other domains to release any resources for
>> that domain.
>>
>> The problem is Xenstore may fail to map the interface or the event channel
>> long before the domain is actually dead. With the current check, we would
>> free the allocated structure and therefore send @releaseDomain too early. So
>> daemon like xenconsoled, would never cleanup for the domain and leave a
>> zombie domain. Well... until the next @releaseDomain (or @introduceDomain
>> for Xenconsoled) AFAICT.
>>
>> The revised patch is meant to solve it by just ignoring the connection. With
>> that approach, we would correctly notify watches when the domain is dead.
>
> I think the patch provided by Julien is indeed better than the current
> code, or else you will miss @releaseDomain events in corner cases for
> dominfo.dying.
>
> I think however the patch is missing a change in the order of the
> checks in conn_can_{read,write}, so that the is_ignored check is
> performed before calling can_{read,write} which will try to poke at
> the interface and trigger a fault if not mapped.
Ah good point. I originally moved the is_ignored check after the
callback because the socket connection can in theory be closed from
can_{read, write}.
However, in pratice, is_ignored is only set for socket from
ignore_connection() that will also close the socket.
The new use will only set is_ignored for the domain connection. So I am
guessing moving the check early on ought to be fine.
The alternative would be to call ignore_connection() but this feels a
bit weird because most of it would be a NOP as we are introducing the
domain.
Cheers,
--
Julien Grall
next prev parent reply other threads:[~2021-09-23 7:56 UTC|newest]
Thread overview: 44+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-09-22 8:21 [PATCH v2 0/6] gnttab: add per-domain controls Roger Pau Monne
2021-09-22 8:21 ` [PATCH v2 1/6] tools/console: use xenforeigmemory to map console ring Roger Pau Monne
2021-09-22 8:21 ` [PATCH v2 2/6] gnttab: allow setting max version per-domain Roger Pau Monne
2021-10-15 9:39 ` Jan Beulich
2021-10-15 9:48 ` Jan Beulich
2021-10-20 8:04 ` Roger Pau Monné
2021-10-20 10:57 ` Jan Beulich
2021-10-20 11:45 ` Juergen Gross
2021-10-20 13:00 ` Roger Pau Monné
2021-10-15 11:47 ` Jan Beulich
2021-10-20 11:58 ` Jan Beulich
2021-09-22 8:21 ` [PATCH v2 3/6] gnttab: allow per-domain control over transitive grants Roger Pau Monne
2021-09-22 9:28 ` Christian Lindig
2021-10-15 10:05 ` Jan Beulich
2021-10-20 10:14 ` Roger Pau Monné
2021-10-20 11:51 ` Jan Beulich
2021-10-15 11:46 ` Jan Beulich
2021-09-22 8:21 ` [PATCH v2 4/6] tools/xenstored: use atexit to close interfaces Roger Pau Monne
2021-09-22 8:21 ` [PATCH v2 5/6] tools/xenstored: partially handle domains without a shared ring Roger Pau Monne
2021-09-22 9:07 ` Julien Grall
2021-09-22 9:58 ` Roger Pau Monné
2021-09-22 10:23 ` Julien Grall
2021-09-22 12:34 ` Juergen Gross
2021-09-22 13:46 ` Julien Grall
2021-09-23 7:23 ` Roger Pau Monné
2021-09-23 7:56 ` Julien Grall [this message]
2021-10-20 14:48 ` Julien Grall
2021-09-22 8:21 ` [PATCH v2 6/6] gnttab: allow disabling grant table per-domain Roger Pau Monne
2021-09-22 9:19 ` Julien Grall
2021-09-22 9:38 ` Juergen Gross
2021-09-23 8:41 ` Julien Grall
2021-10-15 11:51 ` Jan Beulich
2021-10-15 12:09 ` Jan Beulich
2021-09-22 8:57 ` [PATCH v2 0/6] gnttab: add per-domain controls Julien Grall
2021-09-22 9:39 ` Roger Pau Monné
2021-09-23 8:47 ` Julien Grall
2021-09-23 11:19 ` Roger Pau Monné
2021-09-24 2:30 ` Julien Grall
2021-09-24 6:21 ` Jan Beulich
2021-09-24 7:30 ` Julien Grall
2021-09-24 7:49 ` Jan Beulich
2021-09-24 7:46 ` Roger Pau Monné
2021-10-11 9:36 ` Roger Pau Monné
2021-10-11 9:52 ` Christian Lindig
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=041bbb31-700f-0ebd-d255-47a4aec927d8@xen.org \
--to=julien@xen.org \
--cc=doebel@amazon.de \
--cc=iwj@xenproject.org \
--cc=jgross@suse.com \
--cc=raphning@amazon.co.uk \
--cc=roger.pau@citrix.com \
--cc=wl@xen.org \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.