From: Julien Grall <julien@xen.org>
To: Roger Pau Monne <roger.pau@citrix.com>, xen-devel@lists.xenproject.org
Cc: Ian Jackson <iwj@xenproject.org>, Wei Liu <wl@xen.org>,
Juergen Gross <jgross@suse.com>
Subject: Re: [PATCH v2 5/6] tools/xenstored: partially handle domains without a shared ring
Date: Wed, 22 Sep 2021 14:07:44 +0500 [thread overview]
Message-ID: <0aed8667-7f31-b0fb-3358-c5fd9a5734a1@xen.org> (raw)
In-Reply-To: <20210922082123.54374-6-roger.pau@citrix.com>
Hi Roger,
On 22/09/2021 13:21, Roger Pau Monne wrote:
> Failure to map the shared ring and thus establish a xenstore
> connection with a domain shouldn't prevent the "@introduceDomain"
> watch from firing, likewise with "@releaseDomain".
>
> In order to handle such events properly xenstored should keep track of
> the domains even if the shared communication ring cannot be mapped.
> This was partially the case due to the restore mode, which needs to
> handle domains that have been destroyed between the save and restore
> period. This patch extends on the previous limited support of
> temporary adding a domain without a valid interface ring, and modifies
> check_domains to keep domains without an interface on the list.
>
> Handling domains without a valid shared ring is required in order to
> support domain without a grant table, since the lack of grant table
> will prevent the mapping of the xenstore ring grant reference.
>
> Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>
> ---
> oxenstored will need a similar treatment once grant mapping is used
> there. For the time being it still works correctly because it uses
> foreign memory to map the shared ring, and that will work in the
> absence of grant tables on the domain.
> ---
> Changes since v1:
> - New in this version.
> ---
> tools/xenstore/xenstored_domain.c | 30 ++++++++++++++++++------------
> 1 file changed, 18 insertions(+), 12 deletions(-)
>
> diff --git a/tools/xenstore/xenstored_domain.c b/tools/xenstore/xenstored_domain.c
> index 9fb78d5772..150c6f082e 100644
> --- a/tools/xenstore/xenstored_domain.c
> +++ b/tools/xenstore/xenstored_domain.c
> @@ -119,6 +119,11 @@ static int writechn(struct connection *conn,
> struct xenstore_domain_interface *intf = conn->domain->interface;
> XENSTORE_RING_IDX cons, prod;
>
> + if (!intf) {
> + errno = ENODEV;
> + return -1;
> + }
> +
> /* Must read indexes once, and before anything else, and verified. */
> cons = intf->rsp_cons;
> prod = intf->rsp_prod;
> @@ -149,6 +154,11 @@ static int readchn(struct connection *conn, void *data, unsigned int len)
> struct xenstore_domain_interface *intf = conn->domain->interface;
> XENSTORE_RING_IDX cons, prod;
>
> + if (!intf) {
> + errno = ENODEV;
> + return -1;
> + }
> +
> /* Must read indexes once, and before anything else, and verified. */
> cons = intf->req_cons;
> prod = intf->req_prod;
> @@ -176,6 +186,9 @@ static bool domain_can_write(struct connection *conn)
> {
> struct xenstore_domain_interface *intf = conn->domain->interface;
>
> + if (!intf)
> + return false;
> +
Rather than adding an extra check, how about taking advantage of is_ignore?
> return ((intf->rsp_prod - intf->rsp_cons) != XENSTORE_RING_SIZE);
> }
>
> @@ -183,7 +196,8 @@ static bool domain_can_read(struct connection *conn)
> {
> struct xenstore_domain_interface *intf = conn->domain->interface;
>
> - if (domain_is_unprivileged(conn) && conn->domain->wrl_credit < 0)
> + if ((domain_is_unprivileged(conn) && conn->domain->wrl_credit < 0) ||
> + !intf)
> return false;
>
> return (intf->req_cons != intf->req_prod);
> @@ -268,14 +282,7 @@ void check_domains(void)
> domain->shutdown = true;
> notify = 1;
> }
> - /*
> - * On Restore, we may have been unable to remap the
> - * interface and the port. As we don't know whether
> - * this was because of a dying domain, we need to
> - * check if the interface and port are still valid.
> - */
> - if (!dominfo.dying && domain->port &&
> - domain->interface)
> + if (!dominfo.dying)
> continue;
This is mostly a revert on "tools/xenstore: handle dying domains in live
update". However, IIRC, this check was necessary to release the
connection if the domain has died in the middle of Live-Update.
So I think this check should stick here. Instead, I think, we should
mark the "fake domain" so we can ignore them here.
> }
> if (domain->conn) {
> @@ -450,8 +457,6 @@ static struct domain *introduce_domain(const void *ctx,
> if (!domain->introduced) {
> interface = is_master_domain ? xenbus_map()
> : map_interface(domid);
> - if (!interface && !restore)
> - return NULL;
> if (new_domain(domain, port, restore)) {
> rc = errno;
> if (interface) {
> @@ -505,7 +510,8 @@ int do_introduce(struct connection *conn, struct buffered_data *in)
> if (!domain)
> return errno;
>
> - domain_conn_reset(domain);
> + if (domain->interface)
> + domain_conn_reset(domain);
>
> send_ack(conn, XS_INTRODUCE);
>
>
Cheers,
--
Julien Grall
next prev parent reply other threads:[~2021-09-22 9:08 UTC|newest]
Thread overview: 44+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-09-22 8:21 [PATCH v2 0/6] gnttab: add per-domain controls Roger Pau Monne
2021-09-22 8:21 ` [PATCH v2 1/6] tools/console: use xenforeigmemory to map console ring Roger Pau Monne
2021-09-22 8:21 ` [PATCH v2 2/6] gnttab: allow setting max version per-domain Roger Pau Monne
2021-10-15 9:39 ` Jan Beulich
2021-10-15 9:48 ` Jan Beulich
2021-10-20 8:04 ` Roger Pau Monné
2021-10-20 10:57 ` Jan Beulich
2021-10-20 11:45 ` Juergen Gross
2021-10-20 13:00 ` Roger Pau Monné
2021-10-15 11:47 ` Jan Beulich
2021-10-20 11:58 ` Jan Beulich
2021-09-22 8:21 ` [PATCH v2 3/6] gnttab: allow per-domain control over transitive grants Roger Pau Monne
2021-09-22 9:28 ` Christian Lindig
2021-10-15 10:05 ` Jan Beulich
2021-10-20 10:14 ` Roger Pau Monné
2021-10-20 11:51 ` Jan Beulich
2021-10-15 11:46 ` Jan Beulich
2021-09-22 8:21 ` [PATCH v2 4/6] tools/xenstored: use atexit to close interfaces Roger Pau Monne
2021-09-22 8:21 ` [PATCH v2 5/6] tools/xenstored: partially handle domains without a shared ring Roger Pau Monne
2021-09-22 9:07 ` Julien Grall [this message]
2021-09-22 9:58 ` Roger Pau Monné
2021-09-22 10:23 ` Julien Grall
2021-09-22 12:34 ` Juergen Gross
2021-09-22 13:46 ` Julien Grall
2021-09-23 7:23 ` Roger Pau Monné
2021-09-23 7:56 ` Julien Grall
2021-10-20 14:48 ` Julien Grall
2021-09-22 8:21 ` [PATCH v2 6/6] gnttab: allow disabling grant table per-domain Roger Pau Monne
2021-09-22 9:19 ` Julien Grall
2021-09-22 9:38 ` Juergen Gross
2021-09-23 8:41 ` Julien Grall
2021-10-15 11:51 ` Jan Beulich
2021-10-15 12:09 ` Jan Beulich
2021-09-22 8:57 ` [PATCH v2 0/6] gnttab: add per-domain controls Julien Grall
2021-09-22 9:39 ` Roger Pau Monné
2021-09-23 8:47 ` Julien Grall
2021-09-23 11:19 ` Roger Pau Monné
2021-09-24 2:30 ` Julien Grall
2021-09-24 6:21 ` Jan Beulich
2021-09-24 7:30 ` Julien Grall
2021-09-24 7:49 ` Jan Beulich
2021-09-24 7:46 ` Roger Pau Monné
2021-10-11 9:36 ` Roger Pau Monné
2021-10-11 9:52 ` Christian Lindig
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=0aed8667-7f31-b0fb-3358-c5fd9a5734a1@xen.org \
--to=julien@xen.org \
--cc=iwj@xenproject.org \
--cc=jgross@suse.com \
--cc=roger.pau@citrix.com \
--cc=wl@xen.org \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.