From: Ian Campbell <ian.campbell@citrix.com>
To: Wei Liu <wei.liu2@citrix.com>
Cc: ian.jackson@eu.citrix.com, xen-devel@lists.xen.org
Subject: Re: [PATCH v4 for 4.5 1/8] libxl: rework domain userdata file lock
Date: Tue, 16 Sep 2014 19:50:44 +0100 [thread overview]
Message-ID: <1410893444.23505.26.camel@citrix.com> (raw)
In-Reply-To: <1410861678-31428-2-git-send-email-wei.liu2@citrix.com>
On Tue, 2014-09-16 at 11:01 +0100, Wei Liu wrote:
> The lock introduced in d2cd9d4f ("libxl: functions to lock / unlock
> libxl userdata store") has a bug that can leak the lock file when domain
> destruction races with other functions that try to get hold of the lock.
>
> There are several issues:
> 1. The lock is released too early with libxl__userdata_destroyall
> deletes everything in userdata store, including the lock file.
> 2. The check of domain existence is only done at the beginning of lock
> function, by the time the lock is acquired, the domain might have
> been gone already.
>
> The effect of this two issues is we can run into such situation:
>
> Process 1 Process 2 domain destruction
> # LOCK FUNCTION # LOCK FUNCTION
> check domain existence check domain existence
> acquire lock (file created)
> # LOCK FUNCTION
> destroy all files (lock file deleted,
> lock released)
> acquire lock (file created)
> # LOCK FUNCTION destroy domain
> # UNLOCK (close fd only)
> [ lock file leaked ]
>
> Fix this problem by deploying following changes:
>
> 1. Unlink lock file in unlock function.
> 2. Modify libxl__userdata_destroyall to not delete domain-userdata-lock,
> so that the lock remains held until unlock function is called.
> 3. Check domain still exists when the lock is acquired, unlock if
> domain is already gone.
>
> Signed-off-by: Wei Liu <wei.liu2@citrix.com>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
Iff you end up resending the series (I'm hoping not) it might be nice to
s/lock_carefd/carefd/ in the struct (since the usages are lock->thing so
the lock prefix is redundant). Also in the unlock perhaps comment that
the unlock must be done first before the close, since that is quite
important.
Ian
next prev parent reply other threads:[~2014-09-16 18:50 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-09-16 10:01 [PATCH v4 for 4.5 0/8] libxl: synchronise domain configuration Wei Liu
2014-09-16 10:01 ` [PATCH v4 for 4.5 1/8] libxl: rework domain userdata file lock Wei Liu
2014-09-16 18:50 ` Ian Campbell [this message]
2014-09-16 21:02 ` Wei Liu
2014-09-16 10:01 ` [PATCH v4 for 4.5 2/8] libxl: synchronise configuration when we hotplug a device Wei Liu
2014-09-16 18:52 ` Ian Campbell
2014-09-16 10:01 ` [PATCH v4 for 4.5 3/8] libxl: make libxl_cd_insert "eject" + "insert" Wei Liu
2014-09-16 18:57 ` Ian Campbell
2014-09-16 10:01 ` [PATCH v4 for 4.5 4/8] libxl: refactor libxl_get_memory_target Wei Liu
2014-09-16 19:02 ` Ian Campbell
2014-09-16 10:01 ` [PATCH v4 for 4.5 5/8] libxl: introduce libxl_retrieve_domain_configuration Wei Liu
2014-09-16 19:14 ` Ian Campbell
2014-09-16 10:01 ` [PATCH v4 for 4.5 6/8] libxl: introduce libxl_userdata_unlink Wei Liu
2014-09-16 10:01 ` [PATCH v4 for 4.5 7/8] xl: use libxl_retrieve_domain_configuration and JSON format Wei Liu
2014-09-16 10:01 ` [PATCH v4 for 4.5 8/8] xl: long output of "list" command now contains Dom0 information Wei Liu
2014-09-17 19:16 ` [PATCH v4 for 4.5 0/8] libxl: synchronise domain configuration Ian Campbell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1410893444.23505.26.camel@citrix.com \
--to=ian.campbell@citrix.com \
--cc=ian.jackson@eu.citrix.com \
--cc=wei.liu2@citrix.com \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.