xen-devel.lists.xenproject.org archive mirror
 help / color / mirror / Atom feed
From: Julien Grall <julien@xen.org>
To: "Jürgen Groß" <jgross@suse.com>, "Paul Durrant" <paul@xen.org>,
	xen-devel@lists.xenproject.org
Cc: Stefano Stabellini <sstabellini@kernel.org>, Wei Liu <wl@xen.org>,
	Andrew Cooper <andrew.cooper3@citrix.com>,
	Paul Durrant <pdurrant@amazon.com>,
	Ian Jackson <ian.jackson@eu.citrix.com>,
	George Dunlap <george.dunlap@citrix.com>,
	Jan Beulich <jbeulich@suse.com>
Subject: Re: [PATCH v4] docs/designs: re-work the xenstore migration document...
Date: Tue, 28 Apr 2020 11:23:10 +0100	[thread overview]
Message-ID: <2087b3dd-7d2c-3ab3-d6ce-a4d132f7ec4d@xen.org> (raw)
In-Reply-To: <f13de8bc-ca5d-2341-3797-b34f9f2c70ef@suse.com>

Hi Juergen,

On 28/04/2020 11:10, Jürgen Groß wrote:
> On 28.04.20 11:05, Julien Grall wrote:
>>> -where tx_id is the non-zero identifier values of an open transaction.
>>> +| Field     | Description                                       |
>>> +|-----------|---------------------------------------------------|
>>> +| `domid`   | The domain-id that owns the shared page           |
>>> +|           |                                                   |
>>> +| `tdomid`  | The domain-id that `domid` acts on behalf of if   |
>>> +|           | it has been subject to an SET_TARGET              |
>>> +|           | operation [2] or DOMID_INVALID [3] otherwise      |
>>> +|           |                                                   |
>>> +| `flags`   | Must be zero                                      |
>>> +|           |                                                   |
>>> +| `evtchn`  | The port number of the interdomain channel used   |
>>> +|           | by `domid` to communicate with xenstored          |
>>> +|           |                                                   |
>>> +| `mfn`     | The MFN of the shared page for a live update or   |
>>> +|           | ~0 (i.e. all bits set) otherwise                  |
>>> -### Protocol Extension
>>> +Since the ABI guarantees that entry 1 in `domid`'s grant table will 
>>> always
>>> +contain the GFN of the shared page, so for a live update `mfn` can 
>>> be used to
>>> +give confidence that `domid` has not been re-cycled during the update.
>>
>> I am confused, there is no way a XenStored running in an Arm domain 
>> can map the MFN of the shared page. So how is this going to work out?
> 
> I guess this will be a MFN for PV guests and a guest PFN else.

If we use Xen terminology (xen/include/xen/mm.h), this would be a GFN.

> 
>>
>> [...]
>>
>>> -START_DOMAIN_TRANSACTION    <domid>|<transid>|
>>> +    0       1       2       3    octet
>>> ++-------+-------+-------+-------+
>>> +| conn-id                       |
>>> ++-------------------------------+
>>> +| tx-id                         |
>>> ++---------------+---------------+
>>> +| path-len      | value-len     |
>>> ++---------------+---------------+
>>> +| access        | perm-count    |
>>> ++---------------+---------------+
>>> +| perm1                         |
>>> ++-------------------------------+
>>> +...
>>> ++-------------------------------+
>>> +| permN                         |
>>> ++---------------+---------------+
>>> +| path
>>> +...
>>> +| value
>>> +...
>>> +```
>>> +
>>> +
>>> +| Field        | Description                                    |
>>> +|--------------|------------------------------------------------|
>>> +| `conn-id`    | If this value is non-zero then this record     |
>>> +|              | related to a pending transaction               |
>>
>> If conn-id is 0, how do you know the owner of the node?
> 
> The first permission entry's domid is the owner.

I think this should be spell out in the specification.

> 
>>
>>> +|              |                                                |
>>> +| `tx-id`      | This value should be ignored if `conn-id` is   |
>>> +|              | zero. Otherwise it specifies the id of the     |
>>> +|              | pending transaction                            |
>>> +|              |                                                |
>>> +| `path-len`   | The length (in octets) of `path` including the |
>>> +|              | NUL terminator                                 |
>>> +|              |                                                |
>>> +| `value-len`  | The length (in octets) of `value` (which will  |
>>> +|              | be zero for a deleted node)                    |
>>> +|              |                                                |
>>> +| `access`     | This value should be ignored if this record    |
>>> +|              | does not relate to a pending transaction,      |
>>> +|              | otherwise it specifies the accesses made to    |
>>> +|              | the node and hence is a bitwise OR of:         |
>>> +|              |                                                |
>>> +|              | 0x0001: read                                   |
>>> +|              | 0x0002: written                                |
>>> +|              |                                                |
>>> +|              | The value will be zero for a deleted node      |
>>> +|              |                                                |
>>> +| `perm-count` | The number (N) of node permission specifiers   |
>>> +|              | (which will be 0 for a node deleted in a       |
>>> +|              | pending transaction)                           |
>>> +|              |                                                |
>>> +| `perm1..N`   | A list of zero or more node permission         |
>>> +|              | specifiers (see below)                         |
>>
>> This is a bit odd to start at one. Does it mean perm0 exists and not 
>> preserved?
> 
> Why? perm0 does not exist. If you have N permissions 1..N is just fine.
> If you have no permissions (N=0) you won't have any permX entry.
> 
> In theory you could say perm0..N-1, but this would result in perm0..-1
> for N=0 which would be really odd.

As it is odd to me to start at 1 (I am used to index starting at 0) ;). 
The more it wasn't clear how you would specify the owner. So I thought 
perm0 had a specific meaning.

If you clarify perm1 is the owner, then it may make easier to figure out 
that perm0 doesn't exist.

Cheers,

-- 
Julien Grall


  reply	other threads:[~2020-04-28 10:23 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-04-27 15:50 [PATCH v4] docs/designs: re-work the xenstore migration document Paul Durrant
2020-04-27 15:55 ` Jürgen Groß
2020-04-28  9:05 ` Julien Grall
2020-04-28 10:10   ` Jürgen Groß
2020-04-28 10:23     ` Julien Grall [this message]
2020-04-28 12:46       ` Paul Durrant
2020-04-28 12:56         ` Jürgen Groß
2020-04-28 14:50           ` Paul Durrant
2020-04-28 14:51             ` Jürgen Groß
2020-04-28 12:47   ` Paul Durrant

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=2087b3dd-7d2c-3ab3-d6ce-a4d132f7ec4d@xen.org \
    --to=julien@xen.org \
    --cc=andrew.cooper3@citrix.com \
    --cc=george.dunlap@citrix.com \
    --cc=ian.jackson@eu.citrix.com \
    --cc=jbeulich@suse.com \
    --cc=jgross@suse.com \
    --cc=paul@xen.org \
    --cc=pdurrant@amazon.com \
    --cc=sstabellini@kernel.org \
    --cc=wl@xen.org \
    --cc=xen-devel@lists.xenproject.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).