From: Julien Grall <julien@xen.org>
To: "Jürgen Groß" <jgross@suse.com>, "Paul Durrant" <paul@xen.org>,
xen-devel@lists.xenproject.org
Cc: Stefano Stabellini <sstabellini@kernel.org>, Wei Liu <wl@xen.org>,
Andrew Cooper <andrew.cooper3@citrix.com>,
Paul Durrant <pdurrant@amazon.com>,
Ian Jackson <ian.jackson@eu.citrix.com>,
George Dunlap <george.dunlap@citrix.com>,
Jan Beulich <jbeulich@suse.com>
Subject: Re: [PATCH v4] docs/designs: re-work the xenstore migration document...
Date: Tue, 28 Apr 2020 11:23:10 +0100 [thread overview]
Message-ID: <2087b3dd-7d2c-3ab3-d6ce-a4d132f7ec4d@xen.org> (raw)
In-Reply-To: <f13de8bc-ca5d-2341-3797-b34f9f2c70ef@suse.com>
Hi Juergen,
On 28/04/2020 11:10, Jürgen Groß wrote:
> On 28.04.20 11:05, Julien Grall wrote:
>>> -where tx_id is the non-zero identifier values of an open transaction.
>>> +| Field | Description |
>>> +|-----------|---------------------------------------------------|
>>> +| `domid` | The domain-id that owns the shared page |
>>> +| | |
>>> +| `tdomid` | The domain-id that `domid` acts on behalf of if |
>>> +| | it has been subject to an SET_TARGET |
>>> +| | operation [2] or DOMID_INVALID [3] otherwise |
>>> +| | |
>>> +| `flags` | Must be zero |
>>> +| | |
>>> +| `evtchn` | The port number of the interdomain channel used |
>>> +| | by `domid` to communicate with xenstored |
>>> +| | |
>>> +| `mfn` | The MFN of the shared page for a live update or |
>>> +| | ~0 (i.e. all bits set) otherwise |
>>> -### Protocol Extension
>>> +Since the ABI guarantees that entry 1 in `domid`'s grant table will
>>> always
>>> +contain the GFN of the shared page, so for a live update `mfn` can
>>> be used to
>>> +give confidence that `domid` has not been re-cycled during the update.
>>
>> I am confused, there is no way a XenStored running in an Arm domain
>> can map the MFN of the shared page. So how is this going to work out?
>
> I guess this will be a MFN for PV guests and a guest PFN else.
If we use Xen terminology (xen/include/xen/mm.h), this would be a GFN.
>
>>
>> [...]
>>
>>> -START_DOMAIN_TRANSACTION <domid>|<transid>|
>>> + 0 1 2 3 octet
>>> ++-------+-------+-------+-------+
>>> +| conn-id |
>>> ++-------------------------------+
>>> +| tx-id |
>>> ++---------------+---------------+
>>> +| path-len | value-len |
>>> ++---------------+---------------+
>>> +| access | perm-count |
>>> ++---------------+---------------+
>>> +| perm1 |
>>> ++-------------------------------+
>>> +...
>>> ++-------------------------------+
>>> +| permN |
>>> ++---------------+---------------+
>>> +| path
>>> +...
>>> +| value
>>> +...
>>> +```
>>> +
>>> +
>>> +| Field | Description |
>>> +|--------------|------------------------------------------------|
>>> +| `conn-id` | If this value is non-zero then this record |
>>> +| | related to a pending transaction |
>>
>> If conn-id is 0, how do you know the owner of the node?
>
> The first permission entry's domid is the owner.
I think this should be spell out in the specification.
>
>>
>>> +| | |
>>> +| `tx-id` | This value should be ignored if `conn-id` is |
>>> +| | zero. Otherwise it specifies the id of the |
>>> +| | pending transaction |
>>> +| | |
>>> +| `path-len` | The length (in octets) of `path` including the |
>>> +| | NUL terminator |
>>> +| | |
>>> +| `value-len` | The length (in octets) of `value` (which will |
>>> +| | be zero for a deleted node) |
>>> +| | |
>>> +| `access` | This value should be ignored if this record |
>>> +| | does not relate to a pending transaction, |
>>> +| | otherwise it specifies the accesses made to |
>>> +| | the node and hence is a bitwise OR of: |
>>> +| | |
>>> +| | 0x0001: read |
>>> +| | 0x0002: written |
>>> +| | |
>>> +| | The value will be zero for a deleted node |
>>> +| | |
>>> +| `perm-count` | The number (N) of node permission specifiers |
>>> +| | (which will be 0 for a node deleted in a |
>>> +| | pending transaction) |
>>> +| | |
>>> +| `perm1..N` | A list of zero or more node permission |
>>> +| | specifiers (see below) |
>>
>> This is a bit odd to start at one. Does it mean perm0 exists and not
>> preserved?
>
> Why? perm0 does not exist. If you have N permissions 1..N is just fine.
> If you have no permissions (N=0) you won't have any permX entry.
>
> In theory you could say perm0..N-1, but this would result in perm0..-1
> for N=0 which would be really odd.
As it is odd to me to start at 1 (I am used to index starting at 0) ;).
The more it wasn't clear how you would specify the owner. So I thought
perm0 had a specific meaning.
If you clarify perm1 is the owner, then it may make easier to figure out
that perm0 doesn't exist.
Cheers,
--
Julien Grall
next prev parent reply other threads:[~2020-04-28 10:23 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-04-27 15:50 [PATCH v4] docs/designs: re-work the xenstore migration document Paul Durrant
2020-04-27 15:55 ` Jürgen Groß
2020-04-28 9:05 ` Julien Grall
2020-04-28 10:10 ` Jürgen Groß
2020-04-28 10:23 ` Julien Grall [this message]
2020-04-28 12:46 ` Paul Durrant
2020-04-28 12:56 ` Jürgen Groß
2020-04-28 14:50 ` Paul Durrant
2020-04-28 14:51 ` Jürgen Groß
2020-04-28 12:47 ` Paul Durrant
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2087b3dd-7d2c-3ab3-d6ce-a4d132f7ec4d@xen.org \
--to=julien@xen.org \
--cc=andrew.cooper3@citrix.com \
--cc=george.dunlap@citrix.com \
--cc=ian.jackson@eu.citrix.com \
--cc=jbeulich@suse.com \
--cc=jgross@suse.com \
--cc=paul@xen.org \
--cc=pdurrant@amazon.com \
--cc=sstabellini@kernel.org \
--cc=wl@xen.org \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).