From: Anthony Liguori <aliguori@us.ibm.com>
To: Keir Fraser <Keir.Fraser@cl.cam.ac.uk>
Cc: xen-devel@lists.xensource.com
Subject: Re: [Xen-changelog] Simpler domid allocation.
Date: Fri, 15 Jul 2005 10:40:33 -0500 [thread overview]
Message-ID: <42D7D8F1.7090609@us.ibm.com> (raw)
In-Reply-To: <3db553b59e1018c2a42f67d5935cf22f@cl.cam.ac.uk>
Keir Fraser wrote:
>
> I think you misread the allocation scheme -- it still allocates
> increasing domid's in turn but just doesn;t arbitrarily decide to wrap
> at e.g., domid==100. So your fears over immediate domid reuse are
> unfounded.
Indeed. I read the removed comment as the new functionality. Should not
read patches before having any caffeine :-)
> I understand your fears w.r.t. decentralised tools. One thing I think
> we will end up doing is adding the domain uuid (big unique domain
> identifier) to Xen. Xen will still work in terms of the short 16-bit
> domids, but control tools will be able to read out this extra unique
> key value which they can use to protect themselves against domid reuse
> in the absence of some other trusted authority. Invaluable for
> debugging screwed-up machine states too. :-)
Excellent. The UUID would be part of the struct domain in Xen? Would Xen
create it and the tools just have an interface to get it? I'd be happy
to submit a patch to add this as it would be very useful for the tools
(since it effectively eliminates the possibility of race conditions).
Thanks,
Anthony Liguori
> -- Keir
>
> On 15 Jul 2005, at 15:40, Anthony Liguori wrote:
>
>> This change worries me a bit because I believe it increases the
>> likelihood of subtle race conditions in the tools. It's now likely
>> that if one destroys a domain and immediately creates a new domain,
>> when the tools finally see the VIRQ, they'll be very confused since
>> the domid appears to be valid.
>>
>> The situation is worse for a destroyed domain. A destroy does not
>> generate a VIRQ in which case if the destroy and create happen within
>> whatever the tools polling interval is, it will appear to the tool
>> that the destroy just didn't work.
>>
>> The solution would be to have a completely serialized tool chain
>> although that prevents having multiple simulatenous tools running at
>> the same time or a distribute tool chain where most things don't
>> require a central daemon.
>>
>> The old domid allocation was odd but it kept life easier by making
>> race conditions difficult to create.
>
>
>
next prev parent reply other threads:[~2005-07-15 15:40 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <E1DtL1N-000688-Qp@xenbits.xensource.com>
2005-07-15 14:40 ` [Xen-changelog] Simpler domid allocation Anthony Liguori
2005-07-15 15:17 ` Keir Fraser
2005-07-15 15:40 ` Anthony Liguori [this message]
2005-07-15 15:48 ` Keir Fraser
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=42D7D8F1.7090609@us.ibm.com \
--to=aliguori@us.ibm.com \
--cc=Keir.Fraser@cl.cam.ac.uk \
--cc=xen-devel@lists.xensource.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.