From: Jonathan Davies <jonathan.davies@citrix.com>
To: Jan Beulich <JBeulich@suse.com>
Cc: xen-devel@lists.xen.org, Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Subject: Re: xenfs: race condition on xenstore watch
Date: Fri, 31 May 2013 18:07:37 +0100 [thread overview]
Message-ID: <51A8D8D9.7020106@citrix.com> (raw)
In-Reply-To: <51A8C59F02000078000DA131@nat28.tlf.novell.com>
On 31/05/13 14:45, Jan Beulich wrote:
>>>> On 28.05.13 at 14:55, Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> wrote:
>> On Wed, May 15, 2013 at 05:51:06PM +0100, Jonathan Davies wrote:
>>> Normally, the userspace process gets an "OK" from xenfs and then the
>>> watch fires immediately after. Occasionally, this happens the other way
>>> around: the watch fires before the driver sends "OK", which confuses
>>> the xenstore-watch client. It seems to me that the client is within its
>>> rights to expect the "OK" first.
>
> Now that I look at this another time, I wonder how this behavior
> can be guaranteed even with your patch: xenbus_write_watch()
> sends the reply by calling queue_reply() followed by wake_up(),
> so the reply getting delivered and the watch firing appear to be
> inherently asynchronous anyway, and your patch just reduces
> the race window. Am I overlooking something here?
There's no call to wake_up() in xenbus_write_watch(), as far as I can see...
The key thing is to guarantee that xenbus_write_watch()'s call to
queue_reply() (for the "OK" message) executes before the watch_fired()
callback -- registered by the call to register_xenbus_watch() -- could be
called-back. Given that watch_fired() also takes the reply_mutex before its
own calls to queue_reply() and wake_up(), this behaviour can be guaranteed
by taking the reply_mutex before registering the callback.
>>> Take the (non-reentrant) reply_mutex before calling
>>> register_xenbus_watch to prevent the watch_fired callback from writing
>>> anything until the "OK" has been sent.
>>
>> Should that perhaps be done inside the msg_type == XS_WATCH code (with a
>> bool that would determine whether an reply_mutex has been taken?)
>>
>> As in, is there no need to take this mutex if msg_type != XS_WATCH?
>
> As said in an earlier reply, I also think that it would be preferable
> to shrink the locked region as much as possible.
v2 of the patch will have a much tighter locked region. I'll post that once
I've tested it.
Thanks,
Jonathan
next prev parent reply other threads:[~2013-05-31 17:07 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-05-15 16:51 xenfs: race condition on xenstore watch Jonathan Davies
2013-05-16 8:26 ` Jan Beulich
2013-05-28 12:55 ` Konrad Rzeszutek Wilk
2013-05-31 13:45 ` Jan Beulich
2013-05-31 17:07 ` Jonathan Davies [this message]
2013-06-03 7:57 ` Jan Beulich
2013-05-31 17:07 ` Jonathan Davies
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=51A8D8D9.7020106@citrix.com \
--to=jonathan.davies@citrix.com \
--cc=JBeulich@suse.com \
--cc=konrad.wilk@oracle.com \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.