From: Ian Jackson <ian.jackson@eu.citrix.com>
To: xen-devel@lists.xensource.com
Cc: Juergen Gross <jgross@suse.com>, Wei Liu <wei.liu2@citrix.com>,
George Dunlap <george.dunlap@eu.citrix.com>,
Ian Jackson <Ian.Jackson@eu.citrix.com>,
Dario Faggioli <dario.faggioli@citrix.com>,
Tim Deegan <tim@xen.org>, Jan Beulich <jbeulich@suse.com>
Subject: [PATCH 3/3] xen: Document XEN_SYSCTL_CPUPOOL_OP_RMCPU anomalous EBUSY result
Date: Thu, 14 Apr 2016 18:07:40 +0100 [thread overview]
Message-ID: <1460653660-6654-4-git-send-email-ian.jackson@eu.citrix.com> (raw)
In-Reply-To: <1460653660-6654-1-git-send-email-ian.jackson@eu.citrix.com>
This is my attempt at understanding the situation, from reading
descriptions provided on list in the context of toolstack patches
which were attempting to work around the anomaly.
The multiple `xxx' entries reflect 1. my lack of complete understanding
2. API defects which I think I have identified.
Signed-off-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
Cc: Wei Liu <wei.liu2@citrix.com>
CC: Dario Faggioli <dario.faggioli@citrix.com>
CC: Juergen Gross <jgross@suse.com>
CC: George Dunlap <george.dunlap@eu.citrix.com>
CC: Jan Beulich <jbeulich@suse.com>
CC: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
---
xen/include/public/sysctl.h | 28 ++++++++++++++++++++++++++++
1 file changed, 28 insertions(+)
diff --git a/xen/include/public/sysctl.h b/xen/include/public/sysctl.h
index 0849908..cfccf38 100644
--- a/xen/include/public/sysctl.h
+++ b/xen/include/public/sysctl.h
@@ -560,6 +560,34 @@ struct xen_sysctl_cpupool_op {
typedef struct xen_sysctl_cpupool_op xen_sysctl_cpupool_op_t;
DEFINE_XEN_GUEST_HANDLE(xen_sysctl_cpupool_op_t);
+/*
+ * cpupool operations may return EBUSY if the operation cannot be
+ * executed right now because of another cpupool operation which is
+ * still in progress. In this case, EBUSY means that the failed
+ * operation had no effect.
+ *
+ * Some operations including at least RMCPU (xxx which others?) may
+ * also return EBUSY because a guest has temporarily pinned one of its
+ * vcpus to the pcpu in question. It is the pious hope (xxx) of the
+ * author of this comment that this can only occur for domains which
+ * have been granted some kind of hardware privilege (eg passthrough).
+ *
+ * In this case the operation may have been partially carried out and
+ * the pcpu is left in an anomalous state. In this state the pcpu may
+ * be used by some not readily predictable subset of the vcpus
+ * (domains) whose vcpus are in the old cpupool. (xxx is this true?)
+ *
+ * This can be detected by seeing whether the pcpu can be added to a
+ * different cpupool. (xxx this is a silly interface; the situation
+ * should be reported by a different errno value, at least.) If the
+ * pcpu can't be added to a different cpupool for this reason,
+ * attempts to do so will returning (xxx what errno value?)
+ *
+ * The anomalous situation can be recovered by adding the pcpu back to
+ * the cpupool it came from (xxx this permits a buggy or malicious
+ * guest to prevent the cpu ever being removed from its cpupool).
+ */
+
#define ARINC653_MAX_DOMAINS_PER_SCHEDULE 64
/*
* This structure is used to pass a new ARINC653 schedule from a
--
1.7.10.4
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
next prev parent reply other threads:[~2016-04-14 17:07 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-04-14 17:07 [PATCH 0/3] Revert xc cpupool retries and document anomaly Ian Jackson
2016-04-14 17:07 ` [PATCH 1/3] libxc: Revert "do some retries in xc_cpupool_removecpu() for EBUSY case" Ian Jackson
2016-04-15 5:15 ` Juergen Gross
2016-04-15 7:46 ` Dario Faggioli
2016-04-14 17:07 ` [PATCH 2/3] xen: hypercall docs annotations for xen_sysctl_cpupool_op Ian Jackson
2016-04-14 20:37 ` Dario Faggioli
2016-04-15 10:27 ` Ian Jackson
2016-04-14 17:07 ` Ian Jackson [this message]
2016-04-14 17:24 ` [PATCH 3/3] xen: Document XEN_SYSCTL_CPUPOOL_OP_RMCPU anomalous EBUSY result Andrew Cooper
2016-04-14 17:56 ` Ian Jackson
2016-04-14 20:22 ` Dario Faggioli
2016-04-15 10:20 ` Ian Jackson
2016-04-15 10:43 ` Juergen Gross
2016-04-15 10:58 ` Dario Faggioli
2016-04-15 11:37 ` Juergen Gross
2016-04-15 13:20 ` Juergen Gross
2016-04-15 13:33 ` Dario Faggioli
2016-04-15 14:11 ` Ian Jackson
2016-04-15 14:39 ` Juergen Gross
2016-04-15 5:35 ` Juergen Gross
2016-04-15 7:42 ` Dario Faggioli
2016-04-15 14:12 ` Ian Jackson
2016-04-15 14:17 ` Konrad Rzeszutek Wilk
2016-04-15 14:34 ` Juergen Gross
2016-04-15 14:44 ` Ian Jackson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1460653660-6654-4-git-send-email-ian.jackson@eu.citrix.com \
--to=ian.jackson@eu.citrix.com \
--cc=dario.faggioli@citrix.com \
--cc=george.dunlap@eu.citrix.com \
--cc=jbeulich@suse.com \
--cc=jgross@suse.com \
--cc=tim@xen.org \
--cc=wei.liu2@citrix.com \
--cc=xen-devel@lists.xensource.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).