From: Ian Jackson <Ian.Jackson@eu.citrix.com>
To: Wei Liu <wei.liu2@citrix.com>
Cc: ian.campbell@citrix.com, xen-devel@lists.xen.org
Subject: Re: [PATCH v1 03/10] libxl: store a copy of vanilla domain configuration when creating domain
Date: Thu, 24 Jul 2014 19:52:46 +0100 [thread overview]
Message-ID: <21457.22014.75779.162154@mariner.uk.xensource.com> (raw)
In-Reply-To: <1405002745-5034-4-git-send-email-wei.liu2@citrix.com>
Wei Liu writes ("[PATCH v1 03/10] libxl: store a copy of vanilla domain configuration when creating domain"):
> This patch utilises new "libxl-json" file and stores a copy of user
> supplied domain configuration in JSON form. This copy will be used as
> template.
>
> There're two save operations in total. The template config is first
> saved right after the domain gets its UUID and domain id. Then after the
> domain creation succeeds, the relevant bits touched by libxl are
> synchronised to the stored config.
I think there is a potential race with domain destruction here:
Task 1 Task 2
Creating the domain Trying to shut down
actually create domain
observe domid
start domain destruction
delete all userdata
destroy domain
store the userdata
*** forbidden state created: userdata exists but domain doesn't
*** userdata has been leaked
[ would now bomb out ]
This race actually exists in libxl_userdata_store so it is my fault.
Sorry!
I think this should be fixed as follows:
* domain destruction should take a lock across deleting the
userdata and destroying the domain in Xen
* libxl_userdata_store should take take the lock,
check domain exists, store userdata, unlock lock.
This would be a separate lock to the one you introduce, I think.
Your lock covers a lot of xenstore processing. But perhaps we can
reuse some of the fcntl and lockfile massaging stuff.
> + /* At this point we've got domid and UUID, store configuration */
> + ret = libxl__set_domain_configuration(gc, domid, &d_config_saved);
This libxl__set_domain_configuration is the only thing which creates
the libxl-json userdata ? If so I think there is no
> + libxl_domain_config_dispose(&d_config_saved);
> + if (ret) {
Please use the idempotent error-handling style. This dispose needs to
be in the `error_out' section. You will need to call _init at the top
of the function. I think there's a separate success exit path in this
function so I think you do need two calls to dispose.
> +static void update_domain_config(libxl__gc *gc,
> + libxl_domain_config *dst,
> + const libxl_domain_config *src)
> +{
I think it would be a good idea to move this domain configuration
update stuff into a file of its own rather than interleaving it with
the (supposedly chronologically-ordered) domain creation logic.
> + /* update network interface information */
> + int i;
> +
> + for (i = 0; i < src->num_nics; i++)
> + libxl__update_config_nic(gc, &dst->nics[i], &src->nics[i]);
Does creating the config early, and then updating it, not mean that
there will be a window during domain creation when configuration
exists but lacks these updates ?
I think that might be a (theoretically application-visible) bug.
> +/* update the saved domain configuration with a callback function,
> + * which is responsible to pull in useful fields from src.
> + */
> +typedef void (update_callback)(libxl__gc *, libxl_domain_config *,
> + const libxl_domain_config *);
libxl coding style has no ` ' before the `*'.
> +static int libxl__update_domain_configuration(libxl__gc *gc,
> + uint32_t domid,
> + update_callback callback,
> + const libxl_domain_config *src)
...
> + libxl_domain_config_init(&d_config_saved);
> +
> + rc = libxl__get_domain_configuration(gc, domid, &d_config_saved);
> +
> + if (rc) {
Spurious blank line.
> + LOG(ERROR, "cannot get domain configuration: %d", rc);
Doesn't libxl__get_domain_configuration log a message already ? I
think so, in which case it's probably not ideal to log again.
To help with (a) not spewing lots of messages for a single error and
(b) writing code uncluttered by unnecessary logging calls, it can be
helpful to mention in the doc comments for functions whether they log
failures.
If they do you can replace this whole block with a one-line
if (rc) goto out;
> + callback(gc, &d_config_saved, src);
Callback should probably have the ability to fail.
> + rc = libxl__set_domain_configuration(gc, domid, &d_config_saved);
> +
> + if (rc)
> + LOG(ERROR, "cannot set domain configuration: %d", rc);
1. Spurious blank line. 2. See above re logging. 3. This falling
through into the end of the function is unpleasant - please make
things regular.
The end of most functions should have something like:
rc = 0;
out:
> + libxl_domain_config_dispose(&d_config_saved);
> +
> +out:
> + return rc;
This seems to leak d_config_saved on error paths.
> @@ -1354,6 +1424,12 @@ static void domcreate_complete(libxl__egc *egc,
> if (!rc && d_config->b_info.exec_ssidref)
> rc = xc_flask_relabel_domain(CTX->xch, dcs->guest_domid, d_config->b_info.exec_ssidref);
>
> + if (!rc) {
> + rc = libxl__update_domain_configuration(gc, dcs->guest_domid,
> + update_domain_config,
> + d_config);
> + }
Oh dear. I see this function already has a mad error handling style
which you are following. I won't ask you to fix it.
> diff --git a/tools/libxl/libxl_internal.h b/tools/libxl/libxl_internal.h
> index e9d93ac..72d21ad 100644
> --- a/tools/libxl/libxl_internal.h
> +++ b/tools/libxl/libxl_internal.h
> @@ -3240,6 +3240,20 @@ int libxl__lock_domain_configuration(libxl__gc *gc, uint32_t domid,
> int libxl__unlock_domain_configuration(libxl__gc *gc, uint32_t domid,
> int *fd_lock);
>
> +static inline void libxl__update_config_nic(libxl__gc *gc,
> + libxl_device_nic *dst,
> + libxl_device_nic *src)
> +{
> + libxl_mac_copy(CTX, &dst->mac, &src->mac);
> +}
Nice that this is so short...
Thanks,
Ian.
next prev parent reply other threads:[~2014-07-24 18:52 UTC|newest]
Thread overview: 70+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-07-10 14:32 [PATCH v1 00/10] libxl: synchronise domain configuration Wei Liu
2014-07-10 14:32 ` [PATCH v1 01/10] libxl: libxl-json format and internal functions to get / set it Wei Liu
2014-07-16 16:11 ` Ian Campbell
2014-07-16 16:44 ` Wei Liu
2014-07-24 18:09 ` Ian Jackson
2014-07-24 18:29 ` Ian Jackson
2014-07-25 10:30 ` Wei Liu
2014-07-25 14:51 ` Ian Jackson
2014-07-10 14:32 ` [PATCH v1 02/10] libxl_internal: functions to lock / unlock domain configuration Wei Liu
2014-07-16 16:15 ` Ian Campbell
2014-07-16 16:44 ` Wei Liu
2014-07-17 11:29 ` Ian Campbell
2014-07-17 11:41 ` Wei Liu
2014-07-17 11:48 ` Ian Campbell
2014-07-24 18:24 ` Ian Jackson
2014-07-25 10:36 ` Wei Liu
2014-07-10 14:32 ` [PATCH v1 03/10] libxl: store a copy of vanilla domain configuration when creating domain Wei Liu
2014-07-16 16:18 ` Ian Campbell
2014-07-16 16:47 ` Wei Liu
2014-07-17 11:06 ` Ian Campbell
2014-07-17 11:46 ` Wei Liu
2014-07-24 18:52 ` Ian Jackson [this message]
2014-07-25 10:53 ` Wei Liu
2014-07-25 15:01 ` Ian Jackson
2014-07-25 15:43 ` Wei Liu
2014-07-25 17:14 ` Ian Jackson
2014-07-25 17:34 ` Wei Liu
2014-07-25 18:31 ` Ian Jackson
2014-07-25 19:47 ` Wei Liu
2014-07-28 9:42 ` Ian Campbell
2014-07-28 9:50 ` Ian Jackson
2014-07-10 14:32 ` [PATCH v1 04/10] libxl: separate device add/rm complete callbacks Wei Liu
2014-07-16 16:26 ` Ian Campbell
2014-07-16 16:48 ` Wei Liu
2014-07-10 14:32 ` [PATCH v1 05/10] libxl: synchronise configuration when we hotplug a device Wei Liu
2014-07-16 16:48 ` Ian Campbell
2014-07-16 17:12 ` Wei Liu
2014-07-17 11:44 ` Ian Campbell
2014-07-17 14:13 ` Wei Liu
2014-07-18 8:49 ` Ian Campbell
2014-07-18 11:22 ` Wei Liu
2014-07-18 12:20 ` Ian Campbell
2014-07-18 13:41 ` Wei Liu
2014-07-18 13:44 ` Ian Campbell
2014-07-25 16:06 ` Ian Jackson
2014-07-25 16:40 ` Wei Liu
2014-07-25 17:11 ` Ian Jackson
2014-07-25 17:19 ` Wei Liu
2014-07-10 14:32 ` [PATCH v1 06/10] libxl: synchronise configuration when we remove/destroy " Wei Liu
2014-07-16 16:58 ` Ian Campbell
2014-07-10 14:32 ` [PATCH v1 07/10] libxl: make libxl_cd_insert "eject" + "insert" Wei Liu
2014-07-17 10:44 ` Ian Campbell
2014-07-17 14:20 ` Wei Liu
2014-07-10 14:32 ` [PATCH v1 08/10] libxl: introduce libxl_get_memory_static_max Wei Liu
2014-07-17 10:47 ` Ian Campbell
2014-07-17 12:02 ` Wei Liu
2014-07-17 13:59 ` Ian Campbell
2014-07-29 13:39 ` Ian Jackson
2014-07-10 14:32 ` [PATCH v1 09/10] libxl: introduce libxl_retrieve_domain_configuration Wei Liu
2014-07-17 10:59 ` Ian Campbell
2014-07-17 12:11 ` Wei Liu
2014-07-17 14:02 ` Ian Campbell
2014-07-17 14:28 ` Wei Liu
2014-07-18 8:52 ` Ian Campbell
2014-07-18 11:17 ` Wei Liu
2014-07-29 15:31 ` Ian Jackson
2014-07-29 15:29 ` Ian Jackson
2014-07-10 14:32 ` [PATCH v1 10/10] xl: use libxl_retrieve_domain_configuration and JSON format Wei Liu
2014-07-17 11:13 ` Ian Campbell
2014-07-17 12:14 ` Wei Liu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=21457.22014.75779.162154@mariner.uk.xensource.com \
--to=ian.jackson@eu.citrix.com \
--cc=ian.campbell@citrix.com \
--cc=wei.liu2@citrix.com \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).