From: Jonathan Davies <jonathan.davies@citrix.com>
To: Jan Beulich <JBeulich@suse.com>
Cc: xen-devel@lists.xen.org, Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Subject: Re: xenfs: race condition on xenstore watch
Date: Fri, 31 May 2013 18:07:37 +0100 [thread overview]
Message-ID: <51A8D8D9.7020106@citrix.com> (raw)
In-Reply-To: <51A8C59F02000078000DA131@nat28.tlf.novell.com>
On 31/05/13 14:45, Jan Beulich wrote:
>>>> On 28.05.13 at 14:55, Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> wrote:
>> On Wed, May 15, 2013 at 05:51:06PM +0100, Jonathan Davies wrote:
>>> Normally, the userspace process gets an "OK" from xenfs and then the
>>> watch fires immediately after. Occasionally, this happens the other way
>>> around: the watch fires before the driver sends "OK", which confuses
>>> the xenstore-watch client. It seems to me that the client is within its
>>> rights to expect the "OK" first.
>
> Now that I look at this another time, I wonder how this behavior
> can be guaranteed even with your patch: xenbus_write_watch()
> sends the reply by calling queue_reply() followed by wake_up(),
> so the reply getting delivered and the watch firing appear to be
> inherently asynchronous anyway, and your patch just reduces
> the race window. Am I overlooking something here?
There's no call to wake_up() in xenbus_write_watch(), as far as I can see...
The key thing is to guarantee that xenbus_write_watch()'s call to
queue_reply() (for the "OK" message) executes before the watch_fired()
callback -- registered by the call to register_xenbus_watch() -- could be
called-back. Given that watch_fired() also takes the reply_mutex before its
own calls to queue_reply() and wake_up(), this behaviour can be guaranteed
by taking the reply_mutex before registering the callback.
>>> Take the (non-reentrant) reply_mutex before calling
>>> register_xenbus_watch to prevent the watch_fired callback from writing
>>> anything until the "OK" has been sent.
>>
>> Should that perhaps be done inside the msg_type == XS_WATCH code (with a
>> bool that would determine whether an reply_mutex has been taken?)
>>
>> As in, is there no need to take this mutex if msg_type != XS_WATCH?
>
> As said in an earlier reply, I also think that it would be preferable
> to shrink the locked region as much as possible.
v2 of the patch will have a much tighter locked region. I'll post that once
I've tested it.
Thanks,
Jonathan
next prev parent reply other threads:[~2013-05-31 17:07 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-05-15 16:51 xenfs: race condition on xenstore watch Jonathan Davies
2013-05-16 8:26 ` Jan Beulich
2013-05-28 12:55 ` Konrad Rzeszutek Wilk
2013-05-31 13:45 ` Jan Beulich
2013-05-31 17:07 ` Jonathan Davies [this message]
2013-06-03 7:57 ` Jan Beulich
2013-05-31 17:07 ` Jonathan Davies
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=51A8D8D9.7020106@citrix.com \
--to=jonathan.davies@citrix.com \
--cc=JBeulich@suse.com \
--cc=konrad.wilk@oracle.com \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).