Re: bug in hvmloader xenbus_shutdown logic

xen-devel.lists.xenproject.org archive mirror
 help / color / mirror / Atom feed

From: David Scott <dave.scott@eu.citrix.com>
To: "Liuqiming (John)" <john.liuqiming@huawei.com>,
	Ian Campbell <Ian.Campbell@citrix.com>
Cc: Yanqiangjun <yanqiangjun@huawei.com>,
	"xen-devel@lists.xen.org" <xen-devel@lists.xen.org>
Subject: Re: bug in hvmloader xenbus_shutdown logic
Date: Thu, 5 Dec 2013 09:36:12 +0000	[thread overview]
Message-ID: <52A0490C.9070804@eu.citrix.com> (raw)
In-Reply-To: <0E6BCB61859D7F4EB9CAC75FC6EE6FF844B937B6@SZXEMA502-MBX.china.huawei.com>

On 05/12/13 02:08, Liuqiming (John) wrote:
> According to oxenstored source code, oxenstored will read every domain's IO ring no matter what events happened.
>
> Here is the main loop of oxenstored:
>
> let main_loop () =
...
> 	process_domains store cons domains   <- no matter what event income, this will handle IO ring request of all domains
> 	in
>
> so when one domain's hvmloader is clearing its IO ring, oxenstored may access this IO ring because of another domain's event happened.

Yes, this version of the code checks all the interdomain rings every 
time it goes around the main loop. FWIW my experimental updated 
oxenstore uses one (user-level) thread per connection. I had thought 
this was just an efficiency issue... I didn't realise it had correctness 
implications.

>> On Wed, 2013-12-04 at 04:25 +0000, Liuqiming (John) wrote:
>>
>>> memset can not set all the page to zero in an atomic way, and during
>>> the clear up process oxenstored may access this ring.
>>
>> Why is oxenstored poking at the ring? Surely it should only do so when
>> the guest (hvmloader) sends it a request. If hvmloader is clearing the
>> page while there is a request/event outstanding then this is an
>> hvmloader bug.

Ok, that makes sense.

My only hesitation is that violations of this rule (like with current 
oxenstored) show up rarely. Presumably the xenstore ring desynchronises 
and the guest will never be able to boot properly with PV drivers. I 
don't think I've ever seen this myself.

Do frontends expect the xenstore ring to be in a zeroed state when they 
startup? Assuming hvmloader has received all the outstanding 
request/events, would it be safe to leave the ring contents alone?

Cheers,
Dave

next prev parent reply	other threads:[~2013-12-05  9:36 UTC|newest]

Thread overview: 29+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-12-04  4:25 bug in hvmloader xenbus_shutdown logic Liuqiming (John)
2013-12-04  9:49 ` Ian Campbell
2013-12-05  2:08   ` Liuqiming (John)
2013-12-05  9:36     ` David Scott [this message]
2013-12-05  9:43       ` Paul Durrant
2013-12-05 11:10       ` Ian Campbell
2013-12-06  3:53         ` Liuqiming (John)
2014-06-16 13:43           ` Dave Scott
2014-06-16 13:57             ` Paul Durrant
2014-06-25 21:15               ` [PATCH RFC] RFC: extend the xenstore ring with a 'closing' signal David Scott
2014-06-26  9:05                 ` Paul Durrant
2014-06-26  9:45                   ` Dave Scott
2014-06-30 14:42                     ` [PATCH v2] " David Scott
2014-07-03 15:15                       ` [PATCH v3] " David Scott
2014-07-04  8:21                         ` Paul Durrant
2014-07-04 10:00                           ` Dave Scott
2014-07-04  9:59                         ` Ian Campbell
2014-07-04 10:19                           ` Dave Scott
2014-07-04 11:27                             ` Ian Campbell
2014-09-03 16:25                         ` [PATCH v4] xenstore: " David Scott
2014-09-10 13:35                           ` Ian Campbell
2014-09-10 14:33                             ` Dave Scott
     [not found]                           ` <DF76B30A-D122-4600-987E-6BBD66CFFF73@citrix.com>
2014-09-22 16:38                             ` Ian Jackson
2014-09-24  9:06                               ` Dave Scott
2014-09-24 13:36                           ` Jon Ludlam
2014-07-04 11:02                       ` [PATCH v2] RFC: " Ian Jackson
2014-07-02 12:32                 ` [PATCH RFC] " Andrew Cooper
2014-07-02 16:47                   ` Dave Scott
2014-07-02 16:52                     ` Andrew Cooper

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=52A0490C.9070804@eu.citrix.com \
    --to=dave.scott@eu.citrix.com \
    --cc=Ian.Campbell@citrix.com \
    --cc=john.liuqiming@huawei.com \
    --cc=xen-devel@lists.xen.org \
    --cc=yanqiangjun@huawei.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).