From mboxrd@z Thu Jan  1 00:00:00 1970
From: Martin Pohlack <mpohlack@amazon.com>
Subject: Re: [RFC v2] xSplice design
Date: Fri, 12 Jun 2015 19:31:25 +0200
Message-ID: <557B176D.8010402@amazon.com>
References: <20150515194440.GA24313@l.oracle.com> <557AC4D9.2000802@amazon.com>
	<20150612140328.GG15651@l.oracle.com> <557AED30.4070703@amazon.com>
	<557B0C3A02000078000844F0@mail.emea.novell.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-bounces@lists.xen.org>
Received: from mail6.bemta3.messagelabs.com ([195.245.230.39])
	by lists.xen.org with esmtp (Exim 4.72)
	(envelope-from <prvs=59840816b=mpohlack@amazon.de>)
	id 1Z3Sow-0007nN-6b
	for xen-devel@lists.xenproject.org; Fri, 12 Jun 2015 17:32:46 +0000
In-Reply-To: <557B0C3A02000078000844F0@mail.emea.novell.com>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Sender: xen-devel-bounces@lists.xen.org
Errors-To: xen-devel-bounces@lists.xen.org
To: Jan Beulich <JBeulich@suse.com>
Cc: Elena Ufimtseva <elena.ufimtseva@oracle.com>, jeremy@goop.org, hanweidong@huawei.com, john.liuqiming@huawei.com, PaulVoccio <paul.voccio@rackspace.com>, xen-devel@lists.xenproject.org, Daniel Kiper <daniel.kiper@oracle.com>, Major Hayden <major.hayden@rackspace.com>, liuyingdong@huawei.com, aliguori@amazon.com, konrad@darnok.org, lars.kurth@citrix.com, Steven Wilson <steven.wilson@rackspace.com>, peter.huangpeng@huawei.com, msw@amazon.com, xiantao.zxt@alibaba-inc.com, Rick Harris <rick.harris@rackspace.com>, boris.ostrovsky@oracle.com, Josh Kearney <josh.kearney@rackspace.com>, jinsong.liu@alibaba-inc.com, Antony Messerli <amesserl@rackspace.com>, fanhenglong@huawei.com, andrew.cooper3@citrix.com
List-Id: xen-devel@lists.xenproject.org

On 12.06.2015 16:43, Jan Beulich wrote:
>>>> On 12.06.15 at 16:31, <mpohlack@amazon.com> wrote:
>> The 1ms is just a random number.  I would actually suggest to allow a
>> sysadmin or hotpatch management tooling to specify how long one is
>> willing to potentially block the whole machine when waiting for a
>> stop_machine-like barrier as part of a relevant hypercall.  You could
>> imagine userland to start out with 1ms and slowly work its way up
>> whenever it retries.
> 
> In which case the question would be why it didn't start with a larger
> timeout from the beginning. If anything I could see this to be used
> to allow for a larger stop window for more critical patches.

The main idea is that situations where you cannot patch immediately are
transient (e.g., instance start / stop, ...).  So by trying a couple of
times with a very short timeout every minute or so, chances are very
high to succeed without causing any large interruptions for guests.

Also, you usually have some time to deploy a hotpatch, given the typical
XSA embargo period.  So by slowly increasing the maximum blocking time
that one is willing to pay, one would patch the vast majority very
quickly and one still would have the option to patch stragglers by
paying a bit more blocking time later in the patch period.

Martin