From: Martin Pohlack <mpohlack@amazon.com>
To: Ross Lagerwall <ross.lagerwall@citrix.com>,
Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>,
msw@amazon.com, aliguori@amazon.com,
Antony Messerli <amesserl@rackspace.com>,
Rick Harris <rick.harris@rackspace.com>,
Paul Voccio <paul.voccio@rackspace.com>,
Steven Wilson <steven.wilson@rackspace.com>,
Major Hayden <major.hayden@rackspace.com>,
Josh Kearney <josh.kearney@rackspace.com>,
jinsong.liu@alibaba-inc.com, xiantao.zxt@alibaba-inc.com,
boris.ostrovsky@oracle.com,
Daniel Kiper <daniel.kiper@oracle.com>,
Elena Ufimtseva <elena.ufimtseva@oracle.com>,
bob.liu@oracle.com, lars.kurth@citrix.com, hanweidong@huawei.com,
peter.huangpeng@huawei.com, fanhenglong@huawei.com,
liuyingdong@huawei.com, john.liuqiming@huawei.com,
xen-devel@lists.xenproject.org, jbeulich@suse.com,
andrew.cooper3@citrix.com, jeremy@goop.org
Cc: konrad@darnok.org
Subject: Re: [RFC v2] xSplice design
Date: Fri, 30 Oct 2015 15:06:21 +0100 [thread overview]
Message-ID: <5633795D.7090908@amazon.com> (raw)
In-Reply-To: <563378B2.2040208@citrix.com>
On 30.10.2015 15:03, Ross Lagerwall wrote:
> On 10/30/2015 10:39 AM, Martin Pohlack wrote:
>> On 29.10.2015 17:55, Ross Lagerwall wrote:
>>> On 10/27/2015 12:05 PM, Ross Lagerwall wrote:
>>>> On 06/12/2015 12:39 PM, Martin Pohlack wrote:
>>>>> On 15.05.2015 21:44, Konrad Rzeszutek Wilk wrote:
>>>>> [...]
>>>>>> ## Hypercalls
>>>>>>
>>>>>> We will employ the sub operations of the system management hypercall
>>>>>> (sysctl).
>>>>>> There are to be four sub-operations:
>>>>>>
>>>>>> * upload the payloads.
>>>>>> * listing of payloads summary uploaded and their state.
>>>>>> * getting an particular payload summary and its state.
>>>>>> * command to apply, delete, or revert the payload.
>>>>>>
>>>>>> The patching is asynchronous therefore the caller is responsible
>>>>>> to verify that it has been applied properly by retrieving the summary
>>>>>> of it
>>>>>> and verifying that there are no error codes associated with the payload.
>>>>>>
>>>>>> We **MUST** make it asynchronous due to the nature of patching: it
>>>>>> requires
>>>>>> every physical CPU to be lock-step with each other. The patching
>>>>>> mechanism
>>>>>> while an implementation detail, is not an short operation and as such
>>>>>> the design **MUST** assume it will be an long-running operation.
>>>>>
>>>>> I am not convinced yet, that you need an asynchronous approach here.
>>>>>
>>>>> The experience from our prototype suggests that hotpatching itself is
>>>>> not an expensive operation. It can usually be completed well below 1ms
>>>>> with the most expensive part being getting the hypervisor to a quiet
>>>>> state.
>>>>>
>>>>
>>>> FWIW, my current implementation (which is almost certainly not optimal)
>>>> tested on a 72 CPU machine takes about 3ms, whether idle or fully loaded.
>>>>
>>>
>>> Let me correct that: it takes 60 μs to 100 μs to synchronize and apply
>>> the patch (on the same hardware) when synchronous console logging is
>>> turned off.
>>
>> The interesting (and very rare) case is if other CPUs are busy in Xen
>> already, for example, with memory scrubbing or other long-running
>> activities. Those are hard to interrupt and delay patching activity.
>>
>> Having multiple guests in a reboot-loop / being restarted all the time
>> might help triggering this case.
>>
>
> I have been able to trigger this which is why I put in a (currently
> hard-coded) 10ms timeout in the synchronization code otherwise it gives
> up and returns an error. It could then be optionally retried by the user
> at a later point.
If you ever want to run this in QEMU etc. you need to account for the
scheduling timeslice of the host system. I found it necessary to work
with 20 ms for that specific case.
Martin
Amazon Development Center Germany GmbH
Krausenstr. 38
10117 Berlin
Geschaeftsfuehrer: Dr. Ralf Herbrich, Christian Schlaeger
Ust-ID: DE289237879
Eingetragen am Amtsgericht Charlottenburg HRB 149173 B
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
prev parent reply other threads:[~2015-10-30 14:07 UTC|newest]
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-05-15 19:44 [RFC v2] xSplice design Konrad Rzeszutek Wilk
2015-05-18 12:41 ` Jan Beulich
2015-06-05 14:49 ` Konrad Rzeszutek Wilk
2015-06-05 15:16 ` Jan Beulich
2015-06-05 16:00 ` Konrad Rzeszutek Wilk
2015-06-05 16:14 ` Jan Beulich
2015-05-18 12:54 ` Liuqiming (John)
2015-05-18 13:11 ` Daniel Kiper
2015-06-05 14:50 ` Konrad Rzeszutek Wilk
2015-05-19 19:13 ` Lars Kurth
2015-05-20 15:11 ` Martin Pohlack
2015-06-05 15:00 ` Konrad Rzeszutek Wilk
2015-06-05 15:15 ` Andrew Cooper
2015-06-05 15:27 ` Jan Beulich
2015-06-08 8:34 ` Martin Pohlack
2015-06-08 8:51 ` Jan Beulich
2015-06-08 14:38 ` Martin Pohlack
2015-06-08 15:19 ` Konrad Rzeszutek Wilk
2015-06-12 11:51 ` Martin Pohlack
2015-06-12 14:06 ` Konrad Rzeszutek Wilk
2015-06-12 11:39 ` Martin Pohlack
2015-06-12 14:03 ` Konrad Rzeszutek Wilk
2015-06-12 14:31 ` Martin Pohlack
2015-06-12 14:43 ` Jan Beulich
2015-06-12 17:31 ` Martin Pohlack
2015-06-12 18:46 ` Konrad Rzeszutek Wilk
2015-06-12 16:09 ` Konrad Rzeszutek Wilk
2015-06-12 16:17 ` Andrew Cooper
2015-06-12 16:39 ` Konrad Rzeszutek Wilk
2015-06-12 18:36 ` Martin Pohlack
2015-06-12 18:51 ` Konrad Rzeszutek Wilk
2015-07-06 19:36 ` Konrad Rzeszutek Wilk
2015-10-27 12:05 ` Ross Lagerwall
2015-10-29 16:55 ` Ross Lagerwall
2015-10-30 10:39 ` Martin Pohlack
2015-10-30 14:03 ` Ross Lagerwall
2015-10-30 14:06 ` Martin Pohlack [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5633795D.7090908@amazon.com \
--to=mpohlack@amazon.com \
--cc=aliguori@amazon.com \
--cc=amesserl@rackspace.com \
--cc=andrew.cooper3@citrix.com \
--cc=bob.liu@oracle.com \
--cc=boris.ostrovsky@oracle.com \
--cc=daniel.kiper@oracle.com \
--cc=elena.ufimtseva@oracle.com \
--cc=fanhenglong@huawei.com \
--cc=hanweidong@huawei.com \
--cc=jbeulich@suse.com \
--cc=jeremy@goop.org \
--cc=jinsong.liu@alibaba-inc.com \
--cc=john.liuqiming@huawei.com \
--cc=josh.kearney@rackspace.com \
--cc=konrad.wilk@oracle.com \
--cc=konrad@darnok.org \
--cc=lars.kurth@citrix.com \
--cc=liuyingdong@huawei.com \
--cc=major.hayden@rackspace.com \
--cc=msw@amazon.com \
--cc=paul.voccio@rackspace.com \
--cc=peter.huangpeng@huawei.com \
--cc=rick.harris@rackspace.com \
--cc=ross.lagerwall@citrix.com \
--cc=steven.wilson@rackspace.com \
--cc=xen-devel@lists.xenproject.org \
--cc=xiantao.zxt@alibaba-inc.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).