From: Razvan Cojocaru <rcojocaru@bitdefender.com>
To: Jan Beulich <JBeulich@suse.com>, Corneliu ZUZU <czuzu@bitdefender.com>
Cc: George Dunlap <george.dunlap@eu.citrix.com>,
Andrew Cooper <andrew.cooper3@citrix.com>,
Paul Durrant <paul.durrant@citrix.com>,
Tamas K Lengyel <tamas@tklengyel.com>,
xen-devel@lists.xen.org
Subject: Re: [PATCH 5/8] x86/vm-event/monitor: don't compromise monitor_write_data on domain cleanup
Date: Mon, 4 Jul 2016 17:21:30 +0300 [thread overview]
Message-ID: <eb0d5edb-b9db-f49e-3f53-c9e9319e84d5@bitdefender.com> (raw)
In-Reply-To: <577A8C2002000078000FAE9E@prv-mh.provo.novell.com>
On 07/04/16 17:17, Jan Beulich wrote:
>>>> On 04.07.16 at 15:50, <rcojocaru@bitdefender.com> wrote:
>> On 07/04/16 16:11, Jan Beulich wrote:
>>>>>> On 04.07.16 at 15:03, <czuzu@bitdefender.com> wrote:
>>>> On 7/4/2016 3:47 PM, Jan Beulich wrote:
>>>>>>>> On 30.06.16 at 20:45, <czuzu@bitdefender.com> wrote:
>>>>>> The arch_vm_event structure is dynamically allocated and freed @
>>>>>> vm_event_cleanup_domain. This cleanup is triggered e.g. when the toolstack
>> user
>>>>>> disables domain monitoring (xc_monitor_disable), which in turn effectively
>>>>>> discards any information that was in arch_vm_event.write_data.
>>>>> Isn't that rather a toolstack user bug, not warranting a relatively
>>>>> extensive (even if mostly mechanical) hypervisor change like this
>>>>> one? Sane monitor behavior, after all, is required anyway for the
>>>>> monitored guest to survive.
>>>>
>>>> Sorry but could you please rephrase this, I don't quite understand what
>>>> you're saying.
>>>> The write_data field in arch_vm_event should _not ever_ be invalidated
>>>> as a direct result of a toolstack user's action.
>>>
>>> The monitoring app can cause all kinds of problems to the guest it
>>> monitors. Why would this specific one need taking care of in the
>>> hypervisor, instead of demanding that the app not disable monitoring
>>> at the wrong time?
>>
>> I'm not sure there's a right time here. The problem is that, if I
>> understand this correctly, a race is possible between the moment the
>> userspace application responds to the vm_event _and_ call
>> xc_monitor_disable() and the time hvm_do_resume() gets called.
>
> It's that _and_ in your reply that I put under question, but I admit
> that questioning may be due to my limited (or should I say non-
> existent) knowledge on the user space parts here: Why would the
> app be _required_ to "responds to the vm_event _and_ call
> xc_monitor_disable()", rather than delaying the latter for long
> enough?
It's not required to do that, it's just that we don't really know what
"long enough means". I suppose a second should do be more than enough,
but obviously we'd prefer a fool-proof solution with better guarantees
and no lag - I thought that the hypervisor change is trivial enough to
not make the tradeoff into much of an issue.
Thanks,
Razvan
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
next prev parent reply other threads:[~2016-07-04 14:21 UTC|newest]
Thread overview: 59+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-06-30 18:40 [PATCH 0/8] x86/vm-event: Adjustments & fixes Corneliu ZUZU
2016-06-30 18:41 ` [PATCH 1/8] x86/vm-event: proper vCPU-paused checks at resume Corneliu ZUZU
2016-07-01 7:14 ` Razvan Cojocaru
2016-07-01 16:51 ` Tamas K Lengyel
2016-06-30 18:42 ` [PATCH 2/8] x86/vmx_update_guest_cr: minor optimization Corneliu ZUZU
2016-06-30 18:43 ` [PATCH 3/8] x86/vm-event/monitor: relocate code-motion more appropriately Corneliu ZUZU
2016-07-01 7:54 ` Razvan Cojocaru
2016-07-04 10:22 ` Jan Beulich
2016-07-04 11:02 ` Corneliu ZUZU
2016-07-04 14:58 ` Jan Beulich
2016-07-04 16:00 ` Corneliu ZUZU
2016-07-04 16:12 ` Jan Beulich
2016-07-04 13:22 ` Razvan Cojocaru
2016-07-04 14:05 ` Jan Beulich
2016-07-04 14:16 ` Razvan Cojocaru
2016-07-04 14:35 ` Corneliu ZUZU
2016-06-30 18:44 ` [PATCH 4/8] x86/vm-event/monitor: turn monitor_write_data.do_write into enum Corneliu ZUZU
2016-07-01 6:53 ` Razvan Cojocaru
2016-07-01 6:59 ` Corneliu ZUZU
2016-07-04 12:37 ` Jan Beulich
2016-07-04 12:47 ` Corneliu ZUZU
2016-07-04 13:07 ` Jan Beulich
2016-07-04 13:21 ` Corneliu ZUZU
2016-07-04 14:08 ` Jan Beulich
2016-07-04 14:23 ` Razvan Cojocaru
2016-07-04 14:24 ` Corneliu ZUZU
2016-07-04 15:03 ` Jan Beulich
2016-07-04 15:10 ` Corneliu ZUZU
2016-06-30 18:45 ` [PATCH 5/8] x86/vm-event/monitor: don't compromise monitor_write_data on domain cleanup Corneliu ZUZU
2016-07-01 6:47 ` Razvan Cojocaru
2016-07-01 6:56 ` Corneliu ZUZU
2016-07-01 6:59 ` Razvan Cojocaru
2016-07-04 12:47 ` Jan Beulich
2016-07-04 13:03 ` Corneliu ZUZU
2016-07-04 13:11 ` Jan Beulich
2016-07-04 13:28 ` Corneliu ZUZU
2016-07-04 14:13 ` Jan Beulich
2016-07-04 14:31 ` Corneliu ZUZU
2016-07-04 15:09 ` Jan Beulich
2016-07-04 15:24 ` Corneliu ZUZU
2016-07-04 13:50 ` Razvan Cojocaru
2016-07-04 14:05 ` Corneliu ZUZU
2016-07-04 14:17 ` Jan Beulich
2016-07-04 14:21 ` Razvan Cojocaru [this message]
2016-07-04 15:07 ` Jan Beulich
2016-07-04 15:21 ` Corneliu ZUZU
2016-07-04 15:57 ` Jan Beulich
2016-07-04 16:09 ` Corneliu ZUZU
2016-07-04 16:16 ` Jan Beulich
2016-07-04 16:26 ` Corneliu ZUZU
2016-07-04 14:45 ` Corneliu ZUZU
2016-06-30 18:46 ` [PATCH 6/8] x86/vm_event_resume: surround VM_EVENT_REASON_MOV_TO_MSR w/ CONFIG_X86 Corneliu ZUZU
2016-07-01 7:02 ` Razvan Cojocaru
2016-06-30 18:47 ` [PATCH 7/8] minor fixes (formatting, comments, unused includes etc.) Corneliu ZUZU
2016-06-30 18:47 ` [PATCH 8/8] minor #include change Corneliu ZUZU
2016-07-01 6:56 ` Razvan Cojocaru
2016-07-01 7:02 ` Corneliu ZUZU
2016-07-01 7:31 ` Jan Beulich
2016-07-01 7:44 ` Corneliu ZUZU
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=eb0d5edb-b9db-f49e-3f53-c9e9319e84d5@bitdefender.com \
--to=rcojocaru@bitdefender.com \
--cc=JBeulich@suse.com \
--cc=andrew.cooper3@citrix.com \
--cc=czuzu@bitdefender.com \
--cc=george.dunlap@eu.citrix.com \
--cc=paul.durrant@citrix.com \
--cc=tamas@tklengyel.com \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).