Xen project Mailing List

Re: [Xen-devel] bug in hvmloader xenbus_shutdown logic

To: Dave Scott <Dave.Scott@xxxxxxxxxx>, "Liuqiming (John)" <john.liuqiming@xxxxxxxxxx>, Ian Campbell <Ian.Campbell@xxxxxxxxxx>

From: Paul Durrant <Paul.Durrant@xxxxxxxxxx>

Date: Thu, 5 Dec 2013 09:43:50 +0000

Accept-language: en-GB, en-US

Cc: Yanqiangjun <yanqiangjun@xxxxxxxxxx>, "xen-devel@xxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxx>

Delivery-date: Thu, 05 Dec 2013 09:44:27 +0000

List-id: Xen developer discussion <xen-devel.lists.xen.org>

Thread-index: Ac7wqM49s0C8kGz4QZ2az3ET1Yiu6QAJPjgAACIutYAAD6LmAAACPH1A

Thread-topic: [Xen-devel] bug in hvmloader xenbus_shutdown logic

> -----Original Message----- > From: xen-devel-bounces@xxxxxxxxxxxxx [mailto:xen-devel- > bounces@xxxxxxxxxxxxx] On Behalf Of David Scott > Sent: 05 December 2013 09:36 > To: Liuqiming (John); Ian Campbell > Cc: Yanqiangjun; xen-devel@xxxxxxxxxxxxx > Subject: Re: [Xen-devel] bug in hvmloader xenbus_shutdown logic > > On 05/12/13 02:08, Liuqiming (John) wrote: > > According to oxenstored source code, oxenstored will read every domain's > IO ring no matter what events happened. > > > > Here is the main loop of oxenstored: > > > > let main_loop () = > ... > > process_domains store cons domains <- no matter what event > income, this will handle IO ring request of all domains > > in > > > > so when one domain's hvmloader is clearing its IO ring, oxenstored may > access this IO ring because of another domain's event happened. > > Yes, this version of the code checks all the interdomain rings every > time it goes around the main loop. FWIW my experimental updated > oxenstore uses one (user-level) thread per connection. I had thought > this was just an efficiency issue... I didn't realise it had correctness > implications. > > >> On Wed, 2013-12-04 at 04:25 +0000, Liuqiming (John) wrote: > >> > >>> memset can not set all the page to zero in an atomic way, and during > >>> the clear up process oxenstored may access this ring. > >> > >> Why is oxenstored poking at the ring? Surely it should only do so when > >> the guest (hvmloader) sends it a request. If hvmloader is clearing the > >> page while there is a request/event outstanding then this is an > >> hvmloader bug. > > Ok, that makes sense. > > My only hesitation is that violations of this rule (like with current > oxenstored) show up rarely. Presumably the xenstore ring desynchronises > and the guest will never be able to boot properly with PV drivers. I > don't think I've ever seen this myself. > > Do frontends expect the xenstore ring to be in a zeroed state when they > startup? Assuming hvmloader has received all the outstanding > request/events, would it be safe to leave the ring contents alone? > I think there are probably some PV driver frontends that don't expect the ring to have been messed with. You could probably consider that a frontend bug, but restoring the ring to pristine state seems like it's a good thing to do. However zeroing out a shared ring with no explicit notification to the backend also seems like a very risky thing to do. Paul _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.