Re: [RFC PATCH 1/1] xen: Use a global mapping for runstate

[Julien Grall <julien@xxxxxxx>]

Hi,

On 28/05/2020 18:19, Bertrand Marquis wrote:
> > > +
> > > +    return 0;
> > > +}
> > > +
> > > int domain_kill(struct domain *d)
> > > {
> > >      int rc = 0;
> > > @@ -727,7 +788,10 @@ int domain_kill(struct domain *d)
> > >          if ( cpupool_move_domain(d, cpupool0) )
> > >              return -ERESTART;
> > >          for_each_vcpu ( d, v )
> > > +        {
> > > +            unmap_runstate_area(v, 0);
> > Why is it not appropriate here to hold the lock? It might not be
> > technically needed, but still should work?
> In a killing scenario you might stop a core while it was rescheduling.
> Couldn’t a core be killed using a cross core interrupt ?
You can't stop a vCPU in the middle of the context switch. The vCPU can 
only be scheduled out at specific point in Xen.
> If this is the case then I would need to do masked interrupt locking sections 
> to prevent that case ?
At the beginning of the function domain_kill() the domain will be paused 
(see domain_pause()). After this steps none of the vCPUs will be running 
or be scheduled.
You should technically use the lock everywhere to avoid static analyzer 
throwing a warning because you access variable with and without the 
lock. A comment would at least be useful in the code if we go ahead with 
this.
As an aside, I think you want the lock to always disable the interrupts 
otherwise check_lock() (this can be enabled with CONFIG_DEBUG_LOCKS only 
on x86 though) will shout at you because your lock can be taken in both 
IRQ-safe and IRQ-unsafe context.
Cheers,

--
Julien Grall