Hi,
On 28/05/2020 18:19, Bertrand Marquis wrote:
+
+ return 0;
+}
+
int domain_kill(struct domain *d)
{
int rc = 0;
@@ -727,7 +788,10 @@ int domain_kill(struct domain *d)
if ( cpupool_move_domain(d, cpupool0) )
return -ERESTART;
for_each_vcpu ( d, v )
+ {
+ unmap_runstate_area(v, 0);
Why is it not appropriate here to hold the lock? It might not be
technically needed, but still should work?
In a killing scenario you might stop a core while it was rescheduling.
Couldn’t a core be killed using a cross core interrupt ?
You can't stop a vCPU in the middle of the context switch. The vCPU can
only be scheduled out at specific point in Xen.
If this is the case then I would need to do masked interrupt locking sections
to prevent that case ?
At the beginning of the function domain_kill() the domain will be paused
(see domain_pause()). After this steps none of the vCPUs will be running
or be scheduled.
You should technically use the lock everywhere to avoid static analyzer
throwing a warning because you access variable with and without the
lock. A comment would at least be useful in the code if we go ahead with
this.
As an aside, I think you want the lock to always disable the interrupts
otherwise check_lock() (this can be enabled with CONFIG_DEBUG_LOCKS only
on x86 though) will shout at you because your lock can be taken in both
IRQ-safe and IRQ-unsafe context.
Cheers,
--
Julien Grall
