> On 28 May 2020, at 20:12, Julien Grall <jul...@xen.org> wrote:
>
> Hi,
>
> On 28/05/2020 18:19, Bertrand Marquis wrote:
>>>> +
>>>> + return 0;
>>>> +}
>>>> +
>>>> int domain_kill(struct domain *d)
>>>> {
>>>> int rc = 0;
>>>> @@ -727,7 +788,10 @@ int domain_kill(struct domain *d)
>>>> if ( cpupool_move_domain(d, cpupool0) )
>>>> return -ERESTART;
>>>> for_each_vcpu ( d, v )
>>>> + {
>>>> + unmap_runstate_area(v, 0);
>>>
>>> Why is it not appropriate here to hold the lock? It might not be
>>> technically needed, but still should work?
>> In a killing scenario you might stop a core while it was rescheduling.
>> Couldn’t a core be killed using a cross core interrupt ?
>
> You can't stop a vCPU in the middle of the context switch. The vCPU can only
> be scheduled out at specific point in Xen.
Ok
>
>> If this is the case then I would need to do masked interrupt locking
>> sections to prevent that case ?
>
> At the beginning of the function domain_kill() the domain will be paused (see
> domain_pause()). After this steps none of the vCPUs will be running or be
> scheduled.
>
> You should technically use the lock everywhere to avoid static analyzer
> throwing a warning because you access variable with and without the lock. A
> comment would at least be useful in the code if we go ahead with this.
>
> As an aside, I think you want the lock to always disable the interrupts
> otherwise check_lock() (this can be enabled with CONFIG_DEBUG_LOCKS only on
> x86 though) will shout at you because your lock can be taken in both IRQ-safe
> and IRQ-unsafe context.
Ok I understand that.
I will take the lock here.
Cheers
Bertrand
