[v4,5/7] libxl: allow creation of domains with a specified or random domid
diff mbox series

Message ID 20200122144446.919-6-pdurrant@amazon.com
State Superseded
Headers show
Series
  • xl/libxl: domid allocation/preservation changes
Related show

Commit Message

Paul Durrant Jan. 22, 2020, 2:44 p.m. UTC
This patch adds a 'domid' field to libxl_domain_create_info and then
modifies libxl__domain_make() to have Xen use that value if it is valid.
If the domid value is invalid then Xen will choose the domid, as before,
unless the value is the new special RANDOM_DOMID value added to the API.
This value instructs libxl__domain_make() to choose a random domid value
for Xen to use.

If Xen determines that a domid specified to or chosen by
libxl__domain_make() co-incides with an existing domain then the create
operation will fail. In this case, if RANDOM_DOMID was specified to
libxl__domain_make() then a new random value will be chosen and the create
operation will be re-tried, otherwise libxl__domain_make() will fail.

After Xen has successfully created a new domain, libxl__domain_make() will
check whether its domid matches any recently used domid values. If it does
then the domain will be destroyed. If the domid used in creation was
specified to libxl__domain_make() then it will fail at this point,
otherwise the create operation will be re-tried with either a new random
or Xen-selected domid value.

NOTE: libxl__logv() is also modified to only log valid domid values in
      messages rather than any domid, valid or otherwise, that is not
      INVALID_DOMID.

Signed-off-by: Paul Durrant <pdurrant@amazon.com>
---
Cc: Ian Jackson <ian.jackson@eu.citrix.com>
Cc: Wei Liu <wl@xen.org>
Cc: Anthony PERARD <anthony.perard@citrix.com>
Cc: Andrew Cooper <andrew.cooper3@citrix.com>
Cc: George Dunlap <George.Dunlap@eu.citrix.com>
Cc: Jan Beulich <jbeulich@suse.com>
Cc: Julien Grall <julien@xen.org>
Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Cc: Stefano Stabellini <sstabellini@kernel.org>
Cc: Jason Andryuk <jandryuk@gmail.com>

v4:
 - Not added Jason's R-b because of substantial change
 - Check for recent domid *after* creation
 - Re-worked commit comment

v3:
 - Added DOMID_MASK definition used to mask randomized values
 - Use stack variable to avoid assuming endianness

v2:
 - Re-worked to use a value from libxl_domain_create_info
---
 tools/libxl/libxl.h          |  9 ++++++++
 tools/libxl/libxl_create.c   | 43 +++++++++++++++++++++++++++++++++++-
 tools/libxl/libxl_internal.c |  2 +-
 tools/libxl/libxl_types.idl  |  1 +
 xen/include/public/xen.h     |  3 +++
 5 files changed, 56 insertions(+), 2 deletions(-)

Comments

Ian Jackson Jan. 30, 2020, 5:25 p.m. UTC | #1
Paul Durrant writes ("[PATCH v4 5/7] libxl: allow creation of domains with a specified or random domid"):
> This patch adds a 'domid' field to libxl_domain_create_info and then
> modifies libxl__domain_make() to have Xen use that value if it is valid.
> If the domid value is invalid then Xen will choose the domid, as before,
> unless the value is the new special RANDOM_DOMID value added to the API.
> This value instructs libxl__domain_make() to choose a random domid value
> for Xen to use.
> 
> If Xen determines that a domid specified to or chosen by
> libxl__domain_make() co-incides with an existing domain then the create
> operation will fail. In this case, if RANDOM_DOMID was specified to
> libxl__domain_make() then a new random value will be chosen and the create
> operation will be re-tried, otherwise libxl__domain_make() will fail.
> 
> After Xen has successfully created a new domain, libxl__domain_make() will
> check whether its domid matches any recently used domid values. If it does
> then the domain will be destroyed. If the domid used in creation was
> specified to libxl__domain_make() then it will fail at this point,
> otherwise the create operation will be re-tried with either a new random
> or Xen-selected domid value.
...
> -        ret = xc_domain_create(ctx->xch, domid, &create);
> +        if (libxl_domid_valid_guest(info->domid))
> +            *domid = info->domid;
> +
> +    again:
> +        for (;;) {
> +            if (info->domid == RANDOM_DOMID) {
> +                uint16_t v;
> +
> +                ret = libxl__random_bytes(gc, (void *)&v, sizeof(v));
> +                if (ret < 0)
> +                    break;
> +
> +                v &= DOMID_MASK;
> +                if (!libxl_domid_valid_guest(v))
> +                    continue;
> +
> +                *domid = v;
> +            }
> +
> +            ret = xc_domain_create(ctx->xch, domid, &create);
> +            if (ret == 0 || errno != EEXIST || info->domid != RANDOM_DOMID)
> +                break;
> +        }
> +
>          if (ret < 0) {
>              LOGED(ERROR, *domid, "domain creation fail");
> +            *domid = INVALID_DOMID;
> +            rc = ERROR_FAIL;
> +            goto out;
> +        }
> +
> +        if (libxl__is_domid_recent(gc, *domid)) {
> +            if (*domid == info->domid) /* domid was specified */
> +                LOGED(ERROR, *domid, "domain id recently used");
> +
> +            ret = xc_domain_destroy(ctx->xch, *domid);
> +            if (!ret) {
> +                *domid = INVALID_DOMID;
> +
> +                /* If the domid was not specified then have another go */
> +                if (!libxl_domid_valid_guest(info->domid))
> +                    goto again;
> +            }

You have written this as two nested loops, one of which is implemented
as a goto, but actually logically this is surely only one loop ?
Please could you reorganise this and then I'll read it again...

Thanks,
Ian.
Durrant, Paul Jan. 30, 2020, 5:32 p.m. UTC | #2
> -----Original Message-----
> From: Ian Jackson <ian.jackson@citrix.com>
> Sent: 30 January 2020 17:26
> To: Durrant, Paul <pdurrant@amazon.co.uk>
> Cc: xen-devel@lists.xenproject.org; Wei Liu <wl@xen.org>; Anthony Perard
> <anthony.perard@citrix.com>; Andrew Cooper <Andrew.Cooper3@citrix.com>;
> George Dunlap <George.Dunlap@citrix.com>; Jan Beulich <jbeulich@suse.com>;
> Julien Grall <julien@xen.org>; Konrad Rzeszutek Wilk
> <konrad.wilk@oracle.com>; Stefano Stabellini <sstabellini@kernel.org>;
> Jason Andryuk <jandryuk@gmail.com>
> Subject: Re: [PATCH v4 5/7] libxl: allow creation of domains with a
> specified or random domid
> 
> Paul Durrant writes ("[PATCH v4 5/7] libxl: allow creation of domains with
> a specified or random domid"):
> > This patch adds a 'domid' field to libxl_domain_create_info and then
> > modifies libxl__domain_make() to have Xen use that value if it is valid.
> > If the domid value is invalid then Xen will choose the domid, as before,
> > unless the value is the new special RANDOM_DOMID value added to the API.
> > This value instructs libxl__domain_make() to choose a random domid value
> > for Xen to use.
> >
> > If Xen determines that a domid specified to or chosen by
> > libxl__domain_make() co-incides with an existing domain then the create
> > operation will fail. In this case, if RANDOM_DOMID was specified to
> > libxl__domain_make() then a new random value will be chosen and the
> create
> > operation will be re-tried, otherwise libxl__domain_make() will fail.
> >
> > After Xen has successfully created a new domain, libxl__domain_make()
> will
> > check whether its domid matches any recently used domid values. If it
> does
> > then the domain will be destroyed. If the domid used in creation was
> > specified to libxl__domain_make() then it will fail at this point,
> > otherwise the create operation will be re-tried with either a new random
> > or Xen-selected domid value.
> ...
> > -        ret = xc_domain_create(ctx->xch, domid, &create);
> > +        if (libxl_domid_valid_guest(info->domid))
> > +            *domid = info->domid;
> > +
> > +    again:
> > +        for (;;) {
> > +            if (info->domid == RANDOM_DOMID) {
> > +                uint16_t v;
> > +
> > +                ret = libxl__random_bytes(gc, (void *)&v, sizeof(v));
> > +                if (ret < 0)
> > +                    break;
> > +
> > +                v &= DOMID_MASK;
> > +                if (!libxl_domid_valid_guest(v))
> > +                    continue;
> > +
> > +                *domid = v;
> > +            }
> > +
> > +            ret = xc_domain_create(ctx->xch, domid, &create);
> > +            if (ret == 0 || errno != EEXIST || info->domid !=
> RANDOM_DOMID)
> > +                break;
> > +        }
> > +
> >          if (ret < 0) {
> >              LOGED(ERROR, *domid, "domain creation fail");
> > +            *domid = INVALID_DOMID;
> > +            rc = ERROR_FAIL;
> > +            goto out;
> > +        }
> > +
> > +        if (libxl__is_domid_recent(gc, *domid)) {
> > +            if (*domid == info->domid) /* domid was specified */
> > +                LOGED(ERROR, *domid, "domain id recently used");
> > +
> > +            ret = xc_domain_destroy(ctx->xch, *domid);
> > +            if (!ret) {
> > +                *domid = INVALID_DOMID;
> > +
> > +                /* If the domid was not specified then have another go
> */
> > +                if (!libxl_domid_valid_guest(info->domid))
> > +                    goto again;
> > +            }
> 
> You have written this as two nested loops, one of which is implemented
> as a goto, but actually logically this is surely only one loop ?
> Please could you reorganise this and then I'll read it again...
> 

Ok, I'll try to squash it down to one. It should be do-able.

  Paul

> Thanks,
> Ian.

Patch
diff mbox series

diff --git a/tools/libxl/libxl.h b/tools/libxl/libxl.h
index 1d235ecb1c..31c6f4b11a 100644
--- a/tools/libxl/libxl.h
+++ b/tools/libxl/libxl.h
@@ -1268,6 +1268,14 @@  void libxl_mac_copy(libxl_ctx *ctx, libxl_mac *dst, const libxl_mac *src);
  */
 #define LIBXL_HAVE_DOMAIN_NEED_MEMORY_CONFIG
 
+/*
+ * LIBXL_HAVE_CREATEINFO_DOMID
+ *
+ * libxl_domain_create_new() and libxl_domain_create_restore() will use
+ * a domid specified in libxl_domain_create_info().
+ */
+#define LIBXL_HAVE_CREATEINFO_DOMID
+
 typedef char **libxl_string_list;
 void libxl_string_list_dispose(libxl_string_list *sl);
 int libxl_string_list_length(const libxl_string_list *sl);
@@ -1528,6 +1536,7 @@  int libxl_ctx_free(libxl_ctx *ctx /* 0 is OK */);
 /* domain related functions */
 
 #define INVALID_DOMID ~0
+#define RANDOM_DOMID (INVALID_DOMID - 1)
 
 /* If the result is ERROR_ABORTED, the domain may or may not exist
  * (in a half-created state).  *domid will be valid and will be the
diff --git a/tools/libxl/libxl_create.c b/tools/libxl/libxl_create.c
index e4aab4fd1c..593bf9d225 100644
--- a/tools/libxl/libxl_create.c
+++ b/tools/libxl/libxl_create.c
@@ -600,9 +600,50 @@  int libxl__domain_make(libxl__gc *gc, libxl_domain_config *d_config,
             goto out;
         }
 
-        ret = xc_domain_create(ctx->xch, domid, &create);
+        if (libxl_domid_valid_guest(info->domid))
+            *domid = info->domid;
+
+    again:
+        for (;;) {
+            if (info->domid == RANDOM_DOMID) {
+                uint16_t v;
+
+                ret = libxl__random_bytes(gc, (void *)&v, sizeof(v));
+                if (ret < 0)
+                    break;
+
+                v &= DOMID_MASK;
+                if (!libxl_domid_valid_guest(v))
+                    continue;
+
+                *domid = v;
+            }
+
+            ret = xc_domain_create(ctx->xch, domid, &create);
+            if (ret == 0 || errno != EEXIST || info->domid != RANDOM_DOMID)
+                break;
+        }
+
         if (ret < 0) {
             LOGED(ERROR, *domid, "domain creation fail");
+            *domid = INVALID_DOMID;
+            rc = ERROR_FAIL;
+            goto out;
+        }
+
+        if (libxl__is_domid_recent(gc, *domid)) {
+            if (*domid == info->domid) /* domid was specified */
+                LOGED(ERROR, *domid, "domain id recently used");
+
+            ret = xc_domain_destroy(ctx->xch, *domid);
+            if (!ret) {
+                *domid = INVALID_DOMID;
+
+                /* If the domid was not specified then have another go */
+                if (!libxl_domid_valid_guest(info->domid))
+                    goto again;
+            }
+
             rc = ERROR_FAIL;
             goto out;
         }
diff --git a/tools/libxl/libxl_internal.c b/tools/libxl/libxl_internal.c
index bbd4c6cba9..d93a75533f 100644
--- a/tools/libxl/libxl_internal.c
+++ b/tools/libxl/libxl_internal.c
@@ -234,7 +234,7 @@  void libxl__logv(libxl_ctx *ctx, xentoollog_level msglevel, int errnoval,
     fileline[sizeof(fileline)-1] = 0;
 
     domain[0] = 0;
-    if (domid != INVALID_DOMID)
+    if (libxl_domid_valid_guest(domid))
         snprintf(domain, sizeof(domain), "Domain %"PRIu32":", domid);
  x:
     xtl_log(ctx->lg, msglevel, errnoval, "libxl",
diff --git a/tools/libxl/libxl_types.idl b/tools/libxl/libxl_types.idl
index 7921950f6a..d0d431614f 100644
--- a/tools/libxl/libxl_types.idl
+++ b/tools/libxl/libxl_types.idl
@@ -409,6 +409,7 @@  libxl_domain_create_info = Struct("domain_create_info",[
     ("ssidref",      uint32),
     ("ssid_label",   string),
     ("name",         string),
+    ("domid",        libxl_domid),
     ("uuid",         libxl_uuid),
     ("xsdata",       libxl_key_value_list),
     ("platformdata", libxl_key_value_list),
diff --git a/xen/include/public/xen.h b/xen/include/public/xen.h
index d2198dffad..75b1619d0d 100644
--- a/xen/include/public/xen.h
+++ b/xen/include/public/xen.h
@@ -614,6 +614,9 @@  DEFINE_XEN_GUEST_HANDLE(mmuext_op_t);
 /* Idle domain. */
 #define DOMID_IDLE           xen_mk_uint(0x7FFF)
 
+/* Mask for valid domain id values */
+#define DOMID_MASK           xen_mk_uint(0x7FFF)
+
 #ifndef __ASSEMBLY__
 
 typedef uint16_t domid_t;