docs/misc/xenstore-ring.txt | 10 ++++---- docs/misc/xenstore.txt | 47 ++++++++++++++++++++++++++++++++++--- 2 files changed, 50 insertions(+), 7 deletions(-)
In the past there have been spotted some shortcomings in the Xenstore
interface, which should be repaired. Those are in detail:
- Using driver domains for large number of domains needs per domain
Xenstore quota [1]. The feedback sent was rather slim (one reply),
but it was preferring a new set of wire commands.
- XSA-349 [2] has shown that the current definition of watches is not
optimal, as it will trigger lots of events when a single one would
suffice: for detecting new backend devices the backends in the Linux
kernel are registering a watch for e.g. "/local/domain/0/backend"
which will fire for ANY sub-node written below this node (on a test
machine this added up to 91 watch events for only 3 devices).
This can be limited dramatically by extending the XS_WATCH command
to take another optional parameter specifying the depth of
subdirectories to be considered for sending watch events ("0" would
trigger a watch event only if the watched node itself being written).
- New features like above being added might make migration of guests
between hosts with different Xenstore variants harder, so it should
be possible to set the available feature set per domain. For socket
connections it should be possible to read the available features.
- The special watches @introduceDomain and @releaseDomain are rather
cumbersome to use, as they only tell you that SOME domain has been
introduced/released. Any consumer of those watches needs to scan
all domains on the host in order to find out the domid, causing
significant pressure on the dominfo hypercall (imagine a system
with 1000 domains running and one domain dying - there will be more
than 1000 watch events triggered and 1000 xl daemons will try to
find out whether "their" domain has died). Those watches should be
enhanced to optionally be specific to a single domain and to let the
event carry the related domid.
As some of those extensions will need to be considered in the Xenstore
migration stream, they should be defined in one go (in fact the 4th one
wouldn't need that, but it can easily be connected to the 2nd one).
As such extensions need to be flagged in the "features" in the ring
page anyway, it is fine to implement them independently.
Add the documentation of the new commands/features.
[1]: https://lists.xen.org/archives/html/xen-devel/2020-06/msg00291.html
[2]: http://xenbits.xen.org/xsa/advisory-349.html
Changes in V2:
- added new patch 1
- remove feature bits for dom0-only features
- get-features without domid returns Xenstore supported features
- get/set-quota without domid for global quota access
Juergen Gross (4):
tools/xenstore: modify feature bit specification in xenstore-ring.txt
tools/xenstore: add documentation for new set/get-feature commands
tools/xenstore: add documentation for new set/get-quota commands
tools/xenstore: add documentation for extended watch command
docs/misc/xenstore-ring.txt | 10 ++++----
docs/misc/xenstore.txt | 47 ++++++++++++++++++++++++++++++++++---
2 files changed, 50 insertions(+), 7 deletions(-)
--
2.35.3
Hi,
It seems that this series [1] has been stale for a while with actions needed from
the maintainers (review needed). So sending this email as a gentle reminder.
Thanks!
[1] https://patchwork.kernel.org/project/xen-devel/list/?series=645480
Kind regards,
Henry
> -----Original Message-----
> From: Xen-devel <xen-devel-bounces@lists.xenproject.org> On Behalf Of
> Juergen Gross
> Subject: [PATCH v2 0/4] tools/xenstore: add some new features to the
> documentation
>
> In the past there have been spotted some shortcomings in the Xenstore
> interface, which should be repaired. Those are in detail:
>
> - Using driver domains for large number of domains needs per domain
> Xenstore quota [1]. The feedback sent was rather slim (one reply),
> but it was preferring a new set of wire commands.
>
> - XSA-349 [2] has shown that the current definition of watches is not
> optimal, as it will trigger lots of events when a single one would
> suffice: for detecting new backend devices the backends in the Linux
> kernel are registering a watch for e.g. "/local/domain/0/backend"
> which will fire for ANY sub-node written below this node (on a test
> machine this added up to 91 watch events for only 3 devices).
> This can be limited dramatically by extending the XS_WATCH command
> to take another optional parameter specifying the depth of
> subdirectories to be considered for sending watch events ("0" would
> trigger a watch event only if the watched node itself being written).
>
> - New features like above being added might make migration of guests
> between hosts with different Xenstore variants harder, so it should
> be possible to set the available feature set per domain. For socket
> connections it should be possible to read the available features.
>
> - The special watches @introduceDomain and @releaseDomain are rather
> cumbersome to use, as they only tell you that SOME domain has been
> introduced/released. Any consumer of those watches needs to scan
> all domains on the host in order to find out the domid, causing
> significant pressure on the dominfo hypercall (imagine a system
> with 1000 domains running and one domain dying - there will be more
> than 1000 watch events triggered and 1000 xl daemons will try to
> find out whether "their" domain has died). Those watches should be
> enhanced to optionally be specific to a single domain and to let the
> event carry the related domid.
>
> As some of those extensions will need to be considered in the Xenstore
> migration stream, they should be defined in one go (in fact the 4th one
> wouldn't need that, but it can easily be connected to the 2nd one).
> As such extensions need to be flagged in the "features" in the ring
> page anyway, it is fine to implement them independently.
>
> Add the documentation of the new commands/features.
>
> [1]: https://lists.xen.org/archives/html/xen-devel/2020-06/msg00291.html
> [2]: http://xenbits.xen.org/xsa/advisory-349.html
>
> Changes in V2:
> - added new patch 1
> - remove feature bits for dom0-only features
> - get-features without domid returns Xenstore supported features
> - get/set-quota without domid for global quota access
>
> Juergen Gross (4):
> tools/xenstore: modify feature bit specification in xenstore-ring.txt
> tools/xenstore: add documentation for new set/get-feature commands
> tools/xenstore: add documentation for new set/get-quota commands
> tools/xenstore: add documentation for extended watch command
>
> docs/misc/xenstore-ring.txt | 10 ++++----
> docs/misc/xenstore.txt | 47 ++++++++++++++++++++++++++++++++++---
> 2 files changed, 50 insertions(+), 7 deletions(-)
>
> --
> 2.35.3
>
On 27.05.2022 09:24, Juergen Gross wrote:
> In the past there have been spotted some shortcomings in the Xenstore
> interface, which should be repaired. Those are in detail:
>
> - Using driver domains for large number of domains needs per domain
> Xenstore quota [1]. The feedback sent was rather slim (one reply),
> but it was preferring a new set of wire commands.
>
> - XSA-349 [2] has shown that the current definition of watches is not
> optimal, as it will trigger lots of events when a single one would
> suffice: for detecting new backend devices the backends in the Linux
> kernel are registering a watch for e.g. "/local/domain/0/backend"
> which will fire for ANY sub-node written below this node (on a test
> machine this added up to 91 watch events for only 3 devices).
> This can be limited dramatically by extending the XS_WATCH command
> to take another optional parameter specifying the depth of
> subdirectories to be considered for sending watch events ("0" would
> trigger a watch event only if the watched node itself being written).
>
> - New features like above being added might make migration of guests
> between hosts with different Xenstore variants harder, so it should
> be possible to set the available feature set per domain. For socket
> connections it should be possible to read the available features.
>
> - The special watches @introduceDomain and @releaseDomain are rather
> cumbersome to use, as they only tell you that SOME domain has been
> introduced/released. Any consumer of those watches needs to scan
> all domains on the host in order to find out the domid, causing
> significant pressure on the dominfo hypercall (imagine a system
> with 1000 domains running and one domain dying - there will be more
> than 1000 watch events triggered and 1000 xl daemons will try to
> find out whether "their" domain has died). Those watches should be
> enhanced to optionally be specific to a single domain and to let the
> event carry the related domid.
>
> As some of those extensions will need to be considered in the Xenstore
> migration stream, they should be defined in one go (in fact the 4th one
> wouldn't need that, but it can easily be connected to the 2nd one).
> As such extensions need to be flagged in the "features" in the ring
> page anyway, it is fine to implement them independently.
>
> Add the documentation of the new commands/features.
>
> [1]: https://lists.xen.org/archives/html/xen-devel/2020-06/msg00291.html
> [2]: http://xenbits.xen.org/xsa/advisory-349.html
>
> Changes in V2:
> - added new patch 1
> - remove feature bits for dom0-only features
> - get-features without domid returns Xenstore supported features
> - get/set-quota without domid for global quota access
>
> Juergen Gross (4):
> tools/xenstore: modify feature bit specification in xenstore-ring.txt
> tools/xenstore: add documentation for new set/get-feature commands
> tools/xenstore: add documentation for new set/get-quota commands
> tools/xenstore: add documentation for extended watch command
Hmm, looks like I did commit v1 of this series, not noticing the v2 _and_
seeing there had been R-b with no other follow-up (leaving aside the v2)
in a long time. Please advise if I should revert the commits. I'm sorry
for the confusion. (I also wonder why the R-b weren't carried over to v2.)
Jan
Hi Jan,
On 18/07/2022 17:12, Jan Beulich wrote:
> On 27.05.2022 09:24, Juergen Gross wrote:
>> In the past there have been spotted some shortcomings in the Xenstore
>> interface, which should be repaired. Those are in detail:
>>
>> - Using driver domains for large number of domains needs per domain
>> Xenstore quota [1]. The feedback sent was rather slim (one reply),
>> but it was preferring a new set of wire commands.
>>
>> - XSA-349 [2] has shown that the current definition of watches is not
>> optimal, as it will trigger lots of events when a single one would
>> suffice: for detecting new backend devices the backends in the Linux
>> kernel are registering a watch for e.g. "/local/domain/0/backend"
>> which will fire for ANY sub-node written below this node (on a test
>> machine this added up to 91 watch events for only 3 devices).
>> This can be limited dramatically by extending the XS_WATCH command
>> to take another optional parameter specifying the depth of
>> subdirectories to be considered for sending watch events ("0" would
>> trigger a watch event only if the watched node itself being written).
>>
>> - New features like above being added might make migration of guests
>> between hosts with different Xenstore variants harder, so it should
>> be possible to set the available feature set per domain. For socket
>> connections it should be possible to read the available features.
>>
>> - The special watches @introduceDomain and @releaseDomain are rather
>> cumbersome to use, as they only tell you that SOME domain has been
>> introduced/released. Any consumer of those watches needs to scan
>> all domains on the host in order to find out the domid, causing
>> significant pressure on the dominfo hypercall (imagine a system
>> with 1000 domains running and one domain dying - there will be more
>> than 1000 watch events triggered and 1000 xl daemons will try to
>> find out whether "their" domain has died). Those watches should be
>> enhanced to optionally be specific to a single domain and to let the
>> event carry the related domid.
>>
>> As some of those extensions will need to be considered in the Xenstore
>> migration stream, they should be defined in one go (in fact the 4th one
>> wouldn't need that, but it can easily be connected to the 2nd one).
>> As such extensions need to be flagged in the "features" in the ring
>> page anyway, it is fine to implement them independently.
>>
>> Add the documentation of the new commands/features.
>>
>> [1]: https://lists.xen.org/archives/html/xen-devel/2020-06/msg00291.html
>> [2]: http://xenbits.xen.org/xsa/advisory-349.html
>>
>> Changes in V2:
>> - added new patch 1
>> - remove feature bits for dom0-only features
>> - get-features without domid returns Xenstore supported features
>> - get/set-quota without domid for global quota access
>>
>> Juergen Gross (4):
>> tools/xenstore: modify feature bit specification in xenstore-ring.txt
>> tools/xenstore: add documentation for new set/get-feature commands
>> tools/xenstore: add documentation for new set/get-quota commands
>> tools/xenstore: add documentation for extended watch command
>
> Hmm, looks like I did commit v1 of this series, not noticing the v2 _and_
> seeing there had been R-b with no other follow-up (leaving aside the v2)
> in a long time. Please advise if I should revert the commits. I'm sorry
> for the confusion. (I also wonder why the R-b weren't carried over to v2.)
patch #1 is a new patch. The patch #2, #3, #4 have been reworded and the
overall interaction is different. So I don't think the reviewed-by
should have been carried.
I had some concerns in v1 which were addressed in v2. I have reviewed v2
a while ago. From my perspective, patch #1, #3, #4 are ready to go.
Patch #2 needs a respin and we also need to clarify the integration with
migration/live-update.
As you committed, I would be OK if this is addressed in a follow-up
series. But this *must* be addressed by the time 4.17 is released
because otherwise we will commit ourself to a broken interface. @Henry,
please add this in the blocker list.
Cheers,
--
Julien Grall
On 18.07.2022 18:28, Julien Grall wrote:
> On 18/07/2022 17:12, Jan Beulich wrote:
>> On 27.05.2022 09:24, Juergen Gross wrote:
>>> In the past there have been spotted some shortcomings in the Xenstore
>>> interface, which should be repaired. Those are in detail:
>>>
>>> - Using driver domains for large number of domains needs per domain
>>> Xenstore quota [1]. The feedback sent was rather slim (one reply),
>>> but it was preferring a new set of wire commands.
>>>
>>> - XSA-349 [2] has shown that the current definition of watches is not
>>> optimal, as it will trigger lots of events when a single one would
>>> suffice: for detecting new backend devices the backends in the Linux
>>> kernel are registering a watch for e.g. "/local/domain/0/backend"
>>> which will fire for ANY sub-node written below this node (on a test
>>> machine this added up to 91 watch events for only 3 devices).
>>> This can be limited dramatically by extending the XS_WATCH command
>>> to take another optional parameter specifying the depth of
>>> subdirectories to be considered for sending watch events ("0" would
>>> trigger a watch event only if the watched node itself being written).
>>>
>>> - New features like above being added might make migration of guests
>>> between hosts with different Xenstore variants harder, so it should
>>> be possible to set the available feature set per domain. For socket
>>> connections it should be possible to read the available features.
>>>
>>> - The special watches @introduceDomain and @releaseDomain are rather
>>> cumbersome to use, as they only tell you that SOME domain has been
>>> introduced/released. Any consumer of those watches needs to scan
>>> all domains on the host in order to find out the domid, causing
>>> significant pressure on the dominfo hypercall (imagine a system
>>> with 1000 domains running and one domain dying - there will be more
>>> than 1000 watch events triggered and 1000 xl daemons will try to
>>> find out whether "their" domain has died). Those watches should be
>>> enhanced to optionally be specific to a single domain and to let the
>>> event carry the related domid.
>>>
>>> As some of those extensions will need to be considered in the Xenstore
>>> migration stream, they should be defined in one go (in fact the 4th one
>>> wouldn't need that, but it can easily be connected to the 2nd one).
>>> As such extensions need to be flagged in the "features" in the ring
>>> page anyway, it is fine to implement them independently.
>>>
>>> Add the documentation of the new commands/features.
>>>
>>> [1]: https://lists.xen.org/archives/html/xen-devel/2020-06/msg00291.html
>>> [2]: http://xenbits.xen.org/xsa/advisory-349.html
>>>
>>> Changes in V2:
>>> - added new patch 1
>>> - remove feature bits for dom0-only features
>>> - get-features without domid returns Xenstore supported features
>>> - get/set-quota without domid for global quota access
>>>
>>> Juergen Gross (4):
>>> tools/xenstore: modify feature bit specification in xenstore-ring.txt
>>> tools/xenstore: add documentation for new set/get-feature commands
>>> tools/xenstore: add documentation for new set/get-quota commands
>>> tools/xenstore: add documentation for extended watch command
>>
>> Hmm, looks like I did commit v1 of this series, not noticing the v2 _and_
>> seeing there had been R-b with no other follow-up (leaving aside the v2)
>> in a long time. Please advise if I should revert the commits. I'm sorry
>> for the confusion. (I also wonder why the R-b weren't carried over to v2.)
>
> patch #1 is a new patch. The patch #2, #3, #4 have been reworded and the
> overall interaction is different. So I don't think the reviewed-by
> should have been carried.
>
> I had some concerns in v1 which were addressed in v2. I have reviewed v2
> a while ago. From my perspective, patch #1, #3, #4 are ready to go.
> Patch #2 needs a respin and we also need to clarify the integration with
> migration/live-update.
>
> As you committed, I would be OK if this is addressed in a follow-up
> series. But this *must* be addressed by the time 4.17 is released
> because otherwise we will commit ourself to a broken interface. @Henry,
> please add this in the blocker list.
If you hadn't answered, I would have reverted these right away this
morning, in particular to remove the (now wrong) feature bit part
(patches 2 and 3 have dropped their feature bit additions in v2).
If you nevertheless think an incremental update is going to be okay,
I'll leave things alone. But personally I think this mistake of mine
would better be corrected immediately.
Jan
Hi Jan, On 19/07/2022 06:58, Jan Beulich wrote: > On 18.07.2022 18:28, Julien Grall wrote: >> On 18/07/2022 17:12, Jan Beulich wrote: >>> On 27.05.2022 09:24, Juergen Gross wrote: >> As you committed, I would be OK if this is addressed in a follow-up >> series. But this *must* be addressed by the time 4.17 is released >> because otherwise we will commit ourself to a broken interface. @Henry, >> please add this in the blocker list. > > If you hadn't answered, I would have reverted these right away this > morning, in particular to remove the (now wrong) feature bit part > (patches 2 and 3 have dropped their feature bit additions in v2). > If you nevertheless think an incremental update is going to be okay, > I'll leave things alone. But personally I think this mistake of mine > would better be corrected immediately. I wasn't arguing against a revert and it looks like Juergen is away for the next 2 weeks. So if you prefer to correct the mistake now, then please revert it. Cheers, -- Julien Grall
Hi Julien, > -----Original Message----- > From: Julien Grall <julien@xen.org> > Subject: Re: [PATCH v2 0/4] tools/xenstore: add some new features to the > documentation > > Hi Jan, > > On 18/07/2022 17:12, Jan Beulich wrote: > > On 27.05.2022 09:24, Juergen Gross wrote: > >> > >> Changes in V2: > >> - added new patch 1 > >> - remove feature bits for dom0-only features > >> - get-features without domid returns Xenstore supported features > >> - get/set-quota without domid for global quota access > >> > >> Juergen Gross (4): > >> tools/xenstore: modify feature bit specification in xenstore-ring.txt > >> tools/xenstore: add documentation for new set/get-feature commands > >> tools/xenstore: add documentation for new set/get-quota commands > >> tools/xenstore: add documentation for extended watch command > > > > Hmm, looks like I did commit v1 of this series, not noticing the v2 _and_ > > seeing there had been R-b with no other follow-up (leaving aside the v2) > > in a long time. Please advise if I should revert the commits. I'm sorry > > for the confusion. (I also wonder why the R-b weren't carried over to v2.) > > patch #1 is a new patch. The patch #2, #3, #4 have been reworded and the > overall interaction is different. So I don't think the reviewed-by > should have been carried. > > I had some concerns in v1 which were addressed in v2. I have reviewed v2 > a while ago. From my perspective, patch #1, #3, #4 are ready to go. > Patch #2 needs a respin and we also need to clarify the integration with > migration/live-update. > > As you committed, I would be OK if this is addressed in a follow-up > series. But this *must* be addressed by the time 4.17 is released > because otherwise we will commit ourself to a broken interface. @Henry, > please add this in the blocker list. Thank you very much for this information. I've added this in blocker list. I will keep that in mind and send (proper) reminders during the timeline of the 4.17 release process. Kind regards, Henry > > Cheers, > > -- > Julien Grall
© 2016 - 2024 Red Hat, Inc.