[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v3] xen/domain: make shutdown state explicit

  • To: Jan Beulich <jbeulich@xxxxxxxx>
  • From: Mykola Kvach <xakep.amatop@xxxxxxxxx>
  • Date: Fri, 5 Jun 2026 10:12:01 +0300
  • Arc-authentication-results: i=1; mx.google.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=mYFbb7C6u57y5axG8xnN/AuKPSXpj2CSm8obC7VqplY=; fh=SpUAnj1XB8QFKdJ6Rvxlh85+C2bUr+7pUalEaLFIf8I=; b=CDxPAB2cYPuOJZuugeI/HU6G8cDC0NnQc7TcaAXpwUjHdG46JlK4EjXHanqTva8Ykp 7WQ4MFp1qZmCcU54fGMXDn27+xgpj2uKp9HeJF0plZ34FwL94bBkqFte7hPWe52JfnaC jlWGGGntdTzKPc1Zy36ou1KN/WR+jEgAgoggRgIIPtdiqS5Z/+izPPc7kIjS9yJavXFC OGJo4hJP/DCSwPgwTC+53AF7XIgBRrtfhlcKueP9exBZKW4b9i09N5S6SAlQHl5LKMTn mO6TIHMAaPbiGYpDftoLCTzsbDFbyLRCORIycx4mnp+l9+s8/Rvi2VQfVHs/mOlhv+ls iy8A==; darn=lists.xenproject.org
  • Arc-seal: i=1; a=rsa-sha256; t=1780643533; cv=none; d=google.com; s=arc-20240605; b=iDKpB43PG3eG5VZ+/mIrtmoBG5ec3C30Q49t+EUhZ38tpR/w52jo5G+DbPM4t2G1nR Qoknf6FsWgPjVymsPxpVpjiQOtGeLXtXlFOuVgREur3bKQtMZBGPfvHE2H9CHew+qKyd /QBCwwKjw1J6JyTw7ksz0dwhB3LOBeudrMqPo39wauTxmNoUs1WnsuC89NoaUOSpx+gg GwZN/c9hHT0f60q50VFNOY19fr7pe4BxqLTvrQYr+9u+n0oU8EAHTvoZwnxmGVWmchWB KGufwMNPesZbenq5TqfC3tMA8BUQpMiB1vTly+R+qVu/vreU3062wFoSs/NFkeD+GRo1 1L6w==
  • Authentication-results: eu.smtp.expurgate.cloud; dkim=pass header.s=20251104 header.d=gmail.com header.i="@gmail.com" header.h="Content-Transfer-Encoding:Cc:To:Subject:Message-ID:Date:From:In-Reply-To:References:MIME-Version"
  • Cc: Mykola Kvach <mykola_kvach@xxxxxxxx>, Paul Durrant <paul@xxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Teddy Astie <teddy.astie@xxxxxxxxxx>, Anthony PERARD <anthony.perard@xxxxxxxxxx>, Michal Orzel <michal.orzel@xxxxxxx>, Julien Grall <julien@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Tim Deegan <tim@xxxxxxx>, Dario Faggioli <dfaggioli@xxxxxxxx>, Juergen Gross <jgross@xxxxxxxx>, George Dunlap <gwd@xxxxxxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx
  • Delivery-date: Fri, 05 Jun 2026 07:12:22 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
Hi Jan,

Thank you for the review.

On Wed, Jun 3, 2026 at 3:46 PM Jan Beulich <jbeulich@xxxxxxxx> wrote:
>
> On 30.05.2026 09:23, Mykola Kvach wrote:
> > From: Mykola Kvach <mykola_kvach@xxxxxxxx>
> >
> > The shutdown flow currently uses is_shutting_down and is_shut_down to
> > represent the domain shutdown lifecycle. The two flags are not mutually
> > exclusive: after shutdown completion is_shutting_down remains set until
> > domain_resume() clears both flags.
> >
> > Replace the two booleans with an enum domain_shutdown_state. Keep
> > domain_shutting_down() as the direct replacement for the old
> > is_shutting_down flag: it is true once shutdown has been initiated and
> > remains true after completion, until domain_resume(). Add
> > domain_shutdown_completed() for users that need the final completed
> > state.
> >
> > This makes the state transition explicit while avoiding a semantic split
> > between "in progress" and "completed" at call sites where the old code
> > only cared that shutdown had started and had not yet been reset by
> > domain_resume().
> >
> > Suggested-by: Jan Beulich <jbeulich@xxxxxxxx>
> > Signed-off-by: Mykola Kvach <mykola_kvach@xxxxxxxx>
> > ---
> > Changes in v3:
> > - Keep domain_shutting_down() as a direct replacement for
> >   is_shutting_down: true from shutdown start until domain_resume(),
> >   including after shutdown completion.
> > - Drop domain_in_shutdown_state().
> > - Make old is_shutting_down conversions mechanical again; use
> >   domain_shutdown_completed() only for old is_shut_down users.
>
> And indeed this is now much easier to reason about, correctness-wise.
>
> > @@ -442,7 +442,8 @@ bool shadow_prealloc(struct domain *d, unsigned int 
> > type, unsigned int count)
> >          count += paging_logdirty_levels();
> >
> >      ret = _shadow_prealloc(d, count);
> > -    if ( !ret && (!d->is_shutting_down || d->shutdown_code != 
> > SHUTDOWN_crash) )
> > +    if ( !ret && (!domain_shutting_down(d) ||
> > +                  d->shutdown_code != SHUTDOWN_crash) )
>
> Please can this be
>
>     if ( !ret &&
>          (!domain_shutting_down(d) || d->shutdown_code != SHUTDOWN_crash) )
>
> ? Overall less indentation and fewer pending open parentheses at line ends.

Ack.

>
> > --- a/xen/arch/x86/mm/shadow/multi.c
> > +++ b/xen/arch/x86/mm/shadow/multi.c
> > @@ -2370,7 +2370,8 @@ static int cf_check sh_page_fault(
> >       * already used for some special purpose (ioreq pages, or granted 
> > pages).
> >       * If that happens we'll have killed the guest already but it's still 
> > not
> >       * safe to propagate entries out of the guest PT so get out now. */
> > -    if ( unlikely(d->is_shutting_down && d->shutdown_code == 
> > SHUTDOWN_crash) )
> > +    if ( unlikely(domain_shutting_down(d) &&
> > +                  d->shutdown_code == SHUTDOWN_crash) )
>
> While at it please correct the bogus use of unlikely() as well:
>
>     if ( unlikely(domain_shutting_down(d)) &&
>          d->shutdown_code == SHUTDOWN_crash )
>

Ack.

> > @@ -2494,7 +2495,8 @@ static int cf_check sh_page_fault(
> >           && ft == ft_demand_write )
> >          sh_unsync(v, gmfn);
> >
> > -    if ( unlikely(d->is_shutting_down && d->shutdown_code == 
> > SHUTDOWN_crash) )
> > +    if ( unlikely(domain_shutting_down(d) &&
> > +                  d->shutdown_code == SHUTDOWN_crash) )
>
> Same here then.

Ack.

>
> > @@ -382,6 +382,12 @@ struct domain_console {
> >      char buf[256];
> >  };
> >
> > +enum domain_shutdown_state {
> > +    DOMSHUTDOWN_none,
>
> This likely deserves a comment, as it has to remain first (with value 0).

Ack.

>
> > +    DOMSHUTDOWN_in_progress,
> > +    DOMSHUTDOWN_complete,
> > +};
>
> We further may want to make this a packed enum, such that ...
>
> > @@ -552,10 +558,9 @@ struct domain
> >      struct rangeset *iomem_caps;
> >      struct rangeset *irq_caps;
> >
> > -    /* Guest has shut down (inc. reason code)? */
> > +    /* Guest shutdown state and associated reason code. */
> >      spinlock_t       shutdown_lock;
> > -    bool             is_shutting_down; /* in process of shutting down? */
> > -    bool             is_shut_down;     /* fully shut down? */
> > +    enum domain_shutdown_state shutdown_state;
>
> ... it occupies only a single byte here. We could then fit three other
> booleans (or alike) next to it.

Ack.

Best regards,
Mykola

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.