dgit.raspbian.org Git - xen.git/commit

author	Wei Liu <wei.liu2@citrix.com>
	Thu, 4 Sep 2014 22:43:09 +0000 (23:43 +0100)
committer	Ian Campbell <ian.campbell@citrix.com>
	Tue, 9 Sep 2014 11:46:13 +0000 (12:46 +0100)
commit	b61d5a9a76363fad9cd10ac1c40288e01d43d85f
tree	cf18df6c6ba130223e627bbbfd017410196c7bab	tree \| snapshot
parent	d2cd9d4f56c3efd4d9e1b5040dfd7f418635554a	commit \| diff

libxl: properly lock userdata store

Originally libxl user data store didn't have lock at all. There could be
such race condition as mentioned by Ian Jackson:

  Task 1                                 Task 2
  Creating the domain                    Trying to shut down

    actually create domain
                                           observe domid
                                           start domain destruction
                                           delete all userdata
                                           destroy domain
    store the userdata
      *** forbidden state created: userdata exists but domain doesn't
      *** userdata has been leaked
    [ would now bomb out ]

This patch adds in proper locking to libxl user data store. The lock is
associated with a specific domain (i.e. a per-domain lock).

As for locking hierachy, we first take CTX lock (which is implemented
with pthread recursive mutex so even if the application has taken it
we're fine), then take the file lock. These locks are released in
reversed order.

A new libxl error code ERROR_LOCK_FAIL is introduced to describe failure
to acquire locks.

Also factor out libxl__userdata_{retrieve,store}, so that other
functions that already hold the lock can call them to manipulate
user data.

Signed-off-by: Wei Liu <wei.liu2@citrix.com>
Acked-by: Ian Campbell <ian.campbell@citrix.com>

tools/libxl/libxl.c		diff \| blob \| history
tools/libxl/libxl_dom.c		diff \| blob \| history
tools/libxl/libxl_internal.h		diff \| blob \| history
tools/libxl/libxl_types.idl		diff \| blob \| history