[PATCH v2] tools/hotplug: Don't ever kill xenstored

All of lore.kernel.org
 help / color / mirror / Atom feed

* [PATCH v2] tools/hotplug: Don't ever kill xenstored
@ 2015-02-24  8:05 Ross Lagerwall
  2015-02-24 11:45 ` Wei Liu
  0 siblings, 1 reply; 4+ messages in thread
From: Ross Lagerwall @ 2015-02-24  8:05 UTC (permalink / raw)
  To: xen-devel
  Cc: Olaf Hering, Wei Liu, Ian Campbell, Stefano Stabellini,
	Ian Jackson, Ross Lagerwall

Don't kill xenstored as part of the usual service shutdown process to
prevent hangs on shutdown where the kernel tries to unplug a VIF
after xenstored has exited.

In an ideal case with all guests cooperating, xendomains will have shut
down all guests before xenstored is killed.

However in the uncooperative case, malicious or crashed guests may still
be running after xendomains has exited and this should not block the
shutdown/reboot of dom0.

Xenstored has no state to sync to disk, and never used to be killed in
the sysvinit case; observe the warning in xencommons.  Our testing has
shown regressions caused by the change in behaviour between sysvinit and
systemd when it comes to killing xenstored.

Signed-off-by: Ross Lagerwall <ross.lagerwall@citrix.com>
---
KillMode=none is definitely available in at least systemd v208.

Changed in v2: Added justification of change.

 tools/hotplug/Linux/systemd/xenstored.service.in | 1 +
 1 file changed, 1 insertion(+)

diff --git a/tools/hotplug/Linux/systemd/xenstored.service.in b/tools/hotplug/Linux/systemd/xenstored.service.in
index 0f0ac58..a5f836b 100644
--- a/tools/hotplug/Linux/systemd/xenstored.service.in
+++ b/tools/hotplug/Linux/systemd/xenstored.service.in
@@ -8,6 +8,7 @@ ConditionPathExists=/proc/xen/capabilities

 [Service]
 Type=notify
+KillMode=none
 Environment=XENSTORED_ARGS=
 Environment=XENSTORED=@XENSTORED@
 EnvironmentFile=-@CONFIG_DIR@/@CONFIG_LEAF_DIR@/xencommons
-- 
2.1.0

^ permalink raw reply related	[flat|nested] 4+ messages in thread

* Re: [PATCH v2] tools/hotplug: Don't ever kill xenstored
  2015-02-24  8:05 [PATCH v2] tools/hotplug: Don't ever kill xenstored Ross Lagerwall
@ 2015-02-24 11:45 ` Wei Liu
  2015-02-24 16:43   ` Ian Campbell
  2015-02-24 16:44   ` Ian Campbell
  0 siblings, 2 replies; 4+ messages in thread
From: Wei Liu @ 2015-02-24 11:45 UTC (permalink / raw)
  To: Ross Lagerwall
  Cc: Olaf Hering, Wei Liu, Ian Campbell, Stefano Stabellini,
	Ian Jackson, xen-devel

On Tue, Feb 24, 2015 at 08:05:50AM +0000, Ross Lagerwall wrote:
> Don't kill xenstored as part of the usual service shutdown process to
> prevent hangs on shutdown where the kernel tries to unplug a VIF
> after xenstored has exited.
> 
> In an ideal case with all guests cooperating, xendomains will have shut
> down all guests before xenstored is killed.
> 
> However in the uncooperative case, malicious or crashed guests may still
> be running after xendomains has exited and this should not block the
> shutdown/reboot of dom0.
> 
> Xenstored has no state to sync to disk, and never used to be killed in
> the sysvinit case; observe the warning in xencommons.  Our testing has
> shown regressions caused by the change in behaviour between sysvinit and
> systemd when it comes to killing xenstored.
> 
> Signed-off-by: Ross Lagerwall <ross.lagerwall@citrix.com>

Acked-by: Wei Liu <wei.liu2@citrix.com>

> ---
> KillMode=none is definitely available in at least systemd v208.
> 
> Changed in v2: Added justification of change.
> 
>  tools/hotplug/Linux/systemd/xenstored.service.in | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/tools/hotplug/Linux/systemd/xenstored.service.in b/tools/hotplug/Linux/systemd/xenstored.service.in
> index 0f0ac58..a5f836b 100644
> --- a/tools/hotplug/Linux/systemd/xenstored.service.in
> +++ b/tools/hotplug/Linux/systemd/xenstored.service.in
> @@ -8,6 +8,7 @@ ConditionPathExists=/proc/xen/capabilities
>  
>  [Service]
>  Type=notify
> +KillMode=none
>  Environment=XENSTORED_ARGS=
>  Environment=XENSTORED=@XENSTORED@
>  EnvironmentFile=-@CONFIG_DIR@/@CONFIG_LEAF_DIR@/xencommons
> -- 
> 2.1.0

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH v2] tools/hotplug: Don't ever kill xenstored
  2015-02-24 11:45 ` Wei Liu
@ 2015-02-24 16:43   ` Ian Campbell
  2015-02-24 16:44   ` Ian Campbell
  1 sibling, 0 replies; 4+ messages in thread
From: Ian Campbell @ 2015-02-24 16:43 UTC (permalink / raw)
  To: Wei Liu
  Cc: Ross Lagerwall, Olaf Hering, Stefano Stabellini, Ian Jackson,
	xen-devel

On Tue, 2015-02-24 at 11:45 +0000, Wei Liu wrote:
> On Tue, Feb 24, 2015 at 08:05:50AM +0000, Ross Lagerwall wrote:
> > Don't kill xenstored as part of the usual service shutdown process to
> > prevent hangs on shutdown where the kernel tries to unplug a VIF
> > after xenstored has exited.
> > 
> > In an ideal case with all guests cooperating, xendomains will have shut
> > down all guests before xenstored is killed.
> > 
> > However in the uncooperative case, malicious or crashed guests may still
> > be running after xendomains has exited and this should not block the
> > shutdown/reboot of dom0.
> > 
> > Xenstored has no state to sync to disk, and never used to be killed in
> > the sysvinit case; observe the warning in xencommons.  Our testing has
> > shown regressions caused by the change in behaviour between sysvinit and
> > systemd when it comes to killing xenstored.
> > 
> > Signed-off-by: Ross Lagerwall <ross.lagerwall@citrix.com>
> 
> Acked-by: Wei Liu <wei.liu2@citrix.com>

Thanks. I added "systemd: " to the subject and applied.

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH v2] tools/hotplug: Don't ever kill xenstored
  2015-02-24 11:45 ` Wei Liu
  2015-02-24 16:43   ` Ian Campbell
@ 2015-02-24 16:44   ` Ian Campbell
  1 sibling, 0 replies; 4+ messages in thread
From: Ian Campbell @ 2015-02-24 16:44 UTC (permalink / raw)
  To: Wei Liu
  Cc: Ross Lagerwall, Olaf Hering, Stefano Stabellini, Ian Jackson,
	xen-devel

On Tue, 2015-02-24 at 11:45 +0000, Wei Liu wrote:
> On Tue, Feb 24, 2015 at 08:05:50AM +0000, Ross Lagerwall wrote:
> > Don't kill xenstored as part of the usual service shutdown process to
> > prevent hangs on shutdown where the kernel tries to unplug a VIF
> > after xenstored has exited.
> > 
> > In an ideal case with all guests cooperating, xendomains will have shut
> > down all guests before xenstored is killed.
> > 
> > However in the uncooperative case, malicious or crashed guests may still
> > be running after xendomains has exited and this should not block the
> > shutdown/reboot of dom0.
> > 
> > Xenstored has no state to sync to disk, and never used to be killed in
> > the sysvinit case; observe the warning in xencommons.  Our testing has
> > shown regressions caused by the change in behaviour between sysvinit and
> > systemd when it comes to killing xenstored.
> > 
> > Signed-off-by: Ross Lagerwall <ross.lagerwall@citrix.com>
> 
> Acked-by: Wei Liu <wei.liu2@citrix.com>

Thanks. I added "systemd: " to the subject and applied.

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2015-02-24 16:44 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-02-24  8:05 [PATCH v2] tools/hotplug: Don't ever kill xenstored Ross Lagerwall
2015-02-24 11:45 ` Wei Liu
2015-02-24 16:43   ` Ian Campbell
2015-02-24 16:44   ` Ian Campbell

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.