Re: [PATCH] shutdown.c - halt_action

[Ben Thomas <bthomas@virtualiron.com>]

Hi Keir,

As always, there are alternatives to almost any issue. I had
considered just fixing up the instances (eg, #3 below), but
decided on an alternate approach for a few reasons.  I'll
spare you the reasoning, and jump to another proposal.

As you note, there are a few calls to machine_halt:

fatal_trap
do_double_fault

maybe_reboot (with opt_noreboot set)
panic (with opt_noreboot set)
dom0_shutdown (with poweroff requested)

This is the same list you mention below, and the last 3 items are
governed by a "switch", two of which would appear to default to
rebooting and one by specific request. So, let's assume that those
3 are ok.  What would you like done with fatal_trap and
do_double_fault ?  Should they be handled the same as panic and
maybe_reboot ? More specifically, perhaps fatal_trap, do_double_fault
and panic should just call maybe_reboot rather than machine_halt.
That keeps a common routine, which I like for reasons of maintenance
and defensiveness; it defaults to rebooting, but can be set to
halting; it builds off the exiting boot parameter. And, my real goal,
it allows the option of not halting. Unfortunately, it will change
some of the current behavior in that fatal_trap and do_double_fault
will now reboot and not halt.  Is that an acceptable difference ?

Does that more closely approximate what you'd like to see ?


Thanks,
-b


-
Keir Fraser wrote:
> On 3/11/06 9:29 pm, "Ben Thomas" <bthomas@virtualiron.com> wrote:
> 
> 
>>It's not always desirable for a system to halt.  The hypervisor has a
>>number of places where it does request a halt, and this might be useful
>>for debugging, but not always in a production environment. Add a
>>hypervisor command line parameter, halt_action, which allows the
>>overriding of any halt requests.  The parameter takes the form of
>>halt_action=halt, halt_action=reboot or halt_action=reboot:20
>>for halting, rebooting after a default 10 seconds, or rebooting after
>>a specified number of seconds. The default is halt_action=halt
>>and preserves existing behavior.
>>
>>Signed-off-by: Ben Thomas (ben@virtualiron.com)
> 
> 
> We halt in three situations:
>  1. Domain-0 asked us to (thru poweroff or halt)
>  2. 'noreboot' was specified as a boot parameter
>  3. We take an exception with IRQs disabled or we take a double fault.
> 
> Behaviours (1) and (2) are quite reasonable. We should really just fix (3)
> to (attempt to) reboot after a few seconds, just like any other fatal
> exception.
> 
>  -- Keir
> 
> 


-- 
------------------------------------------------------------------------
Ben Thomas                                         Virtual Iron Software
bthomas@virtualiron.com                            Tower 1, Floor 2
978-849-1214                                       900 Chelmsford Street
                                                    Lowell, MA 01851