From mboxrd@z Thu Jan 1 00:00:00 1970 From: Ben Thomas Subject: Re: [PATCH] shutdown.c - halt_action Date: Mon, 06 Nov 2006 17:06:40 -0500 Message-ID: <454FB1F0.1040308@virtualiron.com> References: Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xensource.com Errors-To: xen-devel-bounces@lists.xensource.com To: Keir Fraser Cc: xen-devel@lists.xensource.com List-Id: xen-devel@lists.xenproject.org Hi Keir, As always, there are alternatives to almost any issue. I had considered just fixing up the instances (eg, #3 below), but decided on an alternate approach for a few reasons. I'll spare you the reasoning, and jump to another proposal. As you note, there are a few calls to machine_halt: fatal_trap do_double_fault maybe_reboot (with opt_noreboot set) panic (with opt_noreboot set) dom0_shutdown (with poweroff requested) This is the same list you mention below, and the last 3 items are governed by a "switch", two of which would appear to default to rebooting and one by specific request. So, let's assume that those 3 are ok. What would you like done with fatal_trap and do_double_fault ? Should they be handled the same as panic and maybe_reboot ? More specifically, perhaps fatal_trap, do_double_fault and panic should just call maybe_reboot rather than machine_halt. That keeps a common routine, which I like for reasons of maintenance and defensiveness; it defaults to rebooting, but can be set to halting; it builds off the exiting boot parameter. And, my real goal, it allows the option of not halting. Unfortunately, it will change some of the current behavior in that fatal_trap and do_double_fault will now reboot and not halt. Is that an acceptable difference ? Does that more closely approximate what you'd like to see ? Thanks, -b - Keir Fraser wrote: > On 3/11/06 9:29 pm, "Ben Thomas" wrote: > > >>It's not always desirable for a system to halt. The hypervisor has a >>number of places where it does request a halt, and this might be useful >>for debugging, but not always in a production environment. Add a >>hypervisor command line parameter, halt_action, which allows the >>overriding of any halt requests. The parameter takes the form of >>halt_action=halt, halt_action=reboot or halt_action=reboot:20 >>for halting, rebooting after a default 10 seconds, or rebooting after >>a specified number of seconds. The default is halt_action=halt >>and preserves existing behavior. >> >>Signed-off-by: Ben Thomas (ben@virtualiron.com) > > > We halt in three situations: > 1. Domain-0 asked us to (thru poweroff or halt) > 2. 'noreboot' was specified as a boot parameter > 3. We take an exception with IRQs disabled or we take a double fault. > > Behaviours (1) and (2) are quite reasonable. We should really just fix (3) > to (attempt to) reboot after a few seconds, just like any other fatal > exception. > > -- Keir > > -- ------------------------------------------------------------------------ Ben Thomas Virtual Iron Software bthomas@virtualiron.com Tower 1, Floor 2 978-849-1214 900 Chelmsford Street Lowell, MA 01851