From: Andrew Cooper <andrew.cooper3@citrix.com>
To: Keir Fraser <keir@xen.org>
Cc: Ian Campbell <Ian.Campbell@citrix.com>,
Jan Beulich <JBeulich@suse.com>,
"xen-devel@lists.xen.org" <xen-devel@lists.xen.org>
Subject: Re: [PATCH RFC] hvm: Allow triple fault to imply crash rather than reboot
Date: Mon, 4 Feb 2013 17:12:21 +0000 [thread overview]
Message-ID: <510FEBF5.1060708@citrix.com> (raw)
In-Reply-To: <CD359666.59FAD%keir@xen.org>
On 04/02/13 16:46, Keir Fraser wrote:
> On 04/02/2013 15:26, "Ian Campbell" <Ian.Campbell@citrix.com> wrote:
>
>> On Mon, 2013-02-04 at 14:25 +0000, Andrew Cooper wrote:
>>> While the triple fault action on native hardware will result in a system
>>> reset, any modern operating system can and will make use of less violent
>>> reboot methods. As a result, the most likely cause of a triple fault is a
>>> fatal software bug.
>>>
>>> This patch allows the toolstack to indicate that a triple fault should mean a
>>> crash rather than a reboot. The default of reboot still remains the same.
>> Just a random thought -- what about adding SHUTDOWN_triple_fault as an
>> explicit thing, then the toolstack can decide what to do?
> I kind of prefer that, although it will require changes to every toolstack.
>
> An alternative would be to do that, *and* still have the new HVM_PARAM, so
> that any SHUTDOWN_* code can be generated by a triple fault (including new
> SHUTDOWN_triple_fault) -- but defaulting to SHUTDOWN_reboot so that the
> default behaviour is still unchanged.
>
> Or, in any case, I'm not dead against the existing patch, it just seems less
> flexible than it could be. But maybe that flexibility is pointless.
>
> -- Keir
I considered this approach originally, but decided against it.
SHUTDOWN_triple_fault would be meaningless as a standard SCHOP_shutdown
parameter, and having the toolstack differentiate between _crash and
_triple_fault seems pointless.
I thought that the ideal end result would be specifying
on_triple_fault="reboot"|"crash"
In the vm.cfg file
The on_{crash,reboot} actions would still then take effect as usual.
Having said that, if _triple_fault is preferred, I am not overly
attached to this specific implementation.
If it isn't obvious, the motivation behind this patch is because I am
currently chasing a windows triple fault on Xen-4.2. It appears machine
specific, but related to our PV driver, and takes a long time to
reproduce. Having automated tests fail soon with a triple fault is
better than having the domain in question sit in a reboot loop until the
hour long timeout kicks in.
~Andrew
next prev parent reply other threads:[~2013-02-04 17:12 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-02-04 14:25 [PATCH RFC] hvm: Allow triple fault to imply crash rather than reboot Andrew Cooper
2013-02-04 14:46 ` Jan Beulich
2013-02-04 14:50 ` Andrew Cooper
2013-02-04 15:26 ` Ian Campbell
2013-02-04 16:46 ` Keir Fraser
2013-02-04 17:12 ` Andrew Cooper [this message]
2013-02-04 17:55 ` Keir Fraser
-- strict thread matches above, loose matches on Subject: below --
2016-11-07 12:56 Xuquan (Quan Xu)
2016-11-07 13:12 ` Andrew Cooper
2016-11-07 13:18 ` Xuquan (Quan Xu)
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=510FEBF5.1060708@citrix.com \
--to=andrew.cooper3@citrix.com \
--cc=Ian.Campbell@citrix.com \
--cc=JBeulich@suse.com \
--cc=keir@xen.org \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.