diff options
| author | Ian Jackson <ian.jackson@eu.citrix.com> | 2012-05-11 18:59:07 +0100 |
|---|---|---|
| committer | Ian Jackson <ian.jackson@eu.citrix.com> | 2012-05-11 18:59:07 +0100 |
| commit | a1a0db8f8deee6bbf41ae649f56cd70b84b2f8d9 (patch) | |
| tree | 2373a13f13f8ef711ae4608a51cc531708e82f29 /tools/libxl/libxl_event.c | |
| parent | 2fe033acfc82d768fd7b91016bc6205e1c44d7a3 (diff) | |
| download | xen-a1a0db8f8deee6bbf41ae649f56cd70b84b2f8d9.tar.gz xen-a1a0db8f8deee6bbf41ae649f56cd70b84b2f8d9.tar.bz2 xen-a1a0db8f8deee6bbf41ae649f56cd70b84b2f8d9.zip | |
libxl: abort bootloader invocation when domain dies
Cancel the bootloader (specifically, by sending it a signal) if the
domain is seen to disappear from xenstore.
We use a new utility event source libxl__domaindeathcheck which
provides a convenient wrapper for the xenstore watch.
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
Changes since v8:
* Fixed the commit message summary line.
Changes since v7:
* Add a comment explaining why we use a watch on the domain's
xenstore path rather than @releaseDomain.
* Fix typo in error message.
Committed-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
Diffstat (limited to 'tools/libxl/libxl_event.c')
| -rw-r--r-- | tools/libxl/libxl_event.c | 47 |
1 files changed, 47 insertions, 0 deletions
diff --git a/tools/libxl/libxl_event.c b/tools/libxl/libxl_event.c index 63719b2b5d..03d0498020 100644 --- a/tools/libxl/libxl_event.c +++ b/tools/libxl/libxl_event.c @@ -589,6 +589,53 @@ int libxl__ev_devstate_wait(libxl__gc *gc, libxl__ev_devstate *ds, } /* + * domain death/destruction + */ + +/* + * We use a xenstore watch on the domain's path, rather than using an + * @releaseDomain watch and asking the hypervisor. This is simpler + * because turning @releaseDomain into domain-specific information is + * complicated. + * + * It is also sufficient for our callers, which are generally trying + * to do cleanup of their own execution state on domain death, for the + * following reason: if the domain is destroyed then either (a) the + * entries in xenstore have already been deleted, in which case the + * test here works or (b) they have not in which case something has + * gone very badly wrong and we are going to leak those xenstore + * entries, in which case trying to avoid leaking other stuff is + * futile. + */ + +static void domaindeathcheck_callback(libxl__egc *egc, libxl__ev_xswatch *w, + const char *watch_path, const char *event_path) +{ + libxl__domaindeathcheck *dc = CONTAINER_OF(w, *dc, watch); + EGC_GC; + const char *p = libxl__xs_read(gc, XBT_NULL, watch_path); + if (p) return; + + if (errno!=ENOENT) { + LIBXL__EVENT_DISASTER(egc,"failed to read xenstore" + " for domain detach check", errno, 0); + return; + } + + LOG(ERROR,"%s: domain %"PRIu32" removed (%s no longer in xenstore)", + dc->what, dc->domid, watch_path); + dc->callback(egc, dc); +} + +int libxl__domaindeathcheck_start(libxl__gc *gc, + libxl__domaindeathcheck *dc) +{ + const char *path = GCSPRINTF("/local/domain/%"PRIu32, dc->domid); + return libxl__ev_xswatch_register(gc, &dc->watch, + domaindeathcheck_callback, path); +} + +/* * osevent poll */ |