|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-devel] [PATCH 7/7] tools/libxl: Allow dom0 to be destroyed
When dom0 is not the hardware domain, it can be destroyed in the same
way as any other service domain. To avoid accidental use when a domain
is not resolved, destroying domain 0 requires passing -f to xl destroy.
Since the hypervisor already prevents a domain from destroying itself,
this patch is only useful in a disaggregated environment.
Signed-off-by: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
Cc: Ian Jackson <ian.jackson@xxxxxxxxxxxxx>
Cc: Stefano Stabellini <stefano.stabellini@xxxxxxxxxxxxx>
Cc: Ian Campbell <ian.campbell@xxxxxxxxxx>
---
docs/man/xl.pod.1 | 14 +++++++++++++-
tools/libxl/xl_cmdimpl.c | 17 +++++++++++------
tools/libxl/xl_cmdtable.c | 5 ++++-
3 files changed, 28 insertions(+), 8 deletions(-)
diff --git a/docs/man/xl.pod.1 b/docs/man/xl.pod.1
index f7ceaa8..fd35d32 100644
--- a/docs/man/xl.pod.1
+++ b/docs/man/xl.pod.1
@@ -218,13 +218,25 @@ Connect to console number I<NUM>. Console numbers start
from 0.
=back
-=item B<destroy> I<domain-id>
+=item B<destroy> [I<OPTIONS>] I<domain-id>
Immediately terminate the domain I<domain-id>. This doesn't give the
domain OS any chance to react, and is the equivalent of ripping the
power cord out on a physical machine. In most cases you will want to
use the B<shutdown> command instead.
+B<OPTIONS>
+
+=over 4
+
+=item I<-f>
+
+Allow domain 0 to be destroyed. Because domain cannot destroy itself, this is
+only possible when using a disaggregated toolstack, and is most useful when
+using a hardware domain separated from domain 0.
+
+=back
+
=item B<domid> I<domain-name>
Converts a domain name to a domain id.
diff --git a/tools/libxl/xl_cmdimpl.c b/tools/libxl/xl_cmdimpl.c
index 8389468..0b38b32 100644
--- a/tools/libxl/xl_cmdimpl.c
+++ b/tools/libxl/xl_cmdimpl.c
@@ -3053,12 +3053,14 @@ static void unpause_domain(uint32_t domid)
libxl_domain_unpause(ctx, domid);
}
-static void destroy_domain(uint32_t domid)
+static void destroy_domain(uint32_t domid, int force)
{
int rc;
- if (domid == 0) {
- fprintf(stderr, "Cannot destroy privileged domain 0.\n\n");
+ if (domid == 0 && !force) {
+ fprintf(stderr, "Not destroying domain 0; use -f to force.\n"
+ "This can only be done when using a disaggregated "
+ "hardware domain and toolstack.\n\n");
exit(-1);
}
rc = libxl_domain_destroy(ctx, domid, 0);
@@ -4157,12 +4159,15 @@ int main_unpause(int argc, char **argv)
int main_destroy(int argc, char **argv)
{
int opt;
+ int force = 0;
- SWITCH_FOREACH_OPT(opt, "", NULL, "destroy", 1) {
- /* No options */
+ SWITCH_FOREACH_OPT(opt, "f", NULL, "destroy", 1) {
+ case 'f':
+ force = 1;
+ break;
}
- destroy_domain(find_domain(argv[optind]));
+ destroy_domain(find_domain(argv[optind]), force);
return 0;
}
diff --git a/tools/libxl/xl_cmdtable.c b/tools/libxl/xl_cmdtable.c
index e8ab93a..4279b9f 100644
--- a/tools/libxl/xl_cmdtable.c
+++ b/tools/libxl/xl_cmdtable.c
@@ -56,7 +56,10 @@ struct cmd_spec cmd_table[] = {
{ "destroy",
&main_destroy, 0, 1,
"Terminate a domain immediately",
- "<Domain>",
+ "[options] <Domain>\n",
+ "-f Permit destroying domain 0, which will only
succeed\n"
+ " when run from disaggregated toolstack domain
with a\n"
+ " hardware domain distinct from domain 0."
},
{ "shutdown",
&main_shutdown, 0, 1,
--
1.8.5.3
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |