|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [PATCH v1 02/27] xen/riscv: Implement construct_domain()
Hi, On 09/04/2026 22:39, Oleksii Kurochko wrote: + BUG_ON(v->is_initialised); + + kernel_load(kinfo); + initrd_load(kinfo, copy_to_guest_phys); + dtb_load(kinfo, copy_to_guest_phys);These all return void, despite this also being used for non-Dom0. Is it really fatal to a dom0less system if one out of many domains fail to be built?For a dom0less system, my opinion is that it should not be fatal, it should simply ignore a domain that fails to build and continue with the rest. However, with the current common dom0less code it will just panic(). This is a behavior I would like to change and it is on my TODO list. Regarding the functions returning void, this is because all of them currently call panic() on failure, which I expect will need to change in order to ignore a domain that fails to build in dom0less mode. For the current implementation of the common dom0less code this is fine, but I agree it should be addressed in a separate patch series. Especially when, despite the name, there is a Dom0? For this case, a failure there should indeed be fatal, so panic() is appropriate.I think you misunderstood. I wasn't referring to the building of Dom0 failing. Was rather emphasizing that when there is a Dom0, failure to create a DomU likely should even less so be fatal, as Dom0 could later rectify the situation.Oh, okay, then it is really less fatal if DomU creation will fail in the case of Dom0. I am not sure I agree with this statement. The goal of dom0less is to not have a dom0 at all. So there is no way to rectify after the fact. At least on Arm, we took the stance that boot failures are fatal because this is a clear signal that something went wrong. It may be more difficult to notice if you continue to boot. Cheers, -- Julien Grall
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |