On 15.01.21 23:28, Edwin Török wrote:
> Currently when oxenstored receives SIGTERM it dumps its state and quits.
> It is possible to then restart it if --restart is given, however that is
> not always safe:
> 
> * domains could have active transactions, and after a restart they would
> either reuse transaction IDs of already open transactions, or get an
> error back that the transaction doesn't exist
> 
> * there could be pending data to send to a VM still in oxenstored's
>    queue which would be lost
> 
> * there could be pending input to be processed from a VM in oxenstored's
>    queue which would be lost
> 
> Prevent shutting down oxenstored via SIGTERM in the above situations.
> Also ignore domains marked as bad because oxenstored would never talk
> to them again.
> 
> Signed-off-by: Edwin Török <edvin.torok@citrix.com>
> Reviewed-by: Pau Ruiz Safont <pau.safont@citrix.com>
> Reviewed-by: Christian Lindig <christian.lindig@citrix.com>
> 
> ---
> Changed since V1:
> * post publicly now that the XSA is out
> ---
>   tools/ocaml/xenstored/connection.ml  | 35 ++++++++++++++++++++++++++++
>   tools/ocaml/xenstored/connections.ml |  8 +++++++
>   tools/ocaml/xenstored/xenstored.ml   | 13 +++++++++--
>   tools/xenstore/xenstored_core.c      |  7 +++++-

I don't think you should modify tools/xenstore/xenstored_core.c in your
series.


Juergen