[PATCH 7/7] tools/libxl: Allow dom0 to be destroyed

From: Daniel De Graaf <dgdegra@tycho.nsa.gov>
To: xen-devel@lists.xen.org
Cc: dgdegra@tycho.nsa.gov, Ian Jackson <ian.jackson@eu.citrix.com>,
	Ian Campbell <ian.campbell@citrix.com>,
	Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Subject: [PATCH 7/7] tools/libxl: Allow dom0 to be destroyed
Date: Thu, 27 Mar 2014 07:52:08 -0400	[thread overview]
Message-ID: <1395921128-7086-8-git-send-email-dgdegra@tycho.nsa.gov> (raw)
In-Reply-To: <1395921128-7086-1-git-send-email-dgdegra@tycho.nsa.gov>

When dom0 is not the hardware domain, it can be destroyed in the same
way as any other service domain.  To avoid accidental use when a domain
is not resolved, destroying domain 0 requires passing -f to xl destroy.
Since the hypervisor already prevents a domain from destroying itself,
this patch is only useful in a disaggregated environment.

Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Cc: Ian Jackson <ian.jackson@eu.citrix.com>
Cc: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Cc: Ian Campbell <ian.campbell@citrix.com>
---
 docs/man/xl.pod.1         | 14 +++++++++++++-
 tools/libxl/xl_cmdimpl.c  | 17 +++++++++++------
 tools/libxl/xl_cmdtable.c |  5 ++++-
 3 files changed, 28 insertions(+), 8 deletions(-)

diff --git a/docs/man/xl.pod.1 b/docs/man/xl.pod.1
index f7ceaa8..fd35d32 100644
--- a/docs/man/xl.pod.1
+++ b/docs/man/xl.pod.1
@@ -218,13 +218,25 @@ Connect to console number I<NUM>. Console numbers start from 0.
 
 =back
 
-=item B<destroy> I<domain-id>
+=item B<destroy> [I<OPTIONS>] I<domain-id>
 
 Immediately terminate the domain I<domain-id>.  This doesn't give the
 domain OS any chance to react, and is the equivalent of ripping the
 power cord out on a physical machine.  In most cases you will want to
 use the B<shutdown> command instead.
 
+B<OPTIONS>
+
+=over 4
+
+=item I<-f>
+
+Allow domain 0 to be destroyed.  Because domain cannot destroy itself, this is
+only possible when using a disaggregated toolstack, and is most useful when
+using a hardware domain separated from domain 0.
+
+=back
+
 =item B<domid> I<domain-name>
 
 Converts a domain name to a domain id.
diff --git a/tools/libxl/xl_cmdimpl.c b/tools/libxl/xl_cmdimpl.c
index 8389468..0b38b32 100644
--- a/tools/libxl/xl_cmdimpl.c
+++ b/tools/libxl/xl_cmdimpl.c
@@ -3053,12 +3053,14 @@ static void unpause_domain(uint32_t domid)
     libxl_domain_unpause(ctx, domid);
 }
 
-static void destroy_domain(uint32_t domid)
+static void destroy_domain(uint32_t domid, int force)
 {
     int rc;
 
-    if (domid == 0) {
-        fprintf(stderr, "Cannot destroy privileged domain 0.\n\n");
+    if (domid == 0 && !force) {
+        fprintf(stderr, "Not destroying domain 0; use -f to force.\n"
+                        "This can only be done when using a disaggregated "
+                        "hardware domain and toolstack.\n\n");
         exit(-1);
     }
     rc = libxl_domain_destroy(ctx, domid, 0);
@@ -4157,12 +4159,15 @@ int main_unpause(int argc, char **argv)
 int main_destroy(int argc, char **argv)
 {
     int opt;
+    int force = 0;
 
-    SWITCH_FOREACH_OPT(opt, "", NULL, "destroy", 1) {
-        /* No options */
+    SWITCH_FOREACH_OPT(opt, "f", NULL, "destroy", 1) {
+    case 'f':
+        force = 1;
+        break;
     }
 
-    destroy_domain(find_domain(argv[optind]));
+    destroy_domain(find_domain(argv[optind]), force);
     return 0;
 }
 
diff --git a/tools/libxl/xl_cmdtable.c b/tools/libxl/xl_cmdtable.c
index e8ab93a..4279b9f 100644
--- a/tools/libxl/xl_cmdtable.c
+++ b/tools/libxl/xl_cmdtable.c
@@ -56,7 +56,10 @@ struct cmd_spec cmd_table[] = {
     { "destroy",
       &main_destroy, 0, 1,
       "Terminate a domain immediately",
-      "<Domain>",
+      "[options] <Domain>\n",
+      "-f                      Permit destroying domain 0, which will only succeed\n"
+      "                        when run from disaggregated toolstack domain with a\n"
+      "                        hardware domain distinct from domain 0."
     },
     { "shutdown",
       &main_shutdown, 0, 1,
-- 
1.8.5.3
