From mboxrd@z Thu Jan 1 00:00:00 1970 From: Daniel De Graaf Subject: [PATCH 7/7] tools/libxl: Allow dom0 to be destroyed Date: Thu, 27 Mar 2014 07:52:08 -0400 Message-ID: <1395921128-7086-8-git-send-email-dgdegra@tycho.nsa.gov> References: <1395921128-7086-1-git-send-email-dgdegra@tycho.nsa.gov> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <1395921128-7086-1-git-send-email-dgdegra@tycho.nsa.gov> List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xen.org Errors-To: xen-devel-bounces@lists.xen.org To: xen-devel@lists.xen.org Cc: dgdegra@tycho.nsa.gov, Ian Jackson , Ian Campbell , Stefano Stabellini List-Id: xen-devel@lists.xenproject.org When dom0 is not the hardware domain, it can be destroyed in the same way as any other service domain. To avoid accidental use when a domain is not resolved, destroying domain 0 requires passing -f to xl destroy. Since the hypervisor already prevents a domain from destroying itself, this patch is only useful in a disaggregated environment. Signed-off-by: Daniel De Graaf Cc: Ian Jackson Cc: Stefano Stabellini Cc: Ian Campbell --- docs/man/xl.pod.1 | 14 +++++++++++++- tools/libxl/xl_cmdimpl.c | 17 +++++++++++------ tools/libxl/xl_cmdtable.c | 5 ++++- 3 files changed, 28 insertions(+), 8 deletions(-) diff --git a/docs/man/xl.pod.1 b/docs/man/xl.pod.1 index f7ceaa8..fd35d32 100644 --- a/docs/man/xl.pod.1 +++ b/docs/man/xl.pod.1 @@ -218,13 +218,25 @@ Connect to console number I. Console numbers start from 0. =back -=item B I +=item B [I] I Immediately terminate the domain I. This doesn't give the domain OS any chance to react, and is the equivalent of ripping the power cord out on a physical machine. In most cases you will want to use the B command instead. +B + +=over 4 + +=item I<-f> + +Allow domain 0 to be destroyed. Because domain cannot destroy itself, this is +only possible when using a disaggregated toolstack, and is most useful when +using a hardware domain separated from domain 0. + +=back + =item B I Converts a domain name to a domain id. diff --git a/tools/libxl/xl_cmdimpl.c b/tools/libxl/xl_cmdimpl.c index 8389468..0b38b32 100644 --- a/tools/libxl/xl_cmdimpl.c +++ b/tools/libxl/xl_cmdimpl.c @@ -3053,12 +3053,14 @@ static void unpause_domain(uint32_t domid) libxl_domain_unpause(ctx, domid); } -static void destroy_domain(uint32_t domid) +static void destroy_domain(uint32_t domid, int force) { int rc; - if (domid == 0) { - fprintf(stderr, "Cannot destroy privileged domain 0.\n\n"); + if (domid == 0 && !force) { + fprintf(stderr, "Not destroying domain 0; use -f to force.\n" + "This can only be done when using a disaggregated " + "hardware domain and toolstack.\n\n"); exit(-1); } rc = libxl_domain_destroy(ctx, domid, 0); @@ -4157,12 +4159,15 @@ int main_unpause(int argc, char **argv) int main_destroy(int argc, char **argv) { int opt; + int force = 0; - SWITCH_FOREACH_OPT(opt, "", NULL, "destroy", 1) { - /* No options */ + SWITCH_FOREACH_OPT(opt, "f", NULL, "destroy", 1) { + case 'f': + force = 1; + break; } - destroy_domain(find_domain(argv[optind])); + destroy_domain(find_domain(argv[optind]), force); return 0; } diff --git a/tools/libxl/xl_cmdtable.c b/tools/libxl/xl_cmdtable.c index e8ab93a..4279b9f 100644 --- a/tools/libxl/xl_cmdtable.c +++ b/tools/libxl/xl_cmdtable.c @@ -56,7 +56,10 @@ struct cmd_spec cmd_table[] = { { "destroy", &main_destroy, 0, 1, "Terminate a domain immediately", - "", + "[options] \n", + "-f Permit destroying domain 0, which will only succeed\n" + " when run from disaggregated toolstack domain with a\n" + " hardware domain distinct from domain 0." }, { "shutdown", &main_shutdown, 0, 1, -- 1.8.5.3