[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] xm shutdown timeout

> xend has a timeout such that if an 'xm shutdown' request does not result
> in the domain shutting down within a certain time period, the domain is
> violently destroyed.
> This seems like a strange choice - if the domain isn't responding
> properly to such requests, then it must be in a buggy state, and should
> surely be preserved for administrator action (dumping core, destroying,
> whatever).
> Is there any other purpose to this timeout?

As an educated guess: I suspect that the very original intent of this timeout 
was to put an upperbound on dom0's shutdown time if the xendomains script is 
being used.  This attempts to shutdown all the domains cleanly, but destroys 
them rudely if they take too long - similar to the usual attempts of init 0 
to shut down processes with SIGTERM, following up with SIGKILL...

It would be good to keep this behaviour for shutdown of domain 0, since 
otherwise there are denial-of-service issues with domUs holding up the reboot 
arbitrarily long.  However, for other scenarios it would be nice not to do 


Dave: Just a question. What use is a unicyle with no seat?  And no pedals!
Mark: To answer a question with a question: What use is a skateboard?
Dave: Skateboards have wheels.
Mark: My wheel has a wheel!

Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.