Re: [PATCH v2 4/8] tools/ocaml/xenstored: only quit on SIGTERM when a reload is possible

[Jürgen Groß <jgross@xxxxxxxx>]

On 15.01.21 23:28, Edwin Török wrote:
> Currently when oxenstored receives SIGTERM it dumps its state and quits.
> It is possible to then restart it if --restart is given, however that is
> not always safe:
>
> * domains could have active transactions, and after a restart they would
> either reuse transaction IDs of already open transactions, or get an
> error back that the transaction doesn't exist
>
> * there could be pending data to send to a VM still in oxenstored's
>    queue which would be lost
>
> * there could be pending input to be processed from a VM in oxenstored's
>    queue which would be lost
>
> Prevent shutting down oxenstored via SIGTERM in the above situations.
> Also ignore domains marked as bad because oxenstored would never talk
> to them again.
>
> Signed-off-by: Edwin Török <edvin.torok@xxxxxxxxxx>
> Reviewed-by: Pau Ruiz Safont <pau.safont@xxxxxxxxxx>
> Reviewed-by: Christian Lindig <christian.lindig@xxxxxxxxxx>
>
> ---
> Changed since V1:
> * post publicly now that the XSA is out
> ---
>   tools/ocaml/xenstored/connection.ml  | 35 ++++++++++++++++++++++++++++
>   tools/ocaml/xenstored/connections.ml |  8 +++++++
>   tools/ocaml/xenstored/xenstored.ml   | 13 +++++++++--
>   tools/xenstore/xenstored_core.c      |  7 +++++-
I don't think you should modify tools/xenstore/xenstored_core.c in your
series.


Juergen

Attachment: OpenPGP_0xB0DE9DD628BF132F.asc
Description: application/pgp-keys

Attachment: OpenPGP_signature
Description: OpenPGP digital signature