[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] xen/domain: make shutdown state explicit

  • To: "Orzel, Michal" <michal.orzel@xxxxxxx>
  • From: Mykola Kvach <xakep.amatop@xxxxxxxxx>
  • Date: Tue, 24 Mar 2026 12:00:00 +0200
  • Arc-authentication-results: i=1; mx.google.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=Vti3dJ2V5oeI+p3j2rVJPrK82fkJwwm+IMJOx28LmOM=; fh=VOXfUY/9jxVlo5Oie8g2PfMfSuQb+LU+K1sdCNvuHos=; b=Ai/rZHMI3Kk43VySoqCAf05LW1cT9fC1KZEFEHnbOTp4CJ1y/NQZATVl4N13AR8Q7C qHFWbHzaSgyfH1hhYmrRiikyCt2rDJOZAhwNazIwqZD5qpfxKNj5ZQMEahObbpWZp0pv eb+LmCe0YE8xP6snxgVR/CwbaPXPSychXzrPAYOKIusfEjc7tNSuRisSTPXoUnwPm0ig fzX9XjIVA5RvBBVvPENtRn6Uuq1emQNPnxtDV/ewz6cMwbJBVCVuHsejWQ71WgTUuF9+ CJTGeXvhxMBWY+h2WRbUhX/LUZ4B33GVtn4eydFtKf47frDoUi0pmqL2BW1BqoAGPJ/v zkcw==; darn=lists.xenproject.org
  • Arc-seal: i=1; a=rsa-sha256; t=1774346465; cv=none; d=google.com; s=arc-20240605; b=bzd0ZDY7qSSQwWaeY/JHYAYPRzLxRt86HMBG8mdY6MKjyoJhzN28XF4ulilEur13Mh c8gAbJo+H5xmvIjgp8hxZOjWcpiXplQaKZzn8xL6q0Wq7gRvYttpkn67iARvqRJwJN1t gx/vwBuC2F+6edmC+vS/L7vslGmccv02V8NDbtojLBrXbuyIyFPJ7BU2opltvLqH4+k0 nOQovdT1D3shcOMoNQtK2z9VhOjxd+abZ1hCHb45acKURuzjI7NgwcBcySqtEtsslFPU TZjbDA96wczdVUuHxK0EnjIsKxEy5GMprH5zYe4VHhc1v3m/bMleQkgbh2e7tydXc4QQ ziJg==
  • Authentication-results: eu.smtp.expurgate.cloud; dkim=pass header.s=20251104 header.d=gmail.com header.i="@gmail.com" header.h="Content-Transfer-Encoding:Cc:To:Subject:Message-ID:Date:From:In-Reply-To:References:MIME-Version"
  • Cc: xen-devel@xxxxxxxxxxxxxxxxxxxx, Mykola Kvach <mykola_kvach@xxxxxxxx>, Paul Durrant <paul@xxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Anthony PERARD <anthony.perard@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Tim Deegan <tim@xxxxxxx>, Dario Faggioli <dfaggioli@xxxxxxxx>, Juergen Gross <jgross@xxxxxxxx>, George Dunlap <gwd@xxxxxxxxxxxxxx>
  • Delivery-date: Tue, 24 Mar 2026 10:01:09 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
Hi Michal,

Thank you for the review.

On Thu, Mar 19, 2026 at 12:09 PM Orzel, Michal <michal.orzel@xxxxxxx> wrote:
>
>
>
> On 19/03/2026 00:25, Mykola Kvach wrote:
> > From: Mykola Kvach <mykola_kvach@xxxxxxxx>
> >
> > The domain shutdown flow currently overloads is_shutting_down and
> > is_shut_down to represent multiple phases of the shutdown lifecycle,
> > while some users treat is_shutting_down as a broader "domain is no
> > longer normal" condition.
> >
> > Make the shutdown lifecycle explicit by introducing
> > enum domain_shutdown_state and converting the existing users to helper
> > predicates describing whether shutdown is in progress, complete, or
> > active.
> >
> > At the same time, make domain_resume() validate its input state and
> > return an error to its callers. Resume is now accepted only from the
> > fully shut down state.
> Also, you limit it now to SHUTDOWN_suspend or SHUTDOWN_soft_reset. Ideally you
> should explain why i.e. resuming from crash/poweroff/reboot is semantically
> meaningless.

That makes sense. Looking at the existing flow more closely, the
suspend and soft-reset cases are not symmetric.

For suspend, the intended semantics are explicit and long-standing:
the public SCHEDOP_shutdown documentation describes special resume
semantics only for SHUTDOWN_suspend, libxl documents resume for a
suspended domain, and xc_domain_resume has long rejected domains
which are not shut down with SHUTDOWN_suspend.

Soft reset is different. The toolstack may choose soft-reset as the
action for other shutdown reasons too, e.g. on_reboot=soft-reset.
In that case the domain reaches the soft-reset path with
shutdown_code still set to SHUTDOWN_reboot, and only afterwards the
toolstack decides to perform a soft reset. So the new validation in
domain_resume() is too strict for the existing soft-reset flow.

Given that, I agree the checks should not be there in the current
form.

I'll drop the checks in the next version.

Best regards,
Mykola

>
> >
> > This removes the implicit coupling between unrelated users of
> > is_shutting_down and makes the shutdown/resume state transitions
> > self-describing.
> >
> > Suggested-by: Jan Beulich <jbeulich@xxxxxxxx>
> > Signed-off-by: Mykola Kvach <mykola_kvach@xxxxxxxx>
> This is mostly a mechanical change. I verified that correct helpers are used 
> in
> place of old flags.
> Reviewed-by: Michal Orzel <michal.orzel@xxxxxxx>
>
> ~Michal
>

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.