Xen devel - Feb 2013 - [PATCH v2] hvm: Allow triple fault to imply crash rather than reboot

While the triple fault action on native hardware will result in a system
reset, any modern operating system can and will make use of less violent
reboot methods.  As a result, the most likely cause of a triple fault is a
fatal software bug.

This patch allows the toolstack to indicate that a triple fault should mean a
crash rather than a reboot.  The default of reboot still remains the same.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

--
Changes since v1:
 * "reboot" -> "reset"
 * v->domain -> d

diff -r 5af4f2ab06f3 -r de5df9f5af1d xen/arch/x86/hvm/hvm.c
--- a/xen/arch/x86/hvm/hvm.c
+++ b/xen/arch/x86/hvm/hvm.c
@@ -1233,9 +1233,14 @@ void hvm_hlt(unsigned long rflags)
 void hvm_triple_fault(void)
 {
     struct vcpu *v = current;
+    struct domain *d = v->domain;
+    u8 reason = d->arch.hvm_domain.params[HVM_PARAM_TRIPLE_FAULT_CRASH]
+        ? SHUTDOWN_crash : SHUTDOWN_reboot;
+
     gdprintk(XENLOG_INFO, "Triple fault on VCPU%d - "
-             "invoking HVM system reset.\n", v->vcpu_id);
-    domain_shutdown(v->domain, SHUTDOWN_reboot);
+             "invoking HVM system %s.\n", v->vcpu_id,
+             reason == SHUTDOWN_crash ? "crash" : "reset");
+    domain_shutdown(d, reason);
 }
 
 void hvm_inject_trap(struct hvm_trap *trap)
diff -r 5af4f2ab06f3 -r de5df9f5af1d xen/include/public/hvm/params.h
--- a/xen/include/public/hvm/params.h
+++ b/xen/include/public/hvm/params.h
@@ -142,6 +142,9 @@
 #define HVM_PARAM_ACCESS_RING_PFN   28
 #define HVM_PARAM_SHARING_RING_PFN  29
 
-#define HVM_NR_PARAMS          31
+/* Boolean: Should a triple fault imply crash rather than reboot? */
+#define HVM_PARAM_TRIPLE_FAULT_CRASH 31
+
+#define HVM_NR_PARAMS          32
 
 #endif /* __XEN_PUBLIC_HVM_PARAMS_H__ */