xenstored: Recover from corrupt tdb on reboot
Xen cannot work when xenstored's tdb is corrupt. When that happens
somehow (and we've seen it happen), even reboot doesn't recover from
it. It could: there is no state in tdb that needs to be persisted
across reboots.
This patch arranges that tdb is removed before xenstored is started,
provided it doesn't already run. This is safe, because:
* xenstored cannot be restarted. If it dies, Xen's screwed until
reboot.
* /usr/sbin/xend always starts xenstored anyway.
* xenstored locks its pid-file (see write_pidfile() in
tools/xenstore/xenstored_core.c), and refuses to start when it
can't.
* My patch makes /usr/sbin/xend remove tdb iff it can lock the
pid-file. In other words, it removes tdb only when xenstored is not
running, and locks it out until it is done.
Bonus fix: it also removes stale copies of the tdb xenstored tends
to leave behind when it exits uncleanly.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
projects / xen.git / commit