Re: [Fastboot] [RFC][PATCH] Add missing notifier before crashing

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Vivek Goyal <vgoyal@in.ibm.com>
To: ebiederm@xmission.com (Eric W. Biederman)
Cc: linux kernel mailing list <linux-kernel@vger.kernel.org>,
	Fastboot mailing list <fastboot@lists.osdl.org>,
	akiyama.nobuyuk@jp.fujitsu.com, Preben.Trarup@ericsson.com
Subject: Re: [Fastboot] [RFC][PATCH] Add missing notifier before crashing
Date: Fri, 2 Jun 2006 10:53:08 -0400	[thread overview]
Message-ID: <20060602145308.GA29610@in.ibm.com> (raw)
In-Reply-To: <m1fyin6agv.fsf@ebiederm.dsl.xmission.com>

On Fri, Jun 02, 2006 at 05:52:32AM -0600, Eric W. Biederman wrote:
> Preben Traerup <Preben.Trarup@ericsson.com> writes:
> 
> > Since I'm one of the people who very much would like best of both worlds,
> > I do belive Vivek Goyal's concern about the reliability of kdump must be
> > adressed properly.
> >
> > I do belive the crash notifier should at least be a list of its own.
> >   Attaching element to the list proves your are kdump aware - in theory
> >
> > However:
> >
> > Conceptually I do not like the princip of implementing crash notifier
> > as a list simply because for all (our) practical usage there will only
> > be one element attached to the list anyway.
> >
> > And as I belive crash notifiers only will be used by a very limited
> > number of users, I suggested in another mail that a simple
> >
> > if (function pointer)
> >    call functon
> >
> > approach to be used for this special case to keep things very simple.
> 
> I am completely against crash notifiers.  The code crash_kexec switches to
> is what is notified and it can do whatever it likes.  The premise is
> that the kernel does not work.  Therefore  we cannot safely notify
> kernel code.  We do the very minimal to get out of the kernel,
> and it is my opinion we still do to much.
> 
> The crash_kexec entry point is not about taking crash dumps.  It is
> about implementing policy when the kernel panics.  Generally the
> policy we want is a crash dump but the mechanism is general purpose
> and not limited to that.

Does that mean that we can implement only one policy which crash_kexec()
can execute. In this case clash seems to be that we want multiple policies
to co-exist. Like, a user wants to generate a notification for the 
remote node so that remote node takes over and then also take crash dump
to diagnose the source of problem on failing node.  


> 
> You can put anything you want for crash_kexec to execute.
> 

How do I ensure co-existence of multiple policies?

> If the problem is strictly limited to hardware failure and software
> can cope with that then don't panic the kernel and execute an orderly
> transition.
> 
> If software cannot cope, and must panic the kernel it clearly cannot
> do something sensible.

That's true. Anything which runs after panic() is running in an unreliable
environment. But I guess everybody understands that and all the code which
runs after panic(), is not guranteed to execute successfuly. Otherwise there
is no point in keeping panic_notifier_list around.

So the concern here is that how do we manage multiple policies which should
execute after a crash/panic?

Thanks
Vivek

next prev parent reply	other threads:[~2006-06-02 14:53 UTC|newest]

Thread overview: 21+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2006-05-30  9:33 [RFC][PATCH] Add missing notifier before crashing Akiyama, Nobuyuki
2006-05-30 14:56 ` [Fastboot] " Vivek Goyal
2006-05-31  9:20   ` Akiyama, Nobuyuki
2006-05-31 15:43     ` Vivek Goyal
2006-06-01 10:50       ` Preben Traerup
2006-06-01 12:37       ` Akiyama, Nobuyuki
2006-06-01 15:16         ` Vivek Goyal
2006-06-02  5:13           ` Akiyama, Nobuyuki
2006-06-02 10:08             ` Preben Traerup
2006-06-02 11:52               ` Eric W. Biederman
2006-06-02 13:20                 ` Preben Traerup
2006-06-02 15:20                   ` Eric W. Biederman
2006-06-02 15:37                     ` Vivek Goyal
2006-06-02 16:39                       ` Eric W. Biederman
2006-06-06  9:36                     ` Preben Traerup
2006-06-06 11:08                       ` Akiyama, Nobuyuki
2006-06-06 13:59                         ` Akiyama, Nobuyuki
2006-06-02 14:53                 ` Vivek Goyal [this message]
2006-06-05 11:46                 ` Akiyama, Nobuyuki
2006-06-02 14:56               ` Vivek Goyal
2006-06-06 10:12                 ` Preben Traerup

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20060602145308.GA29610@in.ibm.com \
    --to=vgoyal@in.ibm.com \
    --cc=Preben.Trarup@ericsson.com \
    --cc=akiyama.nobuyuk@jp.fujitsu.com \
    --cc=ebiederm@xmission.com \
    --cc=fastboot@lists.osdl.org \
    --cc=linux-kernel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.