Re: [Fastboot] [RFC][PATCH] Add missing notifier before crashing

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: Vivek Goyal <vgoyal@in.ibm.com>
To: ebiederm@xmission.com (Eric W. Biederman)
Cc: linux kernel mailing list <linux-kernel@vger.kernel.org>,
	Fastboot mailing list <fastboot@lists.osdl.org>,
	akiyama.nobuyuk@jp.fujitsu.com, Preben.Trarup@ericsson.com
Subject: Re: [Fastboot] [RFC][PATCH] Add missing notifier before crashing
Date: Fri, 2 Jun 2006 10:53:08 -0400	[thread overview]
Message-ID: <20060602145308.GA29610@in.ibm.com> (raw)
In-Reply-To: <m1fyin6agv.fsf@ebiederm.dsl.xmission.com>

On Fri, Jun 02, 2006 at 05:52:32AM -0600, Eric W. Biederman wrote:
> Preben Traerup <Preben.Trarup@ericsson.com> writes:
> 
> > Since I'm one of the people who very much would like best of both worlds,
> > I do belive Vivek Goyal's concern about the reliability of kdump must be
> > adressed properly.
> >
> > I do belive the crash notifier should at least be a list of its own.
> >   Attaching element to the list proves your are kdump aware - in theory
> >
> > However:
> >
> > Conceptually I do not like the princip of implementing crash notifier
> > as a list simply because for all (our) practical usage there will only
> > be one element attached to the list anyway.
> >
> > And as I belive crash notifiers only will be used by a very limited
> > number of users, I suggested in another mail that a simple
> >
> > if (function pointer)
> >    call functon
> >
> > approach to be used for this special case to keep things very simple.
> 
> I am completely against crash notifiers.  The code crash_kexec switches to
> is what is notified and it can do whatever it likes.  The premise is
> that the kernel does not work.  Therefore  we cannot safely notify
> kernel code.  We do the very minimal to get out of the kernel,
> and it is my opinion we still do to much.
> 
> The crash_kexec entry point is not about taking crash dumps.  It is
> about implementing policy when the kernel panics.  Generally the
> policy we want is a crash dump but the mechanism is general purpose
> and not limited to that.

Does that mean that we can implement only one policy which crash_kexec()
can execute. In this case clash seems to be that we want multiple policies
to co-exist. Like, a user wants to generate a notification for the 
remote node so that remote node takes over and then also take crash dump
to diagnose the source of problem on failing node.  


> 
> You can put anything you want for crash_kexec to execute.
> 

How do I ensure co-existence of multiple policies?

> If the problem is strictly limited to hardware failure and software
> can cope with that then don't panic the kernel and execute an orderly
> transition.
> 
> If software cannot cope, and must panic the kernel it clearly cannot
> do something sensible.

That's true. Anything which runs after panic() is running in an unreliable
environment. But I guess everybody understands that and all the code which
runs after panic(), is not guranteed to execute successfuly. Otherwise there
is no point in keeping panic_notifier_list around.

So the concern here is that how do we manage multiple policies which should
execute after a crash/panic?

Thanks
Vivek

next prev parent reply	other threads:[~2006-06-02 14:53 UTC|newest]

Thread overview: 21+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2006-05-30  9:33 [RFC][PATCH] Add missing notifier before crashing Akiyama, Nobuyuki
2006-05-30 14:56 ` [Fastboot] " Vivek Goyal
2006-05-31  9:20   ` Akiyama, Nobuyuki
2006-05-31 15:43     ` Vivek Goyal
2006-06-01 10:50       ` Preben Traerup
2006-06-01 12:37       ` Akiyama, Nobuyuki
2006-06-01 15:16         ` Vivek Goyal
2006-06-02  5:13           ` Akiyama, Nobuyuki
2006-06-02 10:08             ` Preben Traerup
2006-06-02 11:52               ` Eric W. Biederman
2006-06-02 13:20                 ` Preben Traerup
2006-06-02 15:20                   ` Eric W. Biederman
2006-06-02 15:37                     ` Vivek Goyal
2006-06-02 16:39                       ` Eric W. Biederman
2006-06-06  9:36                     ` Preben Traerup
2006-06-06 11:08                       ` Akiyama, Nobuyuki
2006-06-06 13:59                         ` Akiyama, Nobuyuki
2006-06-02 14:53                 ` Vivek Goyal [this message]
2006-06-05 11:46                 ` Akiyama, Nobuyuki
2006-06-02 14:56               ` Vivek Goyal
2006-06-06 10:12                 ` Preben Traerup

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20060602145308.GA29610@in.ibm.com \
    --to=vgoyal@in.ibm.com \
    --cc=Preben.Trarup@ericsson.com \
    --cc=akiyama.nobuyuk@jp.fujitsu.com \
    --cc=ebiederm@xmission.com \
    --cc=fastboot@lists.osdl.org \
    --cc=linux-kernel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox