Re: [Fastboot] [PATCH] kdump: add a missing notifier before crashing

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: ebiederm@xmission.com (Eric W. Biederman)
To: "Akiyama, Nobuyuki" <akiyama.nobuyuk@jp.fujitsu.com>
Cc: fastboot@lists.osdl.org, linux-kernel@vger.kernel.org
Subject: Re: [Fastboot] [PATCH] kdump: add a missing notifier before crashing
Date: Fri, 16 Jun 2006 00:28:08 -0600	[thread overview]
Message-ID: <m1d5d9pqbr.fsf@ebiederm.dsl.xmission.com> (raw)
In-Reply-To: <20060615201621.6e67d149.akiyama.nobuyuk@jp.fujitsu.com> (Nobuyuki Akiyama's message of "Thu, 15 Jun 2006 20:16:21 +0900")

"Akiyama, Nobuyuki" <akiyama.nobuyuk@jp.fujitsu.com> writes:

> Hi all,
>
> The attached patch adds a missing notifier before crashing.
> This patch is remade to follow the former discussions.
> The change is that a notifier calling becomes optional.
> Please refer to the following thread for details:
>
> http://lists.osdl.org/pipermail/fastboot/2006-May/003018.html
>
> Description:
> We don't have a simple and light weight way to know the kernel dies.
> The panic notifier does not be called if kdump is activated
> because crash_kexec() does not return, and there is no mechanism to
> notify of a crash before crashing by SysRq-c.
> Although notify_die() exists, the function depends on architecture.
> If notify_die() is added in panic and SysRq respectively like
> existing implementation, the code will be ugly.
> I think that adding a generic hook in crash_kexec() is better to
> simplify the code.
>
> This new notifier is useful, especially for a clustering system.
> On a mission critical system, failover need to start within a few
> milli-second. The notifier could be called on 2nd kernel, but it is
> no use because it takes the time of second order to boot up.
>
> The attached patch is against 2.6.17-rc6-git5.
> I tested on i386-box.

Please give a concrete example of a failure mode where this allows
you to meet your timing constraint.

I have yet to be convinced that this actually solves a real world
problem.

What is the cost of the notifier you wish to implement?
What is your guarantee that the system won't have wasted seconds
detecting it can't allocate memory or other cases?

If we go this route the notifier should not be exported to modules.
Only the most scrutinized of code paths should ever set this,
and code like that should never be a module.

The patchset that adds the notifier call needs to include the notifier
so people can look and see how sane this is.

So far what I have seen are hand waving arguments that failures
that can never happen must be detected and reported within
milliseconds to another machine in an unspecified manner.  Your kernel
startup times are asserted to be to large to do this from the next
kernel, but the code to do so is sufficiently complicated you can't do
this in the kexec code stub that runs before it starts your next
kernel.

I am sympathetic but this interface seems to set expectations that
we can the impossible, and it still appears unnecessary to me.

Eric

next prev parent reply	other threads:[~2006-06-16  6:28 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2006-06-15 11:16 [PATCH] kdump: add a missing notifier before crashing Akiyama, Nobuyuki
2006-06-16  6:28 ` Eric W. Biederman [this message]
2006-06-16 12:15   ` [Fastboot] " Akiyama, Nobuyuki
2006-06-16 16:37     ` Eric W. Biederman
2006-06-19  7:30       ` Akiyama, Nobuyuki
2006-06-19 12:47         ` Eric W. Biederman
2006-06-19 13:28           ` Preben Traerup
2006-06-19 16:49             ` Eric W. Biederman
2006-06-19 17:07               ` Vivek Goyal
2006-06-19 17:50                 ` Eric W. Biederman
2006-06-19 18:19                   ` Vivek Goyal
2006-06-19 18:45                     ` Eric W. Biederman
2006-06-20  3:46                   ` Akiyama, Nobuyuki
2006-06-20  3:39             ` Akiyama, Nobuyuki
  -- strict thread matches above, loose matches on Subject: below --
2006-07-04 12:33 Akiyama, Nobuyuki
2006-07-05 16:14 ` [Fastboot] " Eric W. Biederman

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=m1d5d9pqbr.fsf@ebiederm.dsl.xmission.com \
    --to=ebiederm@xmission.com \
    --cc=akiyama.nobuyuk@jp.fujitsu.com \
    --cc=fastboot@lists.osdl.org \
    --cc=linux-kernel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox