From: Ian Campbell <ian.campbell@citrix.com>
To: Ian Jackson <Ian.Jackson@eu.citrix.com>,
George Dunlap <dunlapg@umich.edu>
Cc: Shriram Rajagopalan <rshriram@cs.ubc.ca>,
Andrew Cooper <andrew.cooper3@citrix.com>,
Yang Hongyang <yanghy@cn.fujitsu.com>,
Martin Osterloh <osterlohm@ainfosec.com>,
"xen-devel@lists.xen.org" <xen-devel@lists.xen.org>
Subject: Re: Current LibXL Status
Date: Thu, 18 Feb 2016 17:26:33 +0000 [thread overview]
Message-ID: <1455816393.6225.59.camel@citrix.com> (raw)
In-Reply-To: <22213.64828.978431.135803@mariner.uk.xensource.com>
On Thu, 2016-02-18 at 17:19 +0000, Ian Jackson wrote:
> George Dunlap writes ("Re: [Xen-devel] Current LibXL Status"):
> > So what was the conclusion here? It looks like we've confirmed that
> > exit() is only called:
> >
> > 1. In the case of a malloc() failure
> > 2. in libxl-save-helper (a separate process forked by the library)
> > 3. In libxl__event_disaster(), if no callback is provided
> 4. In other processes forked by the library
>
> But, yes,l basically.
>
> > Which just leaves #1 as something to be discussed?
>
> Is this crashing on malloc failure a problem ?
It is for non-C language bindings which might be using garbage collection,
since they might be OOM from a malloc perspective but actually have loads
of spare memory waiting to be collected (which they might plausibly be
doing quite lazily).
I just reminded people of my proposal to provide a callback to allow the
app/bindings to run their gc here in my reply to George before I saw your
reply.
> From the point of view of libxl's innards, making malloc failures
> fatal means that nothing that allocates memory needs to care about
> malloc failures. That massively reduces the number of error paths to
> be considered and eliminates an entire class of (largely theoretical)
> bugs.
>
> And often there is no good recovery possible (and logging the error is
> hard too).
>
> I'm not sure whether I'd want to change this policy even if someone
> wanted to commit to auditing libxl and submitting the necessary
> patches to cope with every malloc failure. Having to cope with malloc
> failure would be a continual burden on every proposed change or new
> feature.
I agree that we don't want to change this policy, but I think an OOM hook
is sufficient to solve the actual problem.
> If in practice this is a problem it would probaby be better to run
> libxl in a process which can be restarted if it dies due to malloc
> failure.
>
> Ian.
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
next prev parent reply other threads:[~2016-02-18 17:26 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-11-18 18:32 Current LibXL Status Martin Osterloh
2015-11-19 9:20 ` Ian Campbell
2015-11-19 10:23 ` George Dunlap
2015-11-19 10:55 ` Andrew Cooper
2015-11-19 11:23 ` Ian Campbell
2015-11-19 11:30 ` Processed: " xen
2015-11-19 11:33 ` Andrew Cooper
2015-11-19 11:48 ` Ian Campbell
2015-11-19 11:55 ` Ian Campbell
2015-11-19 12:16 ` Ian Campbell
2015-11-20 0:30 ` Yang Hongyang
2016-02-18 17:09 ` George Dunlap
2016-02-18 17:19 ` Ian Jackson
2016-02-18 17:26 ` Ian Campbell [this message]
2016-02-18 17:40 ` George Dunlap
2016-02-18 17:24 ` Ian Campbell
2016-02-18 18:30 ` Ian Jackson
2015-11-19 15:34 ` George Dunlap
2016-02-18 17:26 ` George Dunlap
2016-02-18 17:39 ` Ian Campbell
2016-02-18 17:47 ` George Dunlap
2016-02-18 17:50 ` Ian Campbell
2016-02-18 18:15 ` libxl and malloc failure (Re: Current LibXL Status) Ian Jackson
2016-02-19 10:52 ` Ian Campbell
2016-02-19 11:00 ` Processed: " xen
2016-02-22 16:48 ` Ian Jackson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1455816393.6225.59.camel@citrix.com \
--to=ian.campbell@citrix.com \
--cc=Ian.Jackson@eu.citrix.com \
--cc=andrew.cooper3@citrix.com \
--cc=dunlapg@umich.edu \
--cc=osterlohm@ainfosec.com \
--cc=rshriram@cs.ubc.ca \
--cc=xen-devel@lists.xen.org \
--cc=yanghy@cn.fujitsu.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).