From owner-freebsd-current@FreeBSD.ORG Thu Apr 8 02:26:24 2004 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C852816A4D0; Thu, 8 Apr 2004 02:26:24 -0700 (PDT) Received: from pooker.samsco.org (pooker.samsco.org [168.103.85.57]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6B49F43D5F; Thu, 8 Apr 2004 02:26:24 -0700 (PDT) (envelope-from scottl@freebsd.org) Received: from freebsd.org (junior.samsco.home [192.168.0.6]) by pooker.samsco.org (8.12.10/8.12.10) with ESMTP id i389RoWn008799; Thu, 8 Apr 2004 03:27:50 -0600 (MDT) (envelope-from scottl@freebsd.org) Message-ID: <40751A74.50504@freebsd.org> Date: Thu, 08 Apr 2004 03:25:08 -0600 From: Scott Long User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.6) Gecko/20040304 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Peter Jeremy References: <20040408091030.GA6458@server.vk2pj.dyndns.org> In-Reply-To: <20040408091030.GA6458@server.vk2pj.dyndns.org> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Status: No, hits=0.0 required=3.8 tests=none autolearn=no version=2.63 X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on pooker.samsco.org cc: Robert Watson cc: current@freebsd.org Subject: Re: panic on one cpu leaves others running... X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Apr 2004 09:26:25 -0000 Peter Jeremy wrote: > On Thu, Apr 08, 2004 at 12:13:39AM -0400, Robert Watson wrote: > >>Funky, eh? I thought we used to have code to ipi the other cpu's and halt >>them until the cpu in ddb was out agian. I guess I mis-remember, or that >>code is broken... > > > Look on it as a feature - most other Unices can't survive a panic. > Being able to continue running in a degraded mode until a suitable > maintenance window is available would be a real selling point in > HA applications. Even being able to shutdown cleanly would be > better than coming to a screaming halt. :-) (sort of). > > Peter Not sure if you're joking or not here. A panic usually means that something unrecoverable happened, and that continuing on is not safe. Disregarding that, what if the process that paniced was holding a lock or other resources? It really doesn't make much sense to try to keep running. And yes, Linux has this 'feature' but is even more blatant about it; exceptions caused by a process in the top half of the kernel only result in that process being terminated. Other than possible syslog output, there is no other indication that something went wrong. I consider this to be an egregious violation of reliable computing. Scott