From owner-freebsd-current@FreeBSD.ORG Thu Apr 8 07:29:13 2004 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0CFB616A4CF; Thu, 8 Apr 2004 07:29:13 -0700 (PDT) Received: from srv1.cosmo-project.de (srv1.cosmo-project.de [213.83.6.106]) by mx1.FreeBSD.org (Postfix) with ESMTP id 455D443D31; Thu, 8 Apr 2004 07:29:12 -0700 (PDT) (envelope-from ticso@cicely12.cicely.de) Received: from cicely5.cicely.de (cicely5.cicely.de [IPv6:3ffe:400:8d0:301:200:92ff:fe9b:20e7]) (authenticated bits=0) i38ESkUS083045 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=OK); Thu, 8 Apr 2004 16:28:48 +0200 (CEST) (envelope-from ticso@cicely12.cicely.de) Received: from cicely12.cicely.de (cicely12.cicely.de [IPv6:3ffe:400:8d0:301::12]) by cicely5.cicely.de (8.12.10/8.12.10) with ESMTP id i38ERihn076719 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 8 Apr 2004 16:27:45 +0200 (CEST) (envelope-from ticso@cicely12.cicely.de) Received: from cicely12.cicely.de (localhost [127.0.0.1]) by cicely12.cicely.de (8.12.11/8.12.11) with ESMTP id i38ERiEV006159; Thu, 8 Apr 2004 16:27:44 +0200 (CEST) (envelope-from ticso@cicely12.cicely.de) Received: (from ticso@localhost) by cicely12.cicely.de (8.12.11/8.12.11/Submit) id i38ERhfC006158; Thu, 8 Apr 2004 16:27:43 +0200 (CEST) (envelope-from ticso) Date: Thu, 8 Apr 2004 16:27:43 +0200 From: Bernd Walter To: Peter Jeremy Message-ID: <20040408142742.GD5279@cicely12.cicely.de> References: <20040408091030.GA6458@server.vk2pj.dyndns.org> <40751A74.50504@freebsd.org> <20040408114441.GB6458@server.vk2pj.dyndns.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20040408114441.GB6458@server.vk2pj.dyndns.org> X-Operating-System: FreeBSD cicely12.cicely.de 5.2-CURRENT alpha User-Agent: Mutt/1.5.6i X-Spam-Status: No, hits=-4.9 required=3.0 tests=BAYES_00 autolearn=ham version=2.61 X-Spam-Report: * -4.9 BAYES_00 BODY: Bayesian spam probability is 0 to 1% * [score: 0.0000] X-Spam-Checker-Version: SpamAssassin 2.61 (1.212.2.1-2003-12-09-exp) on cicely5.cicely.de cc: Robert Watson cc: current@freebsd.org Subject: Re: panic on one cpu leaves others running... X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: ticso@cicely.de List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Apr 2004 14:29:13 -0000 On Thu, Apr 08, 2004 at 09:44:41PM +1000, Peter Jeremy wrote: > On Thu, Apr 08, 2004 at 03:25:08AM -0600, Scott Long wrote: > >Peter Jeremy wrote: > >>On Thu, Apr 08, 2004 at 12:13:39AM -0400, Robert Watson wrote: > >> > >>>Funky, eh? I thought we used to have code to ipi the other cpu's and halt > >>>them until the cpu in ddb was out agian. I guess I mis-remember, or that > >>>code is broken... > >> > >> > >>Look on it as a feature - most other Unices can't survive a panic. > >>Being able to continue running in a degraded mode until a suitable > >>maintenance window is available would be a real selling point in > >>HA applications. Even being able to shutdown cleanly would be > >>better than coming to a screaming halt. :-) (sort of). > > > >Not sure if you're joking or not here. > > I was joking about the FreeBSD behaviour (hence the smiley) but serious > about the (potential) benefits of being able to degrade rather than die. > > > A panic usually means that > >something unrecoverable happened, and that continuing on is not safe. > > I realise that. Hence actually being able to continue after a panic > would be extremely difficult to do safely. (Probably not possible in > general, though it might be in some special cases). If it's save to continue then there's no need to panic at all. Just stoping the faulting parts would be enough in that case. That's the same what happens on disk failure - the processes that have their binaries on it can't continue but the remaining part still runs. I would also find it great if a filesystem panic just takes the given filesystem down instead of the whole host. -- B.Walter BWCT http://www.bwct.de ticso@bwct.de info@bwct.de