Date: Thu, 08 Apr 2004 03:25:08 -0600 From: Scott Long <scottl@freebsd.org> To: Peter Jeremy <peterjeremy@optushome.com.au> Cc: current@freebsd.org Subject: Re: panic on one cpu leaves others running... Message-ID: <40751A74.50504@freebsd.org> In-Reply-To: <20040408091030.GA6458@server.vk2pj.dyndns.org> References: <Pine.NEB.3.96L.1040408001234.39416A-100000@fledge.watson.org> <20040408091030.GA6458@server.vk2pj.dyndns.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Peter Jeremy wrote: > On Thu, Apr 08, 2004 at 12:13:39AM -0400, Robert Watson wrote: > >>Funky, eh? I thought we used to have code to ipi the other cpu's and halt >>them until the cpu in ddb was out agian. I guess I mis-remember, or that >>code is broken... > > > Look on it as a feature - most other Unices can't survive a panic. > Being able to continue running in a degraded mode until a suitable > maintenance window is available would be a real selling point in > HA applications. Even being able to shutdown cleanly would be > better than coming to a screaming halt. :-) (sort of). > > Peter Not sure if you're joking or not here. A panic usually means that something unrecoverable happened, and that continuing on is not safe. Disregarding that, what if the process that paniced was holding a lock or other resources? It really doesn't make much sense to try to keep running. And yes, Linux has this 'feature' but is even more blatant about it; exceptions caused by a process in the top half of the kernel only result in that process being terminated. Other than possible syslog output, there is no other indication that something went wrong. I consider this to be an egregious violation of reliable computing. Scott
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?40751A74.50504>