panic on one cpu leaves others running...
Scott Long
scottl at freebsd.org
Thu Apr 8 02:26:25 PDT 2004
Peter Jeremy wrote:
> On Thu, Apr 08, 2004 at 12:13:39AM -0400, Robert Watson wrote:
>
>>Funky, eh? I thought we used to have code to ipi the other cpu's and halt
>>them until the cpu in ddb was out agian. I guess I mis-remember, or that
>>code is broken...
>
>
> Look on it as a feature - most other Unices can't survive a panic.
> Being able to continue running in a degraded mode until a suitable
> maintenance window is available would be a real selling point in
> HA applications. Even being able to shutdown cleanly would be
> better than coming to a screaming halt. :-) (sort of).
>
> Peter
Not sure if you're joking or not here. A panic usually means that
something unrecoverable happened, and that continuing on is not safe.
Disregarding that, what if the process that paniced was holding a
lock or other resources? It really doesn't make much sense to try to
keep running. And yes, Linux has this 'feature' but is even more
blatant about it; exceptions caused by a process in the top half of
the kernel only result in that process being terminated. Other than
possible syslog output, there is no other indication that something
went wrong. I consider this to be an egregious violation of reliable
computing.
Scott
More information about the freebsd-current
mailing list