svn commit: r296428 - head/sys/boot/common

Warner Losh imp at bsdimp.com
Mon Mar 7 16:28:14 UTC 2016 

On Mon, Mar 7, 2016 at 8:52 AM, Konstantin Belousov <kostikbel at gmail.com>
wrote:

> On Mon, Mar 07, 2016 at 08:39:47AM -0700, Ian Lepore wrote:
> > Is there no way to prevent the panic other than making the unwind data
> > be present?  Why can't the kernel be fixed to cope with the missing
> > data in some gentler way during a transition period?  Perhaps valid-but
> > -fake data could be generated if necessary?  Being unable to get a
> > stack traceback through a loaded module would be a small price to pay
> > for trouble-free updgrades.
>
> It is practically impossible to recover from partially-loaded object file'
> module.  The loader workaround currently only affects HEAD and since the
> MFC was done, 10.3 should be safe.  We always required lastest stable
> for the jump to next major branch.
>
> What could be done is demoting the panics (there are several, besides
> the one which was triggered) to a message and refusing to load the
> affected module. OTOH, if the reaction would be a message and not panic,
> it definitely go ignored for quite some time.
>

The new loader could also pass in some version or cookie in the metadata
that says it is the new one. The kernel could examine this and issue a
warning,
on amd64 / i386, that module linking may be incomplete and you'll need to
upgrade your /boot/loader if you encounter a crash.

Could the kernel detect that a .eh_frame module was loaded and ignore it
in "safe mode"? Perhaps combined with the new boot-loader cookie, this
would be an automatic way to not mysteriously crash.

Alternatively, is there a switch to clang 3.8 that says 'Don't generate the
new
relocation, use the old one instead" which would also be safe and allow a
less-bumpy transition?

Finally, would the partially loaded module stop at the first bad relocation,
or would it do them all and just skip the bad ones? Is the data from this
relocation
used all the time, or just when we're doing a stack unwind for an exception
or a backtrace?

Warner

More information about the svn-src-all mailing list