Re: [Fastboot] Re: [BROKEN PATCH] kexec for ia64

From: Eric W. Biederman
Date: Thu Aug 05 2004 - 11:56:14 EST

Next message: Linus Torvalds: "Re: Linux 2.6.8-rc3 - BSD licensing"
Previous message: Brett Russ: "[PATCH] (IDE) restore access to low order LBA following error"
In reply to: Grant Grundler: "Re: [Fastboot] Re: [BROKEN PATCH] kexec for ia64"
Next in thread: Luck, Tony: "RE: [BROKEN PATCH] kexec for ia64"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Grant Grundler <iod00d@xxxxxx> writes:

> On Wed, Aug 04, 2004 at 08:14:55PM -0600, Eric W. Biederman wrote:

> > In the general case it appears to be overkill, incorrect and
> > insufficient to disable bus mastering on all PCI devices. Which is
> > why device_shutdown() calls device specific code.
>
> Is anyone else considering using kexec() to recover from a oops/panic?

Yes. That is what most of the recent discussion was about. Considering
this was one of the subjects brought up at the kernel summit I'm surprised
a lot of people have been thinking that way.

> What is the risk calling multiple device_shutdown() will expose another panic?

It has been agreed that device_shutdown() will not be called in the panic
path. What gets called on panic or other fatal case is going to be
a streamlined code path, that is little more than a jump to the
previously loaded kernel.

> While calling a device specific cleanup is best, I worry about how
> much code/data gets touched in this path. I was hoping something
> simple like twiddling bus master bit would be sufficient.
> If it's not, oh well.

The kernel on the other side of the kexec gets to do this. It will
run out of memory reserved for it in the kernel that panic'd since
boot time.

That is not perfect protection but it simple and quite good.
Especially with the addition of verifying a hash of the new kernel
before it messes with the hardware. (But that code gets to live
in /sbin/kexec and added as a prefix to the recovery kernel)

I don't expect that is enough to give a full recovery but it
should be sufficient to take a core dump of the system or
do any number of other interesting things. But before
running a full kernel it is expected that the entire system will
be reset, to get everything back into a sane state.

And of course all of this is largely architecture independent
so that the basic code should work on any architecture.

Eric
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Linus Torvalds: "Re: Linux 2.6.8-rc3 - BSD licensing"
Previous message: Brett Russ: "[PATCH] (IDE) restore access to low order LBA following error"
In reply to: Grant Grundler: "Re: [Fastboot] Re: [BROKEN PATCH] kexec for ia64"
Next in thread: Luck, Tony: "RE: [BROKEN PATCH] kexec for ia64"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]