Re: [PATCH 00/22] HWPOISON: Intro (v5)

From: Alan Cox
Date: Mon Jun 15 2009 - 10:49:03 EST

Next message: Nicolas Ferre: "Re: [PATCH][Fix] New Unified AVR32/AT91 MCI Driver that supportsboth MCI slots used at the same time"
Previous message: Peter Zijlstra: "Re: [tip:perfcounters/core] x86: Add NMI types for kmap_atomic"
In reply to: H. Peter Anvin: "Re: [PATCH 00/22] HWPOISON: Intro (v5)"
Next in thread: Andi Kleen: "Re: [PATCH 00/22] HWPOISON: Intro (v5)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 15 Jun 2009 15:29:34 +0200
Andi Kleen <andi@xxxxxxxxxxxxxx> wrote:

>
> I think you're wrong about killing processes decreasing
> reliability. Traditionally we always tried to keep things running if possible
> instead of panicing. That is why ext3 or block does not default to panic
> on each IO error for example. Or oops does not panic by default like
> on BSDs. Your argumentation would be good for a traditional early Unix
> which likes to panic instead of handling errors, but that's not the
> Linux way as I know it.

Everyone I knew in the business end of deploying Linux turned on panics
for I/O errors, reboot on panic and all the rest of those.

Why ? because they don't want a system where the web server is running
but not logging transactions, or to find out the database is up but that
some other "must not fail" layer killed or stalled the backup server for
it last week ...

The I/O ones can really blow up on you in a reliable environment because
often the process still exists but isn't working so fools much of the
monitoring software.

> That said you can configure it anyways to panic if you want,
> but it would be a very bad default.

That depends for whom

> See also Linus' or hpa's statement on the topic.

Linus doesn't run big server systems. Its a really bad default for
developers. Its probably a bad default for desktop users.

> We did a lot of testing with these separate test suites and also
> some other tests. For much more it needs actual users pounding on it, and that
> can be only adequately done in mainline.

Thats why we have -next and -mm

> We did build tests on ia64 and power and it was reviewed by Tony for IA64.
> The ia64 specific code is not quite ready yet, but will come at some point.
>
> I don't think it's a requirement for merging to have PPC64 support.

Really - so if your design is wrong for the way PPC wants to work what
are we going to do ? It's not a requirement that PPC64 support is there
but it is most certainly a requirement that its been in -next a while and
other arch maintainers have at least had time to say "works for me",
"irrelevant to my platform" or "Arghhh noooo.. ECC errors work like
[this] so we need ..."

I'd guess that zSeries has some rather different views on how ECC
failures propogate through the hypervisors for example, including the
fact that a failed page can be unfailed which you don't seem to allow for.

(You can unfail pages on x86 as well it appears by scrubbing them via DMA
- yes ?)

Alan
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Nicolas Ferre: "Re: [PATCH][Fix] New Unified AVR32/AT91 MCI Driver that supportsboth MCI slots used at the same time"
Previous message: Peter Zijlstra: "Re: [tip:perfcounters/core] x86: Add NMI types for kmap_atomic"
In reply to: H. Peter Anvin: "Re: [PATCH 00/22] HWPOISON: Intro (v5)"
Next in thread: Andi Kleen: "Re: [PATCH 00/22] HWPOISON: Intro (v5)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]