Peter Jeremy wrote: > On Thu, Apr 08, 2004 at 12:13:39AM -0400, Robert Watson wrote: > >>Funky, eh? I thought we used to have code to ipi the other cpu's and halt >>them until the cpu in ddb was out agian. I guess I mis-remember, or that >>code is broken... > > > Look on it as a feature - most other Unices can't survive a panic. > Being able to continue running in a degraded mode until a suitable > maintenance window is available would be a real selling point in > HA applications. Even being able to shutdown cleanly would be > better than coming to a screaming halt. :-) (sort of). > > Peter Not sure if you're joking or not here. A panic usually means that something unrecoverable happened, and that continuing on is not safe. Disregarding that, what if the process that paniced was holding a lock or other resources? It really doesn't make much sense to try to keep running. And yes, Linux has this 'feature' but is even more blatant about it; exceptions caused by a process in the top half of the kernel only result in that process being terminated. Other than possible syslog output, there is no other indication that something went wrong. I consider this to be an egregious violation of reliable computing. ScottReceived on Thu Apr 08 2004 - 00:26:24 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:37:50 UTC