Thursday Mar 06, 2008

Making money and panicing

Last week I was going through a gargantuan depression triggered by
economic depression and realization that life is not fair and that
everyone and everything is mortal. I lurked around like a an unhappy
pumpkin till I got Terry Pratchett's latest - "Making Money". It put a
smile on my face the moment I felt it in my hand.

I finished the book cackling, laughing and giggling while maintaining
the unhappy pumpkin look. "Recursive premonition" caused me some
thought. There were some almost page turning moments towards the end.
Overall not as good as Thud! even, enjoyable if you are a fan.
Finished it sans unhappy pumpkin face. Then it hit me that I should be
further depressed due to the "embuggerance" Terry was diagnosed
with. That should have tickled the mortality factor of my depression.

That didn't happen and once again a Pratchett creation worked for me
as the perfect anti-depressant. I am now fit enough to tackle bugs
that should not exist in the first place. The current one is that
Solaris tries it's utmost to write dirty pages after panic. The
comment in zfs_sync tells the problem as it is.

/\*ARGSUSED\*/
int
zfs_sync(vfs_t \*vfsp, short flag, cred_t \*cr)
{
	/\*
	 \* Data integrity is job one.  We don't want a compromised kernel
	 \* writing to the storage pool, so we never sync during panic.
	 \*/
	if (panicstr)
		return (0);
...

That is not the only problem. After a panic there is only one cpu
running threads and there is no pre-emption. Perfectly normal calls
like mutex_enter() and delay() will behave differently after a panic.
Understandable. But does panic code account for all that? No!

usr/src/uts/common/os/panic.c:panicsys()

It first asks filesystems to sync() by calling vfs_sync on all mounted
file systems. I can work around by returning immediately if a panic is
in progress as ZFS does. Added that to PxFS. But panic is not done.
It calls pageout on every dirty page. To workaround I have to add the
same panic-check in pxfs's putpage. Did that and the bug is fixed.

But why? Why would you want pages from a compromised and hobbled
system to be written out? With a non-local filesystem almost nothing
works. You can't trust the data any more. System behavior after panic
is different enough to not trust locks and timeouts. My conclusion is
this is a throwback from the age of no-logging in ufs and pushing out
pages at panic was needed to avoid file system corruption.
About

binujp

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today