changeset: 4314:9922d5378faf
tag: tip
user: Anders Widell <[email protected]>
date: Thu Jun 20 12:42:37 2013 +0200
summary: osaf: Add time supervision of opensaf_reboot [#437]
Node ID 9922d5378fafdd9b4773b96be40c7bee33ee6858
---
** [tickets:#437] osaf: opensaf_reboot is not safe**
**Status:** fixed
**Created:** Fri May 31, 2013 10:30 AM UTC by Anders Widell
**Last Updated:** Fri May 31, 2013 11:27 AM UTC
**Owner:** Anders Widell
Migrated from <http://devel.opensaf.org/ticket/3085>
AMF uses opensaf_reboot as a panic operation. Under the hood the script calls
the command "reboot -f" which basically does sync() followed by reboot().
First issue is that the reboot command itself can fail if there is e.g. a hard
drive failure. fsck on reboot might possibly fix the problem.
Second issue is that sync() can hang forever if 1) there is a bug or corruption
in the file system, 2) a network file system server is not responding.
It is suggested that the opensaf_reboot command is time supervised and after a
timeout expires fallback to reboot() or "echo b > /proc/sysrq-trigger".
Out of memory situation should also be considered. The supervision mechanism
should be safe in the sense that no forks or memory allocation is needed to
reboot.
---
Sent from sourceforge.net because you indicated interest in
<https://sourceforge.net/p/opensaf/tickets/437/>
To unsubscribe from further messages, please visit
<https://sourceforge.net/auth/subscriptions/>
------------------------------------------------------------------------------
This SF.net email is sponsored by Windows:
Build for Windows Store.
http://p.sf.net/sfu/windows-dev2dev
_______________________________________________
Opensaf-tickets mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/opensaf-tickets
