changeset: 4323:ff2940708f4c
branch: opensaf-4.3.x
tag: tip
parent: 4321:5eda40762ad8
user: Anders Widell <anders.widell@er..>
date: Thu Jun 20 12:42:37 2013 +0200
summary: osaf: Add time supervision of opensaf_reboot [#437]
Node ID ff2940708f4cdef35ce8bc4deacff1237a2570fd
---
** [tickets:#437] osaf: opensaf_reboot is not safe**
**Status:** fixed
**Created:** Fri May 31, 2013 10:30 AM UTC by Anders Widell
**Last Updated:** Thu Jun 20, 2013 11:40 AM UTC
**Owner:** Anders Widell
Migrated from <http://devel.opensaf.org/ticket/3085>
AMF uses opensaf_reboot as a panic operation. Under the hood the script calls
the command "reboot -f" which basically does sync() followed by reboot().
First issue is that the reboot command itself can fail if there is e.g. a hard
drive failure. fsck on reboot might possibly fix the problem.
Second issue is that sync() can hang forever if 1) there is a bug or corruption
in the file system, 2) a network file system server is not responding.
It is suggested that the opensaf_reboot command is time supervised and after a
timeout expires fallback to reboot() or "echo b > /proc/sysrq-trigger".
Out of memory situation should also be considered. The supervision mechanism
should be safe in the sense that no forks or memory allocation is needed to
reboot.
---
Sent from sourceforge.net because [email protected] is
subscribed to https://sourceforge.net/p/opensaf/tickets/
To unsubscribe from further messages, a project admin can change settings at
https://sourceforge.net/p/opensaf/admin/tickets/options. Or, if this is a
mailing list, you can unsubscribe from the mailing list.
------------------------------------------------------------------------------
This SF.net email is sponsored by Windows:
Build for Windows Store.
http://p.sf.net/sfu/windows-dev2dev
_______________________________________________
Opensaf-tickets mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/opensaf-tickets
