Xen project Mailing List

Re: [Xen-devel] Current LibXL Status

From: Ian Campbell <ian.campbell@xxxxxxxxxx>

Date: Thu, 18 Feb 2016 17:24:21 +0000

Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>, "xen-devel@xxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxx>, Martin Osterloh <osterlohm@xxxxxxxxxxxx>, Shriram Rajagopalan <rshriram@xxxxxxxxx>, Yang Hongyang <yanghy@xxxxxxxxxxxxxx>

Delivery-date: Thu, 18 Feb 2016 17:25:05 +0000

List-id: Xen developer discussion <xen-devel.lists.xen.org>

On Thu, 2016-02-18 at 17:09 +0000, George Dunlap wrote: > On Thu, Nov 19, 2015 at 12:16 PM, Ian Campbell <ian.campbell@xxxxxxxxxx> > wrote: > > On Thu, 2015-11-19 at 11:55 +0000, Ian Campbell wrote: > > > On Thu, 2015-11-19 at 11:48 +0000, Ian Campbell wrote: > > > > On Thu, 2015-11-19 at 11:33 +0000, Andrew Cooper wrote: > > > > > > > > > > The majority of those are cases are not appropriate uses of > > > > > exit(). > > > > > AFAIIR, the *only* valid use of exit() in a library is to clean > > > > > up in > > > > > a > > > > > child process from a library-initiated fork(). > > > > > > > > ... or (in this case) in the libxl-save-helper (separate process). > > > > > > > > The only one I can find which isn't one of this is > > > > in libxl__event_disaster, and that is only if the applications (or > > > > language > > > > bindings) haven't provided a suitable disaster callback. > > > > > > Was looking at 4.4, in staging I also see a very odd one in > > > drbd_preresume_async, which isn't obviously in a child process > > > AFAICT. > > > > > > Hongyang, what prevents that exit from killing the whole toolstack > > > process? > > > > I had missed an _async suffix on that function versus the one which was > > the > > actual callback, it is invoked via drbd_async_call which involves a > > fork(). > > So what was the conclusion here?ÂÂIt looks like we've confirmed that > exit() is only called: > > 1. In the case of a malloc() failure > 2. in libxl-save-helper (a separate process forked by the library) > 3. In libxl__event_disaster(), if no callback is provided > > Which just leaves #1 as something to be discussed? Somewhere/when I proposed handling #1 by having the small number of places which callÂlibxl__alloc_failed() call an application (or language binding) provided "please free some memory" hook (i.e. "please run your garbage collector") and then retry some appropriate number of times. Perhaps with an error code available for the hook to say "this is never going to help". There's less than a dozen such call sites so this is quite doable, vastly so compared with adding OOM error handling and reporting back up the callchain to all libxl functions. Ian. _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.