From xen-devel-bounces@lists.xen.org Thu Feb 18 17:43:15 2016 Received: (at maildrop) by bugs.xenproject.org; 18 Feb 2016 17:43:15 +0000 Received: from lists.xenproject.org ([50.57.142.19] helo=lists.xen.org) by bugs.xenproject.org with esmtp (Exim 4.80) (envelope-from ) id 1aWSbj-0008Gu-2f for xen-devel-maildrop-Eithu9ie@bugs.xenproject.org; Thu, 18 Feb 2016 17:43:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xen.org) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1aWSZL-0005OB-2e; Thu, 18 Feb 2016 17:40:47 +0000 Received: from mail6.bemta14.messagelabs.com ([193.109.254.103]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1aWSZJ-0005O5-Re for xen-devel@lists.xen.org; Thu, 18 Feb 2016 17:40:46 +0000 Received: from [193.109.254.147] by server-13.bemta-14.messagelabs.com id 6D/9F-08347-D1206C65; Thu, 18 Feb 2016 17:40:45 +0000 X-Env-Sender: dunlapg@gmail.com X-Msg-Ref: server-13.tower-27.messagelabs.com!1455817243!24948165!1 X-Originating-IP: [209.85.214.174] X-SpamReason: No, hits=0.3 required=7.0 tests=RCVD_BY_IP X-StarScan-Received: X-StarScan-Version: 7.35.1; banners=-,-,- X-VirusChecked: Checked Received: (qmail 26902 invoked from network); 18 Feb 2016 17:40:44 -0000 Received: from mail-ob0-f174.google.com (HELO mail-ob0-f174.google.com) (209.85.214.174) by server-13.tower-27.messagelabs.com with AES128-GCM-SHA256 encrypted SMTP; 18 Feb 2016 17:40:44 -0000 Received: by mail-ob0-f174.google.com with SMTP id jq7so77547403obb.0 for ; Thu, 18 Feb 2016 09:40:44 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=1SHloGZswg6S6Oau8gjCW+yTCWgzN5nDb9S2WtjX9yo=; b=dUAjBq2vtK0DoDBCGOMSOdwEEZNYua8qtWJgmwFb9rPpKlUywC4+nGcPsBauRe2zCx SxR/uiWmUb/XHV0xbk/ucuU+gpZ3+gcXJM07uU9oMwHzA3NvgF1ZJJjvMzyhJbJy+Jwt Bd7iedjd4V5Dyrzi6n6amz0mHKRBZu0CV4TgGMtUWfx+KxG6S7gsnFkcf8stPej8I08f BJvz3qSgNTGFUXR0aOnFAirI2Iib0XI11wyb8MO8LdMlPQ3g/dlkntsG1/q8mGzm0xq9 B+j5Ve3HvBvpurPfBvweM8odxpqGRmuLmhdVjPIHUEVgzn1OXMI0/+Yj+JzhPEbWxUGq 6pkQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=1SHloGZswg6S6Oau8gjCW+yTCWgzN5nDb9S2WtjX9yo=; b=k+lO3q6aorYHLqGTqjhzkkmckvZ1m6/9C5w2aI4afJkXvNjpH9aWPVgyKzivSZBqe6 xGW82BPYIGZmL1vdTBD7Mrc74f+GRiQn9HREos4W2itUCPBVpafi77pJh29I5sZ58bff xKF6uHOpwvUdVbxGkir+4YjYHo9vevtfMlvSHGBcVKCqSRpuQs2zNS8fRPe0+1PT5V6f 3Mq5N1dILWwNccWHkiu9V7dnAjQJS8bOEh8f81Ru4MrZsB0W2pgDM3QXtRh82oSbbkEd ESVBA3KiF+vb8aOAY1mLbNngy7drTG+77izBYdunsbtcagleOdlu54BiCeb+lPOFicl3 1LLg== X-Gm-Message-State: AG10YORzrGJl6EYDsLk4k8iaxzuskn0yyC1Uvq56V+4eM7dIE5rap3MUlBjvtpa2gNAowpZXZVRfpeku1FLdFg== MIME-Version: 1.0 X-Received: by 10.202.63.86 with SMTP id m83mr7340786oia.76.1455817242580; Thu, 18 Feb 2016 09:40:42 -0800 (PST) Received: by 10.202.205.140 with HTTP; Thu, 18 Feb 2016 09:40:42 -0800 (PST) In-Reply-To: <1455816393.6225.59.camel@citrix.com> References: <564CC43B.1000904@ainfosec.com> <1447924858.5647.15.camel@citrix.com> <564DAA8D.5060305@citrix.com> <1447932195.5647.46.camel@citrix.com> <564DB393.3070805@citrix.com> <1447933727.5647.51.camel@citrix.com> <1447934120.5647.54.camel@citrix.com> <1447935411.5647.55.camel@citrix.com> <22213.64828.978431.135803@mariner.uk.xensource.com> <1455816393.6225.59.camel@citrix.com> Date: Thu, 18 Feb 2016 17:40:42 +0000 X-Google-Sender-Auth: EVyEcdqHxo7pjMGuDWecpK6waUE Message-ID: From: George Dunlap To: Ian Campbell Cc: Andrew Cooper , Ian Jackson , "xen-devel@lists.xen.org" , Martin Osterloh , Shriram Rajagopalan , Yang Hongyang Subject: Re: [Xen-devel] Current LibXL Status X-BeenThere: xen-devel@lists.xen.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: xen-devel-bounces@lists.xen.org Errors-To: xen-devel-bounces@lists.xen.org On Thu, Feb 18, 2016 at 5:26 PM, Ian Campbell wrote: > On Thu, 2016-02-18 at 17:19 +0000, Ian Jackson wrote: >> George Dunlap writes ("Re: [Xen-devel] Current LibXL Status"): >> > So what was the conclusion here? It looks like we've confirmed that >> > exit() is only called: >> > >> > 1. In the case of a malloc() failure >> > 2. in libxl-save-helper (a separate process forked by the library) >> > 3. In libxl__event_disaster(), if no callback is provided >> 4. In other processes forked by the library >> >> But, yes,l basically. >> >> > Which just leaves #1 as something to be discussed? >> >> Is this crashing on malloc failure a problem ? > > It is for non-C language bindings which might be using garbage collection, > since they might be OOM from a malloc perspective but actually have loads > of spare memory waiting to be collected (which they might plausibly be > doing quite lazily). > > I just reminded people of my proposal to provide a callback to allow the > app/bindings to run their gc here in my reply to George before I saw your > reply. > >> From the point of view of libxl's innards, making malloc failures >> fatal means that nothing that allocates memory needs to care about >> malloc failures. That massively reduces the number of error paths to >> be considered and eliminates an entire class of (largely theoretical) >> bugs. >> >> And often there is no good recovery possible (and logging the error is >> hard too). >> >> I'm not sure whether I'd want to change this policy even if someone >> wanted to commit to auditing libxl and submitting the necessary >> patches to cope with every malloc failure. Having to cope with malloc >> failure would be a continual burden on every proposed change or new >> feature. > > I agree that we don't want to change this policy, but I think an OOM hook > is sufficient to solve the actual problem. And in the situation like ocaml seems to be at the moment, it also gives the process an opportunity to attempt to shut down as gracefully as it can even if it knows it can't free up any more memory to libxl. (And who knows, some future version of ocaml may even allow you to ask to shrink the heap.) -George _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel