Cliff Neighbors <cliff%netbsd.org@localhost> writes: > Basically the hypothetical system is still alive, just bogged > under interrupt load, and will resume normal functioning when > the load relents. > > Ability to recover makes a significantly different case from a > system in some pathological halt, infinite fault, deadlock or spin. > > Also, if the watchdog tickle were called from softnet, then the > stack could be still functioning, vs. from callout (softclock) > the watchdog would time out. So you mean a system where for tens of seconds there is no callout processing, but there is still softnet processing. I guess I can see that, but in my experience it seems more likely that such a system is irretrievably hosed than that it will recover. > The mode of the watchdog should be a matter of policy depending on the > application. As others are saying, the (proposed) ITICKLE policy > is not appropriate for some (most) systems. But the mechanism could be > flexible to allow it where needed. Sure, that seems ok. I didn't have the impression anyone objected to adding the capability, just doubting that it made sense to use.
Attachment:
pgpRcHMOf1mWm.pgp
Description: PGP signature