Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1751327AbbD2UQ3 (ORCPT <rfc822;w@1wt.eu>);
	Wed, 29 Apr 2015 16:16:29 -0400
Received: from mail.lang.hm ([64.81.33.126]:38912 "EHLO bifrost.lang.hm"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1751286AbbD2UQ1 (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
	Wed, 29 Apr 2015 16:16:27 -0400
Date: Wed, 29 Apr 2015 13:15:41 -0700 (PDT)
From: David Lang <david@lang.hm>
X-X-Sender: dlang@asgard.lang.hm
To: Andy Lutomirski <luto@amacapital.net>
cc: Austin S Hemmelgarn <ahferroin7@gmail.com>,
        Harald Hoyer <harald@redhat.com>, Arnd Bergmann <arnd@arndb.de>,
        Havoc Pennington <hp@pobox.com>,
        "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
        Jiri Kosina <jkosina@suse.cz>,
        Andrew Morton <akpm@linux-foundation.org>,
        Daniel Mack <daniel@zonque.org>,
        One Thousand Gnomes <gnomes@lxorguk.ukuu.org.uk>,
        Linus Torvalds <torvalds@linux-foundation.org>,
        Lukasz Skalski <l.skalski@samsung.com>,
        "Theodore Ts'o" <tytso@mit.edu>, Tom Gundersen <teg@jklm.no>,
        Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        David Herrmann <dh.herrmann@gmail.com>,
        "Eric W. Biederman" <ebiederm@xmission.com>,
        John Stoffel <john@stoffel.org>, Djalal Harouni <tixxdz@opendz.org>
Subject: Re: [GIT PULL] kdbus for 4.1-rc1
In-Reply-To: <CALCETrVz8-24U5iBdX4P3hrGLXvpiX72o=pw6uW2yGzMmGy+ow@mail.gmail.com>
Message-ID: <alpine.DEB.2.02.1504291243300.25285@nftneq.ynat.uz>
References: <20150423163616.GA10874@kroah.com> <CALCETrWoCsXDWYPedwMDk1s=Bxtc2s+oMCLCok8jg8-RbEL4KQ@mail.gmail.com> <20150423171640.GA11227@kroah.com> <553A4A2F.5090406@samsung.com> <CA+55aFzotCVgjW4Yj+HMfgw77vZwtfn0WXA6=OdZfU5fyB4u7w@mail.gmail.com>
 <CALCETrW+erTbMBHnN5zv_noP38Gznm4E0U7qk+uxOvM+a=NvCg@mail.gmail.com> <CA+55aFxRa3mwL-17hUuUGpjCeGJXseGteuZdj8eiP5MMkGWO7A@mail.gmail.com> <CA+55aFxdguuO7CLKYYq_qM6S6FT2CicZ1E5D5xGE54OdJNQwew@mail.gmail.com> <CAEntwhEO3CZ4ub4dRWxWz6dPynsfXh=1kAsBWO2wjLKArH1Dyw@mail.gmail.com>
 <CAEntwhHEx+XCdOPdH7EdvzBRoNKkUFKTaH==iMo4-bi=F-CVkA@mail.gmail.com> <20150428171840.GB11351@thunk.org> <CAEntwhE-Pv3fRVgZV2EDro45W8XfUZ8fCbA0jaUEUh=OJYwPBw@mail.gmail.com> <21824.5086.446831.189915@quad.stoffel.home> <5540D2F9.2010704@redhat.com>
 <CALCETrV3r3XOyoCnFOq-_hSv1nwNyOUzA-wAep3_nxzFQ0mZ2A@mail.gmail.com> <55413158.5060808@gmail.com> <CALCETrVz8-24U5iBdX4P3hrGLXvpiX72o=pw6uW2yGzMmGy+ow@mail.gmail.com>
User-Agent: Alpine 2.02 (DEB 1266 2009-07-14)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 2855
Lines: 60

On Wed, 29 Apr 2015, Andy Lutomirski wrote:

> On Wed, Apr 29, 2015 at 12:30 PM, Austin S Hemmelgarn
> <ahferroin7@gmail.com> wrote:
>> On 2015-04-29 14:54, Andy Lutomirski wrote:
>>>
>>> On Apr 29, 2015 5:48 AM, "Harald Hoyer" <harald@redhat.com> wrote:
>>>>
>>>>
>>>>   * Being in the kernel closes a lot of races which can't be fixed with
>>>>     the current userspace solutions.  For example, with kdbus, there is a
>>>>     way a client can disconnect from a bus, but do so only if no further
>>>>     messages present in its queue, which is crucial for implementing
>>>>     race-free "exit-on-idle" services
>>>
>>>
>>> This can be implemented in userspace.
>>>
>>> Client to dbus daemon: may I exit now?
>>> Dbus daemon to client: yes (and no more messages) or no
>>>
>> Depending on how this is implemented, there would be a potential issue if a
>> message arrived for the client after the daemon told it it could exit, but
>> before it finished shutdown, in which case the message might get lost.
>>
>
> Then implement it the right way?  The client sends some kind of
> sequence number with its request.

so any app in the system can prevent any other app from exiting/restarting by 
just sending it the equivalent of a ping over dbus?

preventing an app from exiting because there are unhandled messages doesn't mean 
that those messages are going to be handled, just that they will get read and 
dropped on the floor by an app trying to exit. Sometimes you will just end up 
with a hung app that can't process messages and needs to be restarted, but can't 
be restarted because there are pending messages.

The problem with "guaranteed delivery" messages is that things _will_ go wrong 
that will cause the messages to not be received and processed. At that point you 
have the choice of loosing some messages or freezing your entire system (you can 
buffer them for some time, but eventually you will run out of buffer space)

We see this all the time in the logging world, people configure their systems 
for reliable delivery of log messages to a remote machine, then when that remote 
machine goes down and can't receive messages (or a network issue blocks the 
traffic), the sending machine blocks and causes an outage.

Being too strict about guaranteeing delivery just doesn't work. You must have a 
mechanism to abort and throw away unprocessed messages. If this means 
disconnecting the receiver so that there are no missing messages to the 
receiver, that's a valid choice. But preventing a receiver from exiting because 
it hasn't processed a message is not a valid choice.

David Lang
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/