On Sat, Jan 9, 2016 at 2:32 PM, Andy Lutomirski <luto(a)amacapital.net> wrote:
Step 1: determine that the HW context is, in principle, recoverable.
Step 2: ask the handler to try to recover.
Step 3: if the handler doesn't recover, panic
I'm not saying that restructuring the code like this should be a
prerequisite for merging this, but I'm wondering whether it would make
sense at some point in the future.
For the local machine check case this all looks simple. For the broadcast
case it's pretty incompatible with the current code structure. For a machine
check triggered someplace in the kernel w/o a new style fixup handler we'd
start by saying ... "sure, that's plausible to recover from". Then after we
all the other CPUs return from the machine check handler we'd take it
back and say "just kidding, we're going down". It might work, but it would
be a messier panic than we have now.
Definitely food for thought for some future cleanups.