[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Gentoo guys starting a fork of udev

On Thu, Nov 15, 2012 at 12:57:50AM +0100, John Paul Adrian Glaubitz wrote:
> On Nov 14, 2012, at 6:43 PM, lego12239@yandex.ru wrote:
> 
> >> Modern computer systems are much more versatile and complex than they were at the time when System V Init was conceived.
> > 
> >  Some things must be as simple as possible even today.
> 
> Care to elaborate why? To save memory on an 8 GB workstation? Even the 25 US$ Raspberry Pi has enough power for systemd.

It's very simple.  What happens if the init process terminates?

The answer is that you get an instant kernel panic.  PID 1 must
never die.

Test it yourself: boot with 'init=/bin/bash' and then type 'exit'
to terminate the shell.

So if the init process receives a signal like a SIGSEGV due to
tripping over a bad pointer, your system will die immediately.
Therefore, keeping PID 1 as simple as reasonably possible is of
critical importance.  [OK, you can try to mitigate by re-execing
yourself in a signal handler, but even that adds extra complexity
and is itself not without danger.  I hope you take the point.]

So systems which put additional logic in PID 1 are going to increase
the probability of bugs being present, and those bugs could kill
your system.  There is no need for systemd, upstart, or any init
system to have anything more than the bare minimum in PID 1; you
can just fork and exec the more complicated part and keep this
separated.

So it's nothing to do about how powerful the system is.  Or even
if we're running unit files, upstart jobs or shell scripts.  It's
to do with the fundamental reliability of PID 1, because this is
a critical point of failure; if it dies, there's no recovery, the
system is dead.  If you had to run a system which was safety
critical, you wouldn't run systemd on it, and you wouldn't run
upstart.  Even if they were tested extensively, it's just too great
a risk.  If you were really serious, you'd probably not run
sysvinit either; it's better in this respect than the other two, but
there are still tinier, more easily verifiable init systems out there
where it's just a screenful of code, and it's provably correct.


Regards,
Roger

-- 
  .''`.  Roger Leigh
 : :' :  Debian GNU/Linux    http://people.debian.org/~rleigh/
 `. `'   schroot and sbuild  http://alioth.debian.org/projects/buildd-tools
   `-    GPG Public Key      F33D 281D 470A B443 6756 147C 07B3 C8BC 4083 E800
Reply to: