On Wed, Apr 27, 2016 at 12:41 AM, David Miller <da...@davemloft.net> wrote: > From: Saeed Mahameed <sae...@dev.mellanox.co.il> > Date: Tue, 26 Apr 2016 23:55:03 +0300 > >> It will be a nightmare to rollback in such case. What if the rollback >> failed ? > > It is absolutely essential to handle this properly. > > Which means you must have a prepare/commit model, wherein the prepare > phase makes sure to pre-allocate all necessary resources, and only if > all the prepare phase preparations succeed will the commit phase run. > > The commit phase cannot error, because all of the resources have been > allocated successfully already. > > This way there are no issues of "rolling back" because you never > actually move the state forward until you can guarantee that you can > do everything.
Right, for pure software/kernel resources this is the right way to go, Actually we already have a patch that is similar of what you described, we are aiming to push it towards 4.8. but my concerns is when features A and B requires firmware commands A then B and firmware command B fails, there is no gurantee that roll back for firmware command A will work. this is why in case of B fails we keep the state (new A and prev B) rather than try to go back to (prev A and prev B).
