From: Ingo Molnar <mingo@kernel.org>
To: Russell King - ARM Linux <linux@arm.linux.org.uk>
Cc: Catalin Marinas <Catalin.Marinas@arm.com>,
Linux-sh list <linux-sh@vger.kernel.org>,
Chen Gang <gang.chen@asianux.com>,
Heiko Carstens <heiko.carstens@de.ibm.com>,
"paulus@samba.org" <paulus@samba.org>,
"H. Peter Anvin" <hpa@zytor.com>,
Michel Lespinasse <walken@google.com>,
Hans-Christian Egtvedt <egtvedt@samfundet.no>,
Linux-Arch <linux-arch@vger.kernel.org>,
linux-s390@vger.kernel.org,
uml-devel <user-mode-linux-devel@lists.sourceforge.net>,
Yoshinori Sato <ysato@users.sourceforge.jp>,
Richard Weinberger <richard@nod.at>, Helge Deller <deller@gmx.de>,
the arch/x86 maintainers <x86@kernel.org>,
"James E.J. Bottomley" <jejb@parisc-linux.org>,
"mingo@redhat.com" <mingo@redhat.com>,
Geert Uytterhoeven <geert@linux-m68k.org>,
Frederic Weisbecker <fweisbec@gmail.com>,
Paul McKenney <paulmck@linux.vnet.ibm.com>,
H?vard Skinnemoen <hskinnemoen@gmail.com>Serge Hallyn <se>
Subject: Re: [PATCH] arch: configuration, deleting 'CONFIG_BUG' since always need it.
Date: Tue, 28 May 2013 10:19:10 +0200 [thread overview]
Message-ID: <20130528081910.GA29557@gmail.com> (raw)
In-Reply-To: <20130523100409.GK18614@n2100.arm.linux.org.uk>
* Russell King - ARM Linux <linux@arm.linux.org.uk> wrote:
> So, if you want to use this, then you should update the CONFIG_BUG text
> to include a warning to this effect:
>
> Warning: if CONFIG_BUG is turned off, and control flow reaches
> a BUG(), the system behaviour will be undefined.
>
> so that people can make an informed choice about this, because at the
> moment:
>
> Disabling this option eliminates support for BUG and WARN, reducing
> the size of your kernel image and potentially quietly ignoring
> numerous fatal conditions. You should only consider disabling this
> option for embedded systems with no facilities for reporting errors.
> Just say Y.
>
> will become completely misleading. Turning this option off will _not_
> result in "quietly ignoring numerous fatal conditions".
I'm fine with adding your text as a clarification - but I think 'quietly
ignoring fatal conditions' very much implies an undefined outcome if that
unexpected condition does occur: the code might crash, it might corrupt
memory or it might do some other unexpected thing.
There are many other places that do a BUG_ON() of a NULL pointer or so, or
of a zero refcount, or a not held lock - and turning the BUG_ON() off
makes the code unpredictable _anyway_ - even if the compiler does not
notice an uninitialized variable.
So pretty much any weakening of BUG_ON() _will_ make the kernel more
unpredictable.
> And I come back to one of my previous arguments - is it not better to
> panic() if we hit one of these conditions so that the system can try to
> do a panic-reboot rather than continue blindly into the unknown?
It will often continue blindly into the unknown even if the compiler is
happy ...
The only difference is that it's "unpredictable" in a way not visible from
the C code: the code won't necessarily fall through the BUG() when hitting
that condition - although in practice it probably will.
So I think the same principle applies to it as to any other debugging
code: it's fine to be able to turn debugging off. It's a performance
versus kernel robustness/determinism trade-off.
Thanks,
Ingo
WARNING: multiple messages have this Message-ID (diff)
From: Ingo Molnar <mingo@kernel.org>
To: Russell King - ARM Linux <linux@arm.linux.org.uk>
Cc: Catalin Marinas <Catalin.Marinas@arm.com>,
Linux-sh list <linux-sh@vger.kernel.org>,
Chen Gang <gang.chen@asianux.com>,
Heiko Carstens <heiko.carstens@de.ibm.com>,
"paulus@samba.org" <paulus@samba.org>,
"H. Peter Anvin" <hpa@zytor.com>,
Michel Lespinasse <walken@google.com>,
Hans-Christian Egtvedt <egtvedt@samfundet.no>,
Linux-Arch <linux-arch@vger.kernel.org>,
linux-s390@vger.kernel.org,
uml-devel <user-mode-linux-devel@lists.sourceforge.net>,
Yoshinori Sato <ysato@users.sourceforge.jp>,
Richard Weinberger <richard@nod.at>, Helge Deller <deller@gmx.de>,
the arch/x86 maintainers <x86@kernel.org>,
"James E.J. Bottomley" <jejb@parisc-linux.org>,
"mingo@redhat.com" <mingo@redhat.com>,
Geert Uytterhoeven <geert@linux-m68k.org>,
Frederic Weisbecker <fweisbec@gmail.com>,
Paul McKenney <paulmck@linux.vnet.ibm.com>,
H?vard Skinnemoen <hskinnemoen@gmail.com>, Serge Hallyn <se>
Subject: Re: [PATCH] arch: configuration, deleting 'CONFIG_BUG' since always need it.
Date: Tue, 28 May 2013 10:19:10 +0200 [thread overview]
Message-ID: <20130528081910.GA29557@gmail.com> (raw)
In-Reply-To: <20130523100409.GK18614@n2100.arm.linux.org.uk>
* Russell King - ARM Linux <linux@arm.linux.org.uk> wrote:
> So, if you want to use this, then you should update the CONFIG_BUG text
> to include a warning to this effect:
>
> Warning: if CONFIG_BUG is turned off, and control flow reaches
> a BUG(), the system behaviour will be undefined.
>
> so that people can make an informed choice about this, because at the
> moment:
>
> Disabling this option eliminates support for BUG and WARN, reducing
> the size of your kernel image and potentially quietly ignoring
> numerous fatal conditions. You should only consider disabling this
> option for embedded systems with no facilities for reporting errors.
> Just say Y.
>
> will become completely misleading. Turning this option off will _not_
> result in "quietly ignoring numerous fatal conditions".
I'm fine with adding your text as a clarification - but I think 'quietly
ignoring fatal conditions' very much implies an undefined outcome if that
unexpected condition does occur: the code might crash, it might corrupt
memory or it might do some other unexpected thing.
There are many other places that do a BUG_ON() of a NULL pointer or so, or
of a zero refcount, or a not held lock - and turning the BUG_ON() off
makes the code unpredictable _anyway_ - even if the compiler does not
notice an uninitialized variable.
So pretty much any weakening of BUG_ON() _will_ make the kernel more
unpredictable.
> And I come back to one of my previous arguments - is it not better to
> panic() if we hit one of these conditions so that the system can try to
> do a panic-reboot rather than continue blindly into the unknown?
It will often continue blindly into the unknown even if the compiler is
happy ...
The only difference is that it's "unpredictable" in a way not visible from
the C code: the code won't necessarily fall through the BUG() when hitting
that condition - although in practice it probably will.
So I think the same principle applies to it as to any other debugging
code: it's fine to be able to turn debugging off. It's a performance
versus kernel robustness/determinism trade-off.
Thanks,
Ingo
WARNING: multiple messages have this Message-ID (diff)
From: Ingo Molnar <mingo@kernel.org>
To: Russell King - ARM Linux <linux@arm.linux.org.uk>
Cc: Catalin Marinas <Catalin.Marinas@arm.com>,
Linux-sh list <linux-sh@vger.kernel.org>,
Chen Gang <gang.chen@asianux.com>,
Heiko Carstens <heiko.carstens@de.ibm.com>,
"paulus@samba.org" <paulus@samba.org>,
"H. Peter Anvin" <hpa@zytor.com>,
Michel Lespinasse <walken@google.com>,
Hans-Christian Egtvedt <egtvedt@samfundet.no>,
Linux-Arch <linux-arch@vger.kernel.org>,
linux-s390@vger.kernel.org,
uml-devel <user-mode-linux-devel@lists.sourceforge.net>,
Yoshinori Sato <ysato@users.sourceforge.jp>,
Richard Weinberger <richard@nod.at>, Helge Deller <deller@gmx.de>,
the arch/x86 maintainers <x86@kernel.org>,
"James E.J. Bottomley" <jejb@parisc-linux.org>,
"mingo@redhat.com" <mingo@redhat.com>,
Geert Uytterhoeven <geert@linux-m68k.org>,
Frederic Weisbecker <fweisbec@gmail.com>,
Paul McKenney <paulmck@linux.vnet.ibm.com>,
H?vard Skinnemoen <hskinnemoen@gmail.com>,
Serge Hallyn <se
Subject: Re: [PATCH] arch: configuration, deleting 'CONFIG_BUG' since always need it.
Date: Tue, 28 May 2013 10:19:10 +0200 [thread overview]
Message-ID: <20130528081910.GA29557@gmail.com> (raw)
In-Reply-To: <20130523100409.GK18614@n2100.arm.linux.org.uk>
* Russell King - ARM Linux <linux@arm.linux.org.uk> wrote:
> So, if you want to use this, then you should update the CONFIG_BUG text
> to include a warning to this effect:
>
> Warning: if CONFIG_BUG is turned off, and control flow reaches
> a BUG(), the system behaviour will be undefined.
>
> so that people can make an informed choice about this, because at the
> moment:
>
> Disabling this option eliminates support for BUG and WARN, reducing
> the size of your kernel image and potentially quietly ignoring
> numerous fatal conditions. You should only consider disabling this
> option for embedded systems with no facilities for reporting errors.
> Just say Y.
>
> will become completely misleading. Turning this option off will _not_
> result in "quietly ignoring numerous fatal conditions".
I'm fine with adding your text as a clarification - but I think 'quietly
ignoring fatal conditions' very much implies an undefined outcome if that
unexpected condition does occur: the code might crash, it might corrupt
memory or it might do some other unexpected thing.
There are many other places that do a BUG_ON() of a NULL pointer or so, or
of a zero refcount, or a not held lock - and turning the BUG_ON() off
makes the code unpredictable _anyway_ - even if the compiler does not
notice an uninitialized variable.
So pretty much any weakening of BUG_ON() _will_ make the kernel more
unpredictable.
> And I come back to one of my previous arguments - is it not better to
> panic() if we hit one of these conditions so that the system can try to
> do a panic-reboot rather than continue blindly into the unknown?
It will often continue blindly into the unknown even if the compiler is
happy ...
The only difference is that it's "unpredictable" in a way not visible from
the C code: the code won't necessarily fall through the BUG() when hitting
that condition - although in practice it probably will.
So I think the same principle applies to it as to any other debugging
code: it's fine to be able to turn debugging off. It's a performance
versus kernel robustness/determinism trade-off.
Thanks,
Ingo
WARNING: multiple messages have this Message-ID (diff)
From: Ingo Molnar <mingo@kernel.org>
To: Russell King - ARM Linux <linux@arm.linux.org.uk>
Cc: Catalin Marinas <Catalin.Marinas@arm.com>,
Linux-sh list <linux-sh@vger.kernel.org>,
Chen Gang <gang.chen@asianux.com>,
Heiko Carstens <heiko.carstens@de.ibm.com>,
"paulus@samba.org" <paulus@samba.org>,
"H. Peter Anvin" <hpa@zytor.com>,
Michel Lespinasse <walken@google.com>,
Hans-Christian Egtvedt <egtvedt@samfundet.no>,
Linux-Arch <linux-arch@vger.kernel.org>,
linux-s390@vger.kernel.org,
uml-devel <user-mode-linux-devel@lists.sourceforge.net>,
Yoshinori Sato <ysato@users.sourceforge.jp>,
Richard Weinberger <richard@nod.at>, Helge Deller <deller@gmx.de>,
the arch/x86 maintainers <x86@kernel.org>,
"James E.J. Bottomley" <jejb@parisc-linux.org>,
"mingo@redhat.com" <mingo@redhat.com>,
Geert Uytterhoeven <geert@linux-m68k.org>,
Frederic Weisbecker <fweisbec@gmail.com>,
Paul McKenney <paulmck@linux.vnet.ibm.com>,
H?vard Skinnemoen <hskinnemoen@gmail.com>
Subject: Re: [PATCH] arch: configuration, deleting 'CONFIG_BUG' since always need it.
Date: Tue, 28 May 2013 10:19:10 +0200 [thread overview]
Message-ID: <20130528081910.GA29557@gmail.com> (raw)
In-Reply-To: <20130523100409.GK18614@n2100.arm.linux.org.uk>
* Russell King - ARM Linux <linux@arm.linux.org.uk> wrote:
> So, if you want to use this, then you should update the CONFIG_BUG text
> to include a warning to this effect:
>
> Warning: if CONFIG_BUG is turned off, and control flow reaches
> a BUG(), the system behaviour will be undefined.
>
> so that people can make an informed choice about this, because at the
> moment:
>
> Disabling this option eliminates support for BUG and WARN, reducing
> the size of your kernel image and potentially quietly ignoring
> numerous fatal conditions. You should only consider disabling this
> option for embedded systems with no facilities for reporting errors.
> Just say Y.
>
> will become completely misleading. Turning this option off will _not_
> result in "quietly ignoring numerous fatal conditions".
I'm fine with adding your text as a clarification - but I think 'quietly
ignoring fatal conditions' very much implies an undefined outcome if that
unexpected condition does occur: the code might crash, it might corrupt
memory or it might do some other unexpected thing.
There are many other places that do a BUG_ON() of a NULL pointer or so, or
of a zero refcount, or a not held lock - and turning the BUG_ON() off
makes the code unpredictable _anyway_ - even if the compiler does not
notice an uninitialized variable.
So pretty much any weakening of BUG_ON() _will_ make the kernel more
unpredictable.
> And I come back to one of my previous arguments - is it not better to
> panic() if we hit one of these conditions so that the system can try to
> do a panic-reboot rather than continue blindly into the unknown?
It will often continue blindly into the unknown even if the compiler is
happy ...
The only difference is that it's "unpredictable" in a way not visible from
the C code: the code won't necessarily fall through the BUG() when hitting
that condition - although in practice it probably will.
So I think the same principle applies to it as to any other debugging
code: it's fine to be able to turn debugging off. It's a performance
versus kernel robustness/determinism trade-off.
Thanks,
Ingo
WARNING: multiple messages have this Message-ID (diff)
From: Ingo Molnar <mingo@kernel.org>
To: Russell King - ARM Linux <linux@arm.linux.org.uk>
Cc: Arnd Bergmann <arnd@arndb.de>,
Geert Uytterhoeven <geert@linux-m68k.org>,
Chen Gang <gang.chen@asianux.com>,
H?vard Skinnemoen <hskinnemoen@gmail.com>,
Hans-Christian Egtvedt <egtvedt@samfundet.no>,
Mike Frysinger <vapier@gentoo.org>,
Yoshinori Sato <ysato@users.sourceforge.jp>,
Richard Kuo <rkuo@codeaurora.org>,
"James E.J. Bottomley" <jejb@parisc-linux.org>,
Helge Deller <deller@gmx.de>,
Benjamin Herrenschmidt <benh@kernel.crashing.org>,
"paulus@samba.org" <paulus@samba.org>,
Martin Schwidefsky <schwidefsky@de.ibm.com>,
Heiko Carstens <heiko.carstens@de.ibm.com>,
linux390@de.ibm.com, Paul Mundt <lethal@linux-sh.org>,
Jeff Dike <jdike@addtoit.com>,
Richard Weinberger <richard@nod.at>,
Thomas Gleixner <tglx@linutronix.de>,
"mingo@redhat.com" <mingo@redhat.com>,
"H. Peter Anvin" <hpa@zytor.com>,
the arch/x86 maintainers <x86@kernel.org>,
"Eric W. Biederman" <ebiederm@xmission.com>,
Serge Hallyn <serge.hallyn@canonical.com>,
Paul McKenney <paulmck@linux.vnet.ibm.com>,
Frederic Weisbecker <fweisbec@gmail.com>,
David Miller <davem@davemloft.net>,
Andrew Morton <akpm@linux-foundation.org>,
Akinobu Mita <akinobu.mita@gmail.com>,
Catalin Marinas <Catalin.Marinas@arm.com>,
Michel Lespinasse <walken@google.com>,
Will Deacon <will.deacon@arm.com>,
"linux-arm-kernel@lists.infradead.org"
<linux-arm-kernel@lists.infradead.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"uclinux-dist-devel@blackfin.uclinux.org"
<uclinux-dist-devel@blackfin.uclinux.org>,
linux-hexagon@vger.kernel.org,
Parisc List <linux-parisc@vger.kernel.org>,
"linuxppc-dev@lists.ozlabs.org" <linuxppc-dev@lists.ozlabs.org>,
linux-s390@vger.kernel.org,
Linux-sh list <linux-sh@vger.kernel.org>,
uml-devel <user-mode-linux-devel@lists.sourceforge.net>,
uml-user <user-mode-linux-user@lists.sourceforge.net>,
Linux-Arch <linux-arch@vger.kernel.org>,
Linus Torvalds <torvalds@linux-foundation.org>
Subject: Re: [PATCH] arch: configuration, deleting 'CONFIG_BUG' since always need it.
Date: Tue, 28 May 2013 10:19:10 +0200 [thread overview]
Message-ID: <20130528081910.GA29557@gmail.com> (raw)
In-Reply-To: <20130523100409.GK18614@n2100.arm.linux.org.uk>
* Russell King - ARM Linux <linux@arm.linux.org.uk> wrote:
> So, if you want to use this, then you should update the CONFIG_BUG text
> to include a warning to this effect:
>
> Warning: if CONFIG_BUG is turned off, and control flow reaches
> a BUG(), the system behaviour will be undefined.
>
> so that people can make an informed choice about this, because at the
> moment:
>
> Disabling this option eliminates support for BUG and WARN, reducing
> the size of your kernel image and potentially quietly ignoring
> numerous fatal conditions. You should only consider disabling this
> option for embedded systems with no facilities for reporting errors.
> Just say Y.
>
> will become completely misleading. Turning this option off will _not_
> result in "quietly ignoring numerous fatal conditions".
I'm fine with adding your text as a clarification - but I think 'quietly
ignoring fatal conditions' very much implies an undefined outcome if that
unexpected condition does occur: the code might crash, it might corrupt
memory or it might do some other unexpected thing.
There are many other places that do a BUG_ON() of a NULL pointer or so, or
of a zero refcount, or a not held lock - and turning the BUG_ON() off
makes the code unpredictable _anyway_ - even if the compiler does not
notice an uninitialized variable.
So pretty much any weakening of BUG_ON() _will_ make the kernel more
unpredictable.
> And I come back to one of my previous arguments - is it not better to
> panic() if we hit one of these conditions so that the system can try to
> do a panic-reboot rather than continue blindly into the unknown?
It will often continue blindly into the unknown even if the compiler is
happy ...
The only difference is that it's "unpredictable" in a way not visible from
the C code: the code won't necessarily fall through the BUG() when hitting
that condition - although in practice it probably will.
So I think the same principle applies to it as to any other debugging
code: it's fine to be able to turn debugging off. It's a performance
versus kernel robustness/determinism trade-off.
Thanks,
Ingo
WARNING: multiple messages have this Message-ID (diff)
From: Ingo Molnar <mingo@kernel.org>
To: Russell King - ARM Linux <linux@arm.linux.org.uk>
Cc: Catalin Marinas <Catalin.Marinas@arm.com>,
Linux-sh list <linux-sh@vger.kernel.org>,
Chen Gang <gang.chen@asianux.com>,
Heiko Carstens <heiko.carstens@de.ibm.com>,
"paulus@samba.org" <paulus@samba.org>,
"H. Peter Anvin" <hpa@zytor.com>,
Michel Lespinasse <walken@google.com>,
Hans-Christian Egtvedt <egtvedt@samfundet.no>,
Linux-Arch <linux-arch@vger.kernel.org>,
linux-s390@vger.kernel.org,
uml-devel <user-mode-linux-devel@lists.sourceforge.net>,
Yoshinori Sato <ysato@users.sourceforge.jp>,
Richard Weinberger <richard@nod.at>, Helge Deller <deller@gmx.de>,
the arch/x86 maintainers <x86@kernel.org>,
"James E.J. Bottomley" <jejb@parisc-linux.org>,
"mingo@redhat.com" <mingo@redhat.com>,
Geert Uytterhoeven <geert@linux-m68k.org>,
Frederic Weisbecker <fweisbec@gmail.com>,
Paul McKenney <paulmck@linux.vnet.ibm.com>,
H?vard Skinnemoen <hskinnemoen@gmail.com>,
Serge Hallyn <serge.hallyn@canonical.com>,
Mike Frysinger <vapier@gentoo.org>, Arnd Bergmann <arnd@arndb.de>,
Will Deacon <will.deacon@arm.com>, Jeff Dike <jdike@addtoit.com>,
Akinobu Mita <akinobu.mita@gmail.com>,
uml-user <user-mode-linux-user@lists.sourceforge.net>,
"uclinux-dist-devel@blackfin.uclinux.org"
<uclinux-dist-devel@blackfin.uclinux.org>,
Thomas Gleixner <tglx@linutronix.de>,
"linux-arm-kernel@lists.infradead.org"
<linux-arm-kernel@lists.infradead.org>,
Parisc List <linux-parisc@vger.kernel.org>,
Linus Torvalds <torvalds@linux-foundation.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
Richard Kuo <rkuo@codeaurora.org>,
Paul Mundt <lethal@linux-sh.org>,
"Eric W. Biederman" <ebiederm@xmission.com>,
linux-hexagon@vger.kernel.org,
Martin Schwidefsky <schwidefsky@de.ibm.com>,
linux390@de.ibm.com, Andrew Morton <akpm@linux-foundation.org>,
"linuxppc-dev@lists.ozlabs.org" <linuxppc-dev@lists.ozlabs.org>,
David Miller <davem@davemloft.net>
Subject: Re: [PATCH] arch: configuration, deleting 'CONFIG_BUG' since always need it.
Date: Tue, 28 May 2013 10:19:10 +0200 [thread overview]
Message-ID: <20130528081910.GA29557@gmail.com> (raw)
In-Reply-To: <20130523100409.GK18614@n2100.arm.linux.org.uk>
* Russell King - ARM Linux <linux@arm.linux.org.uk> wrote:
> So, if you want to use this, then you should update the CONFIG_BUG text
> to include a warning to this effect:
>
> Warning: if CONFIG_BUG is turned off, and control flow reaches
> a BUG(), the system behaviour will be undefined.
>
> so that people can make an informed choice about this, because at the
> moment:
>
> Disabling this option eliminates support for BUG and WARN, reducing
> the size of your kernel image and potentially quietly ignoring
> numerous fatal conditions. You should only consider disabling this
> option for embedded systems with no facilities for reporting errors.
> Just say Y.
>
> will become completely misleading. Turning this option off will _not_
> result in "quietly ignoring numerous fatal conditions".
I'm fine with adding your text as a clarification - but I think 'quietly
ignoring fatal conditions' very much implies an undefined outcome if that
unexpected condition does occur: the code might crash, it might corrupt
memory or it might do some other unexpected thing.
There are many other places that do a BUG_ON() of a NULL pointer or so, or
of a zero refcount, or a not held lock - and turning the BUG_ON() off
makes the code unpredictable _anyway_ - even if the compiler does not
notice an uninitialized variable.
So pretty much any weakening of BUG_ON() _will_ make the kernel more
unpredictable.
> And I come back to one of my previous arguments - is it not better to
> panic() if we hit one of these conditions so that the system can try to
> do a panic-reboot rather than continue blindly into the unknown?
It will often continue blindly into the unknown even if the compiler is
happy ...
The only difference is that it's "unpredictable" in a way not visible from
the C code: the code won't necessarily fall through the BUG() when hitting
that condition - although in practice it probably will.
So I think the same principle applies to it as to any other debugging
code: it's fine to be able to turn debugging off. It's a performance
versus kernel robustness/determinism trade-off.
Thanks,
Ingo
WARNING: multiple messages have this Message-ID (diff)
From: mingo@kernel.org (Ingo Molnar)
To: linux-arm-kernel@lists.infradead.org
Subject: [PATCH] arch: configuration, deleting 'CONFIG_BUG' since always need it.
Date: Tue, 28 May 2013 10:19:10 +0200 [thread overview]
Message-ID: <20130528081910.GA29557@gmail.com> (raw)
In-Reply-To: <20130523100409.GK18614@n2100.arm.linux.org.uk>
* Russell King - ARM Linux <linux@arm.linux.org.uk> wrote:
> So, if you want to use this, then you should update the CONFIG_BUG text
> to include a warning to this effect:
>
> Warning: if CONFIG_BUG is turned off, and control flow reaches
> a BUG(), the system behaviour will be undefined.
>
> so that people can make an informed choice about this, because at the
> moment:
>
> Disabling this option eliminates support for BUG and WARN, reducing
> the size of your kernel image and potentially quietly ignoring
> numerous fatal conditions. You should only consider disabling this
> option for embedded systems with no facilities for reporting errors.
> Just say Y.
>
> will become completely misleading. Turning this option off will _not_
> result in "quietly ignoring numerous fatal conditions".
I'm fine with adding your text as a clarification - but I think 'quietly
ignoring fatal conditions' very much implies an undefined outcome if that
unexpected condition does occur: the code might crash, it might corrupt
memory or it might do some other unexpected thing.
There are many other places that do a BUG_ON() of a NULL pointer or so, or
of a zero refcount, or a not held lock - and turning the BUG_ON() off
makes the code unpredictable _anyway_ - even if the compiler does not
notice an uninitialized variable.
So pretty much any weakening of BUG_ON() _will_ make the kernel more
unpredictable.
> And I come back to one of my previous arguments - is it not better to
> panic() if we hit one of these conditions so that the system can try to
> do a panic-reboot rather than continue blindly into the unknown?
It will often continue blindly into the unknown even if the compiler is
happy ...
The only difference is that it's "unpredictable" in a way not visible from
the C code: the code won't necessarily fall through the BUG() when hitting
that condition - although in practice it probably will.
So I think the same principle applies to it as to any other debugging
code: it's fine to be able to turn debugging off. It's a performance
versus kernel robustness/determinism trade-off.
Thanks,
Ingo
next prev parent reply other threads:[~2013-05-28 8:19 UTC|newest]
Thread overview: 127+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-05-23 7:57 [PATCH] arch: configuration, deleting 'CONFIG_BUG' since always need it Chen Gang
2013-05-23 7:57 ` Chen Gang
2013-05-23 7:57 ` Chen Gang
2013-05-23 7:57 ` Chen Gang
2013-05-23 7:57 ` Chen Gang
2013-05-23 7:57 ` Chen Gang
2013-05-23 8:40 ` Geert Uytterhoeven
2013-05-23 8:40 ` Geert Uytterhoeven
2013-05-23 8:40 ` Geert Uytterhoeven
2013-05-23 8:40 ` Geert Uytterhoeven
2013-05-23 8:54 ` Arnd Bergmann
2013-05-23 8:54 ` Arnd Bergmann
2013-05-23 8:54 ` Arnd Bergmann
2013-05-23 8:54 ` Arnd Bergmann
[not found] ` <CAMuHMdU7QuzgmWCH145p8PVebBzPo8DBAvbY+0AZa2cmGXmRHw-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2013-05-23 9:05 ` Russell King - ARM Linux
2013-05-23 9:05 ` Russell King - ARM Linux
2013-05-23 9:05 ` Russell King - ARM Linux
2013-05-23 9:05 ` Russell King - ARM Linux
2013-05-23 9:05 ` Russell King - ARM Linux
2013-05-23 9:12 ` Geert Uytterhoeven
2013-05-23 9:12 ` Geert Uytterhoeven
2013-05-23 9:12 ` Geert Uytterhoeven
2013-05-23 9:12 ` Geert Uytterhoeven
2013-05-23 9:39 ` Arnd Bergmann
2013-05-23 9:39 ` Arnd Bergmann
2013-05-23 9:39 ` Arnd Bergmann
2013-05-23 9:39 ` Arnd Bergmann
[not found] ` <201305231139.38233.arnd-r2nGTMty4D4@public.gmane.org>
2013-05-23 10:04 ` Russell King - ARM Linux
2013-05-23 10:04 ` Russell King - ARM Linux
2013-05-23 10:04 ` Russell King - ARM Linux
2013-05-23 10:04 ` Russell King - ARM Linux
2013-05-23 10:41 ` Chen Gang
2013-05-23 10:41 ` Chen Gang
2013-05-23 10:41 ` Chen Gang
2013-05-23 10:41 ` Chen Gang
2013-05-23 10:59 ` Arnd Bergmann
2013-05-23 10:59 ` Arnd Bergmann
2013-05-23 10:59 ` Arnd Bergmann
2013-05-23 10:59 ` Arnd Bergmann
[not found] ` <201305231259.43750.arnd-r2nGTMty4D4@public.gmane.org>
2013-05-23 11:19 ` Chen Gang
2013-05-23 11:19 ` Chen Gang
2013-05-23 11:19 ` Chen Gang
2013-05-23 11:19 ` Chen Gang
2013-05-23 11:19 ` Chen Gang
2013-05-23 11:24 ` Russell King - ARM Linux
2013-05-23 11:24 ` Russell King - ARM Linux
2013-05-23 11:24 ` Russell King - ARM Linux
2013-05-23 11:24 ` Russell King - ARM Linux
[not found] ` <20130523112401.GO18614-l+eeeJia6m9vn6HldHNs0ANdhmdF6hFW@public.gmane.org>
2013-05-23 12:09 ` Arnd Bergmann
2013-05-23 12:09 ` Arnd Bergmann
2013-05-23 12:09 ` Arnd Bergmann
2013-05-23 12:09 ` Arnd Bergmann
2013-05-23 12:50 ` Russell King - ARM Linux
2013-05-23 12:50 ` Russell King - ARM Linux
2013-05-23 12:50 ` Russell King - ARM Linux
2013-05-23 12:50 ` Russell King - ARM Linux
2013-05-23 14:10 ` Geert Uytterhoeven
2013-05-23 14:10 ` Geert Uytterhoeven
2013-05-23 14:10 ` Geert Uytterhoeven
2013-05-23 14:10 ` Geert Uytterhoeven
2013-05-24 2:13 ` Chen Gang
2013-05-24 2:13 ` Chen Gang
2013-05-24 2:13 ` Chen Gang
2013-05-24 2:13 ` Chen Gang
2013-05-24 4:17 ` Chen Gang
2013-05-24 4:17 ` Chen Gang
2013-05-24 4:17 ` Chen Gang
2013-05-24 4:17 ` Chen Gang
2013-05-26 4:43 ` [PATCH v2] arch: configuration issue, random return value when disable 'CONFIG_BUG' Chen Gang
2013-05-26 4:43 ` Chen Gang
2013-05-26 4:43 ` Chen Gang
2013-05-26 4:43 ` Chen Gang
2013-05-28 8:19 ` Ingo Molnar [this message]
2013-05-28 8:19 ` [PATCH] arch: configuration, deleting 'CONFIG_BUG' since always need it Ingo Molnar
2013-05-28 8:19 ` Ingo Molnar
2013-05-28 8:19 ` Ingo Molnar
2013-05-28 8:19 ` Ingo Molnar
2013-05-28 8:19 ` Ingo Molnar
2013-05-28 8:19 ` Ingo Molnar
2013-05-28 10:25 ` Chen Gang
2013-05-28 10:25 ` Chen Gang
2013-05-28 10:25 ` Chen Gang
2013-05-28 10:25 ` Chen Gang
2013-05-28 10:25 ` Chen Gang
2013-05-28 14:49 ` Arnd Bergmann
2013-05-28 14:49 ` Arnd Bergmann
2013-05-28 14:49 ` Arnd Bergmann
2013-05-28 14:49 ` Arnd Bergmann
2013-05-28 14:49 ` Arnd Bergmann
[not found] ` <20130528081910.GA29557-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2013-05-28 14:55 ` H. Peter Anvin
2013-05-28 14:55 ` H. Peter Anvin
2013-05-28 14:55 ` H. Peter Anvin
2013-05-28 14:55 ` H. Peter Anvin
2013-05-28 14:55 ` H. Peter Anvin
2013-05-28 15:43 ` Arnd Bergmann
2013-05-28 15:43 ` Arnd Bergmann
2013-05-28 15:43 ` Arnd Bergmann
2013-05-28 15:43 ` Arnd Bergmann
2013-05-28 15:43 ` Arnd Bergmann
[not found] ` <201305281743.52649.arnd-r2nGTMty4D4@public.gmane.org>
2013-05-28 16:06 ` H. Peter Anvin
2013-05-28 16:06 ` H. Peter Anvin
2013-05-28 16:06 ` H. Peter Anvin
2013-05-28 16:06 ` H. Peter Anvin
2013-05-28 16:06 ` H. Peter Anvin
[not found] ` <51A4D618.3080208-YMNOUZJC4hwAvxtiuMwx3w@public.gmane.org>
2013-05-28 17:20 ` Arnd Bergmann
2013-05-28 17:20 ` Arnd Bergmann
2013-05-28 17:20 ` Arnd Bergmann
2013-05-28 17:20 ` Arnd Bergmann
2013-05-28 17:20 ` Arnd Bergmann
2013-05-23 10:09 ` Eric W. Biederman
2013-05-23 10:09 ` Eric W. Biederman
2013-05-23 10:09 ` Eric W. Biederman
2013-05-23 10:09 ` Eric W. Biederman
[not found] ` <878v369fdd.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2013-05-23 10:29 ` Russell King - ARM Linux
2013-05-23 10:29 ` Russell King - ARM Linux
2013-05-23 10:29 ` Russell King - ARM Linux
2013-05-23 10:29 ` Russell King - ARM Linux
2013-05-23 10:29 ` Russell King - ARM Linux
2013-05-23 10:29 ` Russell King - ARM Linux
2013-05-23 10:05 ` Chen Gang
2013-05-23 10:05 ` Chen Gang
2013-05-23 10:05 ` Chen Gang
2013-05-23 10:05 ` Chen Gang
2013-05-24 5:59 ` Eric W. Biederman
2013-05-24 5:59 ` Eric W. Biederman
2013-05-24 5:59 ` Eric W. Biederman
2013-05-24 5:59 ` Eric W. Biederman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130528081910.GA29557@gmail.com \
--to=mingo@kernel.org \
--cc=Catalin.Marinas@arm.com \
--cc=deller@gmx.de \
--cc=egtvedt@samfundet.no \
--cc=fweisbec@gmail.com \
--cc=gang.chen@asianux.com \
--cc=geert@linux-m68k.org \
--cc=heiko.carstens@de.ibm.com \
--cc=hpa@zytor.com \
--cc=hskinnemoen@gmail.com \
--cc=jejb@parisc-linux.org \
--cc=linux-arch@vger.kernel.org \
--cc=linux-s390@vger.kernel.org \
--cc=linux-sh@vger.kernel.org \
--cc=linux@arm.linux.org.uk \
--cc=mingo@redhat.com \
--cc=paulmck@linux.vnet.ibm.com \
--cc=paulus@samba.org \
--cc=richard@nod.at \
--cc=user-mode-linux-devel@lists.sourceforge.net \
--cc=walken@google.com \
--cc=x86@kernel.org \
--cc=ysato@users.sourceforge.jp \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.