From: James Bottomley <James.Bottomley@HansenPartnership.com>
To: "H. Peter Anvin" <hpa@zytor.com>
Cc: linux-arch@vger.kernel.org,
Thomas Hellstrom <thellstrom@vmware.com>,
Greg KH <gregkh@linuxfoundation.org>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
"dri-devel@lists.freedesktop.org"
<dri-devel@lists.freedesktop.org>,
"linaro-mm-sig@lists.linaro.org" <linaro-mm-sig@lists.linaro.org>,
Colin Cross <ccross@google.com>,
"linux-media@vger.kernel.org" <linux-media@vger.kernel.org>
Subject: Re: [REPOST PATCH 1/8] fence: dma-buf cross-device synchronization (v17)
Date: Thu, 19 Jun 2014 16:08:08 -0700 [thread overview]
Message-ID: <1403219288.1962.17.camel@jarvis.lan> (raw)
In-Reply-To: <53A366B3.8020808@zytor.com>
On Thu, 2014-06-19 at 15:39 -0700, H. Peter Anvin wrote:
> On 06/19/2014 01:01 PM, Greg KH wrote:
> > On Thu, Jun 19, 2014 at 09:15:36PM +0200, Daniel Vetter wrote:
> >> On Thu, Jun 19, 2014 at 7:00 PM, Greg KH <gregkh@linuxfoundation.org> wrote:
> >>>>>> + BUG_ON(f1->context != f2->context);
> >>>>>
> >>>>> Nice, you just crashed the kernel, making it impossible to debug or
> >>>>> recover :(
> >>>>
> >>>> agreed, that should probably be 'if (WARN_ON(...)) return NULL;'
> >>>>
> >>>> (but at least I wouldn't expect to hit that under console_lock so you
> >>>> should at least see the last N lines of the backtrace on the screen
> >>>> ;-))
> >>>
> >>> Lots of devices don't have console screens :)
> >>
> >> Aside: This is a pet peeve of mine and recently I've switched to
> >> rejecting all patch that have a BUG_ON, period.
> >
> > Please do, I have been for a few years now as well for the same reasons
> > you cite.
> >
>
> I'm actually concerned about this trend. Downgrading things to WARN_ON
> can allow a security bug in the kernel to continue to exist, for
> example, or make the error message disappear.
Me too. We use BUG_ON in the I/O subsystem where we're forced to
violate a guarantee. When the choice is corrupt something or panic the
system, I prefer the latter every time.
> I am wondering if the right thing here isn't to have a user (command
> line?) settable policy as to how to proceed on an assert violation,
> instead of hardcoding it at compile time.
I'd say it depends on the consequence of the assertion violation. We
have assertions that are largely theoretical, ones that govern process
internal state (so killing the process mostly sanitizes the system) and
a few that imply data loss or data corruption.
James
WARNING: multiple messages have this Message-ID (diff)
From: James Bottomley <James.Bottomley@HansenPartnership.com>
To: "H. Peter Anvin" <hpa@zytor.com>
Cc: Greg KH <gregkh@linuxfoundation.org>,
Daniel Vetter <daniel@ffwll.ch>, Rob Clark <robdclark@gmail.com>,
Maarten Lankhorst <maarten.lankhorst@canonical.com>,
linux-arch@vger.kernel.org,
Thomas Hellstrom <thellstrom@vmware.com>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
"dri-devel@lists.freedesktop.org"
<dri-devel@lists.freedesktop.org>,
"linaro-mm-sig@lists.linaro.org" <linaro-mm-sig@lists.linaro.org>,
Thierry Reding <thierry.reding@gmail.com>,
Colin Cross <ccross@google.com>,
Sumit Semwal <sumit.semwal@linaro.org>,
"linux-media@vger.kernel.org" <linux-media@vger.kernel.org>
Subject: Re: [REPOST PATCH 1/8] fence: dma-buf cross-device synchronization (v17)
Date: Thu, 19 Jun 2014 16:08:08 -0700 [thread overview]
Message-ID: <1403219288.1962.17.camel@jarvis.lan> (raw)
Message-ID: <20140619230808.vkFh4zRc2rhpPlclAaX0Zm_SUwZ47LtykmVyfFDRuDs@z> (raw)
In-Reply-To: <53A366B3.8020808@zytor.com>
On Thu, 2014-06-19 at 15:39 -0700, H. Peter Anvin wrote:
> On 06/19/2014 01:01 PM, Greg KH wrote:
> > On Thu, Jun 19, 2014 at 09:15:36PM +0200, Daniel Vetter wrote:
> >> On Thu, Jun 19, 2014 at 7:00 PM, Greg KH <gregkh@linuxfoundation.org> wrote:
> >>>>>> + BUG_ON(f1->context != f2->context);
> >>>>>
> >>>>> Nice, you just crashed the kernel, making it impossible to debug or
> >>>>> recover :(
> >>>>
> >>>> agreed, that should probably be 'if (WARN_ON(...)) return NULL;'
> >>>>
> >>>> (but at least I wouldn't expect to hit that under console_lock so you
> >>>> should at least see the last N lines of the backtrace on the screen
> >>>> ;-))
> >>>
> >>> Lots of devices don't have console screens :)
> >>
> >> Aside: This is a pet peeve of mine and recently I've switched to
> >> rejecting all patch that have a BUG_ON, period.
> >
> > Please do, I have been for a few years now as well for the same reasons
> > you cite.
> >
>
> I'm actually concerned about this trend. Downgrading things to WARN_ON
> can allow a security bug in the kernel to continue to exist, for
> example, or make the error message disappear.
Me too. We use BUG_ON in the I/O subsystem where we're forced to
violate a guarantee. When the choice is corrupt something or panic the
system, I prefer the latter every time.
> I am wondering if the right thing here isn't to have a user (command
> line?) settable policy as to how to proceed on an assert violation,
> instead of hardcoding it at compile time.
I'd say it depends on the consequence of the assertion violation. We
have assertions that are largely theoretical, ones that govern process
internal state (so killing the process mostly sanitizes the system) and
a few that imply data loss or data corruption.
James
next prev parent reply other threads:[~2014-06-19 23:08 UTC|newest]
Thread overview: 79+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-06-18 10:36 [REPOST PATCH 0/8] fence synchronization patches Maarten Lankhorst
2014-06-18 10:36 ` Maarten Lankhorst
2014-06-18 10:36 ` [REPOST PATCH 1/8] fence: dma-buf cross-device synchronization (v17) Maarten Lankhorst
2014-06-18 10:36 ` Maarten Lankhorst
2014-06-19 1:13 ` Greg KH
2014-06-19 1:13 ` Greg KH
2014-06-19 1:23 ` Rob Clark
2014-06-19 1:23 ` Rob Clark
2014-06-19 1:44 ` Greg KH
2014-06-19 1:44 ` Greg KH
2014-06-19 14:00 ` Rob Clark
2014-06-19 17:00 ` Greg KH
2014-06-19 17:00 ` Greg KH
2014-06-19 17:45 ` Rob Clark
2014-06-19 17:45 ` Rob Clark
2014-06-19 18:19 ` Greg KH
2014-06-19 18:37 ` James Bottomley
2014-06-19 18:37 ` James Bottomley
2014-06-19 18:52 ` Rob Clark
2014-06-19 18:52 ` Rob Clark
2014-06-19 19:20 ` Daniel Vetter
2014-06-19 19:20 ` Daniel Vetter
2014-06-19 21:50 ` Dave Airlie
2014-06-19 21:50 ` Dave Airlie
2014-06-19 23:21 ` Rob Clark
2014-06-19 23:21 ` Rob Clark
2014-06-19 19:15 ` Daniel Vetter
2014-06-19 19:15 ` Daniel Vetter
2014-06-19 20:01 ` Greg KH
2014-06-19 20:01 ` Greg KH
2014-06-19 22:39 ` H. Peter Anvin
2014-06-19 22:39 ` H. Peter Anvin
2014-06-19 23:08 ` James Bottomley [this message]
2014-06-19 23:08 ` James Bottomley
2014-06-19 23:42 ` Greg KH
2014-06-20 8:30 ` Daniel Vetter
2014-06-20 8:24 ` Daniel Vetter
2014-06-20 8:24 ` Daniel Vetter
2014-06-19 1:15 ` Greg KH
2014-06-19 1:16 ` Greg KH
2014-06-19 1:25 ` Rob Clark
2014-06-19 1:25 ` Rob Clark
2014-06-19 4:27 ` Sumit Semwal
2014-06-19 4:54 ` Greg KH
2014-06-19 4:54 ` Greg KH
2014-06-19 5:26 ` Sumit Semwal
2014-06-19 5:26 ` Sumit Semwal
2014-06-18 10:37 ` [REPOST PATCH 2/8] seqno-fence: Hardware dma-buf implementation of fencing (v5) Maarten Lankhorst
2014-06-18 10:37 ` Maarten Lankhorst
2014-06-18 10:37 ` [REPOST PATCH 3/8] dma-buf: use reservation objects Maarten Lankhorst
2014-06-18 10:37 ` Maarten Lankhorst
2014-06-18 10:37 ` [REPOST PATCH 4/8] android: convert sync to fence api, v5 Maarten Lankhorst
2014-06-18 10:37 ` Maarten Lankhorst
2014-06-19 1:15 ` Greg KH
2014-06-19 6:37 ` Daniel Vetter
2014-06-19 6:37 ` Daniel Vetter
2014-06-19 11:48 ` Thierry Reding
2014-06-19 11:48 ` Thierry Reding
2014-06-19 12:28 ` Daniel Vetter
2014-06-19 15:35 ` Colin Cross
2014-06-19 16:34 ` Daniel Vetter
2014-06-19 16:34 ` Daniel Vetter
2014-06-20 20:52 ` Thierry Reding
2014-06-20 20:52 ` Thierry Reding
2014-06-23 8:45 ` Maarten Lankhorst
2014-07-07 13:28 ` Daniel Vetter
2014-07-07 13:28 ` Daniel Vetter
2014-06-19 15:22 ` Colin Cross
2014-06-19 15:22 ` Colin Cross
2014-06-19 16:12 ` Maarten Lankhorst
2014-06-18 10:37 ` [REPOST PATCH 5/8] reservation: add support for fences to enable cross-device synchronisation Maarten Lankhorst
2014-06-18 10:37 ` Maarten Lankhorst
2014-06-18 10:37 ` [REPOST PATCH 6/8] dma-buf: add poll support, v3 Maarten Lankhorst
2014-06-18 10:37 ` Maarten Lankhorst
2014-06-18 10:37 ` [REPOST PATCH 7/8] reservation: update api and add some helpers Maarten Lankhorst
2014-06-18 10:37 ` Maarten Lankhorst
2014-06-18 10:37 ` [REPOST PATCH 8/8] reservation: add suppport for read-only access using rcu Maarten Lankhorst
2014-06-18 10:37 ` Maarten Lankhorst
-- strict thread matches above, loose matches on Subject: below --
2014-06-19 17:53 [REPOST PATCH 1/8] fence: dma-buf cross-device synchronization (v17) Eric Boxer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1403219288.1962.17.camel@jarvis.lan \
--to=james.bottomley@hansenpartnership.com \
--cc=ccross@google.com \
--cc=dri-devel@lists.freedesktop.org \
--cc=gregkh@linuxfoundation.org \
--cc=hpa@zytor.com \
--cc=linaro-mm-sig@lists.linaro.org \
--cc=linux-arch@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-media@vger.kernel.org \
--cc=thellstrom@vmware.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).