From: jamie@shareable.org (Jamie Lokier)
To: linux-arm-kernel@lists.infradead.org
Subject: [PATCH] ARM: Convert BUG() to use unreachable()
Date: Thu, 17 Dec 2009 19:04:53 +0000 [thread overview]
Message-ID: <20091217190453.GA362@shareable.org> (raw)
In-Reply-To: <20091217181718.GA4440@n2100.arm.linux.org.uk>
Russell King - ARM Linux wrote:
> Let me put it another way: I want this function to terminate with an
> explicit NULL pointer dereference in every case.
__builtin_trap cannot be used because the GCC manual says "The
mechanism used may vary from release to release so you should not rely
on any particular implementation". It includes calling abort() as a
possible implementation - not ideal.
This is not related to GCC, but I have an ARM system here where
dereferencing NULL does not trap. You guessed it, it doesn't have a
regular MMU. But there are other addresses which do trap. They would
be a much better choice for BUG().
(Aha! Maybe that's why the kernel just behaves weirdly when it runs
out of memory and eventually triggers a watchdog reboot, with no panic
message. I'd better try changing BUG() :-)
Even with an MMU, sometimes userspace maps page zero. For example,
Wine on x86 does that. (It might be possible to change Wine and
kernel vm86 to avoid it, but it has not happened).
Bug-free userspace behaviour should not stop kernel's BUG() from doing
it's basic job of trapping in the kernel!
It would be quite messy if userspace maps page zero, and then a kernel
BUG() ploughs ahead into __builtin_unreachable() and completely
undefined behaviour, possibly leading to worse behaviour than omitting
the check which called BUG().
Under those circumstances I'd rather see it use __builtin_trap() if
that really does trap :-)
The point of the exercise with __builtin_unreachable() is to reduce
the kernel size by removing the for(;;) loop. *(int *)0 = 0 isn't the
smallest trapping sequence. (When it works :-)
So the most compact _and_ reliable sequence for the kernel, on all
architectures, is probably:
__asm__ volatile("smallest undefined or always-trapping instruction")
followed by __builtin_unreachable(), because GCC documentation _does_
say that asm followed by that will execute the asm and assume the asm
doesn't return.
-- Jamie
next prev parent reply other threads:[~2009-12-17 19:04 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-12-08 9:55 [PATCH] ARM: Convert BUG() to use unreachable() Uwe Kleine-König
2009-12-10 17:50 ` Russell King - ARM Linux
[not found] ` <4B213627.5000007@caviumnetworks.com>
2009-12-16 13:58 ` Uwe Kleine-König
2009-12-17 15:01 ` Jamie Lokier
[not found] ` <4B2A65C6.7080009@caviumnetworks.com>
2009-12-17 17:17 ` Richard Guenther
2009-12-17 18:17 ` Russell King - ARM Linux
2009-12-17 18:35 ` Joe Buck
2009-12-17 19:06 ` Russell King - ARM Linux
2009-12-17 19:14 ` Joe Buck
2009-12-17 19:33 ` Russell King - ARM Linux
2009-12-17 19:38 ` Jamie Lokier
2009-12-17 19:48 ` Russell King - ARM Linux
2009-12-17 19:58 ` Russell King - ARM Linux
2009-12-17 19:04 ` Jamie Lokier [this message]
2009-12-21 19:30 ` Richard Henderson
2009-12-21 20:10 ` Russell King - ARM Linux
2009-12-22 14:09 ` Dave Korn
2009-12-22 14:12 ` Russell King - ARM Linux
2009-12-22 14:49 ` Dave Korn
2009-12-22 11:33 ` Paolo Bonzini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20091217190453.GA362@shareable.org \
--to=jamie@shareable.org \
--cc=linux-arm-kernel@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).