From: Ingo Molnar <mingo@elte.hu>
To: Rakib Mullick <rakib.mullick@gmail.com>
Cc: Andrew Lutomirski <luto@mit.edu>,
Linus Torvalds <torvalds@linux-foundation.org>,
hpa@zytor.com, tglx@linutronix.de, x86@kernel.org,
linux-kernel@vger.kernel.org,
Andrew Morton <akpm@linux-foundation.org>
Subject: Re: [PATCH] x86, vsyscall: Fix build warning in vsyscall_64.c
Date: Wed, 15 Jun 2011 09:25:53 +0200 [thread overview]
Message-ID: <20110615072553.GA26003@elte.hu> (raw)
In-Reply-To: <BANLkTi=mwowbSy0M=rjdQW_cKDVf1tBBpA@mail.gmail.com>
* Rakib Mullick <rakib.mullick@gmail.com> wrote:
> On Wed, Jun 15, 2011 at 3:33 AM, Andrew Lutomirski <luto@mit.edu> wrote:
> > On Tue, Jun 14, 2011 at 5:31 PM, Ingo Molnar <mingo@elte.hu> wrote:
> >>
> >> * Linus Torvalds <torvalds@linux-foundation.org> wrote:
> >>
> >>> On Tue, Jun 14, 2011 at 2:16 PM, Ingo Molnar <mingo@elte.hu> wrote:
> >>> >
> >>> > I think correctness trumps code size and turning BUG() and BUG_ON()
> >>> > into a NOP is just crazy ...
> >>>
> >>> Umm. It's even CRAZIER to turn it into a "compiler generates random code".
> >>
> >> Sigh, i assumed it got turned into an infinite loop - that is what
> >> i've done in a prior patch.
> >>
> >> You are right, unreachable() is bogus and you'd also be right to
> >> suggest that i should not comment on patches after 11pm ;-)
> >
> > What we want is a magic GCC trick that says "don't warn about code
> > paths that go through here but generate the same code as you would
> > without this annotation." I don't think such a thing exists.
> >
> No, I don't think we need such kind of thing. I think, we should less
> rely on GCC. Here, we need to reconsider the use of BUG. When
> vsyscall_nr is default, it hits BUG. Here is the code comment:
>
> " * If we get here, then vsyscall_nr indicates that int 0xcc
> * happened at an address in the vsyscall page that doesn't
> * contain int 0xcc. That can't happen. "
>
> If that can't happen, I think we can treat it as a FAULT. So,
> rather than calling BUG we can ground it into EFAULT. Does it break
> ABI compatibility?
No, that BUG() is a "cannot happen on a correct kernel" so it has no
ABI impact - but it might trigger if the execution environment is
violated:
- hardware failure
- miscompilation
- data corruption by some other kernel bug
- etc.
- or it might trigger in the future if someone changes the code in
a way that breaks the underlying assumption.
I guess we could do a __BUG_ON() that wont be optimized away even on
!CONFIG_BUG kernels but it seems a bit silly.
So can someone tell me what the assumptions of CONFIG_BUG=n are?
If CONFIG_BUG=n means "i trust the kernel, the toolchain, the kernel
and the hardware to be 100% correct [or don't care if any of those
are broken]" then i can only see one solution:
- leave the warning as-is. Whoever builds with CONFIG_BUG=n will
have to live with the consequences of the 'impossible' happening
and will have to accept the more unpredictable kernel behavior
that *will* trigger in various parts of the kernel if BUG() is
turned into a NOP. If any of the above 'impossible' failure modes
triggers then having more undefined behavior in form of an
uninitialized variable will be the least of their worry.
Thanks,
Ingo
next prev parent reply other threads:[~2011-06-15 7:26 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-06-11 7:31 [PATCH] x86, vsyscall: Fix build warning in vsyscall_64.c Rakib Mullick
2011-06-11 11:01 ` Andrew Lutomirski
2011-06-12 5:12 ` Rakib Mullick
2011-06-13 2:52 ` Andrew Lutomirski
2011-06-13 4:54 ` Rakib Mullick
2011-06-13 8:45 ` Rakib Mullick
2011-06-13 18:06 ` Andrew Lutomirski
2011-06-14 17:43 ` Rakib Mullick
2011-06-14 18:03 ` Andy Lutomirski
2011-06-14 21:16 ` Ingo Molnar
2011-06-14 21:24 ` Linus Torvalds
2011-06-14 21:31 ` Ingo Molnar
2011-06-14 21:33 ` Andrew Lutomirski
2011-06-15 5:59 ` Rakib Mullick
2011-06-15 7:25 ` Ingo Molnar [this message]
2011-06-15 18:49 ` Linus Torvalds
2011-06-15 19:24 ` Andrew Lutomirski
2011-06-15 19:32 ` Linus Torvalds
2011-06-15 19:51 ` Andrew Lutomirski
2011-06-13 9:29 ` Ingo Molnar
2011-06-13 13:03 ` Andrew Lutomirski
2011-06-13 14:14 ` Ingo Molnar
2011-06-13 14:18 ` Andrew Lutomirski
2011-06-13 17:05 ` Rakib Mullick
2011-06-13 17:06 ` Andrew Lutomirski
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20110615072553.GA26003@elte.hu \
--to=mingo@elte.hu \
--cc=akpm@linux-foundation.org \
--cc=hpa@zytor.com \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@mit.edu \
--cc=rakib.mullick@gmail.com \
--cc=tglx@linutronix.de \
--cc=torvalds@linux-foundation.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox