From: Ingo Molnar <mingo@kernel.org>
To: Alexander Holler <holler@ahsoftware.de>
Cc: Linus Torvalds <torvalds@linux-foundation.org>,
Tejun Heo <htejun@gmail.com>,
Louis Langholtz <lou_langholtz@me.com>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
trivial@kernel.org, Rusty Russell <rusty@rustcorp.com.au>,
Andrew Morton <akpm@linux-foundation.org>,
Peter Zijlstra <a.p.zijlstra@chello.nl>,
Thomas Gleixner <tglx@linutronix.de>
Subject: Re: [PATCH] debug: Deprecate BUG_ON() use in new code, introduce CRASH_ON()
Date: Mon, 8 Jun 2015 10:09:04 +0200 [thread overview]
Message-ID: <20150608080903.GA1236@gmail.com> (raw)
In-Reply-To: <557546E6.5030304@ahsoftware.de>
* Alexander Holler <holler@ahsoftware.de> wrote:
> Am 08.06.2015 um 09:12 schrieb Ingo Molnar:
> >
> >* Linus Torvalds <torvalds@linux-foundation.org> wrote:
> >
> >>Stop with the random BUG_ON() additions.
> >
> > Yeah, so I propose the attached patch which attempts to resist new BUG_ON()
> > additions.
>
> As this reminded me at flame I received once from a maintainer because I wanted
> to avoid a desastrous memory corruption by using a BUG_ON(). maybe someone
> should mention that a BUG_ON or now CRASH_ON should be still prefered instead of
> some random memory corruption which might lead to worse things. Or how is the
> viewpoint of the kernel masters in regard to memory corruptions and use of
> BUG_ON, WARN_ON or CRASH_ON?
So it depends on the actual change, but there's very few cases where a BUG_ON() is
justified, even if the code detects memory corruption.
Most instances of memory corruption either come from the hardware or come from
some other piece of code, so _your_ code crashing the system will be unexpected,
and in most cases unproductive to finding the cause of the corruption.
The best action is to stop doing whatever your code was doing, trying to bail out
with as little extra changes done to the system as possible.
An example for that are lockdep's asserts. An actual lockdep warning in a
released, production kernel is frequently connected to a real risk of data
corruption - yet what we do is that we report the bug non-intrusively and turn off
lockdep completely, so that it does not make the situation worse and that we have
a chance the messages can be saved and can be reported back to kernel developers.
The origins of widespread BUG_ON() use are twofold:
- 20 years ago we didn't have much of any locking in the kernel, so a BUG_ON()
resulted in essence in a graceful segfault of the application that happened to
trigger it, in most cases. Kernel logs were still possible to retrieve if the
bug did not trigger too often - and if not (because for example the crash
happened in the idle thread) then the backtrace was still visible on the VGA
text console.
- in the early days we didn't have WARN_ON(), we only had BUG_ON(), so people
used that. BUG_ON() used to be the 'graceful' assert, panic() was the
equivalent of CRASH_ON().
These days a BUG_ON() is almost always fatal due to unreleased locks, plus we
still don't print kernel crashes to the graphical console, so they are silent hard
lockups in 99% of the cases.
Thanks,
Ingo
next prev parent reply other threads:[~2015-06-08 8:09 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <http://marc.info/?l=linux-kernel&m=143351431301630>
2015-06-07 23:54 ` [PATCH] kernel/params.c: make use of unused but set variable Louis Langholtz
2015-06-08 0:00 ` Tejun Heo
2015-06-08 0:17 ` Linus Torvalds
2015-06-08 0:58 ` Tejun Heo
2015-06-08 5:24 ` [PATCH v2] " Louis Langholtz
2015-06-10 17:05 ` [PATCH] " Louis Langholtz
2015-06-11 1:54 ` Tejun Heo
2015-06-12 3:17 ` Louis Langholtz
2015-06-08 5:44 ` [PATCH] checkpatch: Warn on BUG and BUG_ON uses Joe Perches
2015-06-08 5:46 ` [PATCH] kernel/params.c: make use of unused but set variable Louis Langholtz
2015-06-08 7:12 ` [PATCH] debug: Deprecate BUG_ON() use in new code, introduce CRASH_ON() Ingo Molnar
2015-06-08 7:40 ` Alexander Holler
2015-06-08 8:08 ` Richard Weinberger
2015-06-08 8:42 ` Alexander Holler
2015-06-08 9:05 ` Ingo Molnar
2015-06-08 9:11 ` Ingo Molnar
2015-06-08 9:22 ` Alexander Holler
2015-06-08 11:29 ` Ingo Molnar
2015-06-08 9:16 ` Alexander Holler
2015-06-08 11:27 ` Ingo Molnar
2015-06-08 18:07 ` Alexander Holler
2015-06-08 19:35 ` Ingo Molnar
2015-06-09 1:07 ` Alexander Holler
2015-06-08 8:09 ` Ingo Molnar [this message]
2015-06-12 1:27 ` [PATCH] kernel/params.c: make use of unused but set variable Rusty Russell
2015-06-12 1:48 ` Tejun Heo
2015-06-14 19:49 ` Rusty Russell
2015-06-16 19:54 ` Tejun Heo
2015-06-08 14:26 [PATCH] debug: Deprecate BUG_ON() use in new code, introduce CRASH_ON() Alexey Dobriyan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150608080903.GA1236@gmail.com \
--to=mingo@kernel.org \
--cc=a.p.zijlstra@chello.nl \
--cc=akpm@linux-foundation.org \
--cc=holler@ahsoftware.de \
--cc=htejun@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=lou_langholtz@me.com \
--cc=rusty@rustcorp.com.au \
--cc=tglx@linutronix.de \
--cc=torvalds@linux-foundation.org \
--cc=trivial@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox