On Thu, Jun 18, 2015 at 4:07 AM, Andy Lutomirski <[email protected]> wrote: > On Thu, Jun 18, 2015 at 2:57 AM, Ingo Molnar <[email protected]> wrote: >> >> * Andy Lutomirski <[email protected]> wrote: >> >>> On Wed, Jun 17, 2015 at 2:41 AM, Ingo Molnar <[email protected]> wrote: >>> > >>> > * Andy Lutomirski <[email protected]> wrote: >>> > >>> >> This will let us sprinkle sanity checks around the kernel without >>> >> making too much of a mess. >>> >> >>> >> Signed-off-by: Andy Lutomirski <[email protected]> >>> >> --- >>> >> include/linux/context_tracking.h | 8 ++++++++ >>> >> 1 file changed, 8 insertions(+) >>> >> >>> >> diff --git a/include/linux/context_tracking.h >>> >> b/include/linux/context_tracking.h >>> >> index 2821838256b4..0fbea4b152e1 100644 >>> >> --- a/include/linux/context_tracking.h >>> >> +++ b/include/linux/context_tracking.h >>> >> @@ -57,6 +57,13 @@ static inline void >>> >> context_tracking_task_switch(struct task_struct *prev, >>> >> if (context_tracking_is_enabled()) >>> >> __context_tracking_task_switch(prev, next); >>> >> } >>> >> + >>> >> +static inline void context_tracking_assert_state(enum ctx_state state) >>> >> +{ >>> >> + rcu_lockdep_assert(!context_tracking_is_enabled() || >>> >> + this_cpu_read(context_tracking.state) == state, >>> >> + "context tracking state was wrong"); >>> >> +} >>> > >>> > Please don't introduce assert() style debug check interfaces! >>> > >>> > (And RCU should be fixed too I suspect.) >>> > >>> > They are absolutely horrible on the brain when mixed with WARN_ON() >>> > interfaces, >>> > which are the dominant runtime check interface in the kernel. >>> > >>> > Instead make it something like: >>> > >>> > #define ct_state() (this_cpu_read(context_tracking.state)) >>> > >>> > #define CT_WARN_ON(cond) \ >>> > WARN_ON(context_tracking_is_enabled() && (cond)) >>> > >>> > and then the debug checks can be written as: >>> > >>> > CT_WARN_ON(ct_state() != CONTEXT_KERNEL); >>> > >>> > This is IMHO _far_ more readable than: >>> > >>> > context_tracking_assert_state(CONTEXT_KERNEL); >>> > >>> > ok? >>> > >>> > (Assuming people will accept 'ct/CT' as an abbreviation for context >>> > tracking.) >>> >>> Hmm, ok I guess. The part I don't like is having ct_state() at all on >>> non-context-tracking kernels -- it seems like it's asking for trouble. >> >> Well: >> >> - if # CONFIG_CONTEXT_TRACKING is not se, then CT_WARN_ON() does nothing. >> >> - if CONFIG_CONTEXT_TRACKING=y, but !context_tracking_is_enabled(), then >> CT_WARN_ON() will evaluate 'cond', but won't calculate it. >> >> - only if CONFIG_CONTEXT_TRACKING=y && context_tracking_is_enabled() should >> we >> get as far as ct_state() evaluation. >> >> so I'm not sure I see the problem you are seeing. >> >>> We could make CT_WARN_ON not even evaluate its argument if >>> !CONFIG_CONTEXT_TRACKING, but then we still have ct_state() returning >>> garbage if >>> !context_tracking_is_enabled(). >> >> My understanding is that if !context_tracking_is_enabled() then the compiler >> should not even try to evaluate the rest. This is why doing a NULL pointer >> check >> like this is safe: > > I'm fine with everything you just covered. My only objection is that, > if ct_state() exists, then someone might call it outside CT_WARN_ON, > in which case it will break on non-context-tracking setups.
The more I think about it, the more I dislike ct_state(). We have in_atomic(), which is already problematic because the return value isn't reliable. ct_state(), if callable on non context-tracking kernels, will also be unreliable. I prefer things like lockdep_assert_held because they can't be misused. It would be far too easy for someone to read: CT_WARN_ON(ct_state() != CONTEXT_KERNEL); and add: if (ct_state() == CONTEXT_KERNEL) do_something(); and that would be bad. --Andy > > --Andy -- Andy Lutomirski AMA Capital Management, LLC -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
