* Russell King - ARM Linux <[email protected]> wrote:
> So, if you want to use this, then you should update the CONFIG_BUG text
> to include a warning to this effect:
>
> Warning: if CONFIG_BUG is turned off, and control flow reaches
> a BUG(), the system behaviour will be undefined.
>
> so that people can make an informed choice about this, because at the
> moment:
>
> Disabling this option eliminates support for BUG and WARN, reducing
> the size of your kernel image and potentially quietly ignoring
> numerous fatal conditions. You should only consider disabling this
> option for embedded systems with no facilities for reporting errors.
> Just say Y.
>
> will become completely misleading. Turning this option off will _not_
> result in "quietly ignoring numerous fatal conditions".
I'm fine with adding your text as a clarification - but I think 'quietly
ignoring fatal conditions' very much implies an undefined outcome if that
unexpected condition does occur: the code might crash, it might corrupt
memory or it might do some other unexpected thing.
There are many other places that do a BUG_ON() of a NULL pointer or so, or
of a zero refcount, or a not held lock - and turning the BUG_ON() off
makes the code unpredictable _anyway_ - even if the compiler does not
notice an uninitialized variable.
So pretty much any weakening of BUG_ON() _will_ make the kernel more
unpredictable.
> And I come back to one of my previous arguments - is it not better to
> panic() if we hit one of these conditions so that the system can try to
> do a panic-reboot rather than continue blindly into the unknown?
It will often continue blindly into the unknown even if the compiler is
happy ...
The only difference is that it's "unpredictable" in a way not visible from
the C code: the code won't necessarily fall through the BUG() when hitting
that condition - although in practice it probably will.
So I think the same principle applies to it as to any other debugging
code: it's fine to be able to turn debugging off. It's a performance
versus kernel robustness/determinism trade-off.
Thanks,
Ingo
------------------------------------------------------------------------------
Try New Relic Now & We'll Send You this Cool Shirt
New Relic is the only SaaS-based application performance monitoring service
that delivers powerful full stack analytics. Optimize and monitor your
browser, app, & servers with just a few lines of code. Try New Relic
and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may
_______________________________________________
User-mode-linux-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/user-mode-linux-devel
