| Message ID | 20220824163100.224449-3-david@redhat.com (mailing list archive) |
|---|---|
| State | New |
| Headers | show |
| Series | coding-style.rst: document BUG() and WARN() rules | expand |
On Wed, 2022-08-24 at 18:31 +0200, David Hildenbrand wrote: > checkpatch does not point out that VM_BUG_ON() and friends should be > avoided, however, Linus notes: > > VM_BUG_ON() has the exact same semantics as BUG_ON. It is literally > no different, the only difference is "we can make the code smaller > because these are less important". [1] > > So let's warn on VM_BUG_ON() and friends as well. While at it, make it > clearer that the kernel really shouldn't be crashed. > > Note that there are some other *_BUG_ON flavors, but they are not all > bad: for example, KVM_BUG_ON() only triggers a WARN_ON_ONCE and then > flags KVM as being buggy, so we'll not care about them for now here. [] > diff --git a/scripts/checkpatch.pl b/scripts/checkpatch.pl [] > @@ -4695,12 +4695,12 @@ sub process { > } > } > > -# avoid BUG() or BUG_ON() > - if ($line =~ /\b(?:BUG|BUG_ON)\b/) { > +# do not use BUG(), BUG_ON(), VM_BUG_ON() and friends. > + if ($line =~ /\b(?:BUG|BUG_ON|VM_BUG_ON|VM_BUG_ON_[A-Z]+)\b/) { Perhaps better as something like the below to pick up more variants if ($line =~ /\b(?!KVM_|BUILD_)(?:[A-Z_]*_)?BUG(?:_ON)?(?:_[A-Z_]+)?\s*\(/ > my $msg_level = \&WARN; > $msg_level = \&CHK if ($file); > &{$msg_level}("AVOID_BUG", > - "Avoid crashing the kernel - try using WARN_ON & recovery code rather than BUG() or BUG_ON()\n" . $herecurr); and maybe: "Do not crash the kernel unless it is unavoidable - use WARN_ON_ONCE & recovery code (if reasonable) rather than BUG() or variants\n" . $herecurr);
On 24.08.22 18:52, Joe Perches wrote: > On Wed, 2022-08-24 at 18:31 +0200, David Hildenbrand wrote: >> checkpatch does not point out that VM_BUG_ON() and friends should be >> avoided, however, Linus notes: >> >> VM_BUG_ON() has the exact same semantics as BUG_ON. It is literally >> no different, the only difference is "we can make the code smaller >> because these are less important". [1] >> >> So let's warn on VM_BUG_ON() and friends as well. While at it, make it >> clearer that the kernel really shouldn't be crashed. >> >> Note that there are some other *_BUG_ON flavors, but they are not all >> bad: for example, KVM_BUG_ON() only triggers a WARN_ON_ONCE and then >> flags KVM as being buggy, so we'll not care about them for now here. > [] >> diff --git a/scripts/checkpatch.pl b/scripts/checkpatch.pl > [] >> @@ -4695,12 +4695,12 @@ sub process { >> } >> } >> >> -# avoid BUG() or BUG_ON() >> - if ($line =~ /\b(?:BUG|BUG_ON)\b/) { >> +# do not use BUG(), BUG_ON(), VM_BUG_ON() and friends. >> + if ($line =~ /\b(?:BUG|BUG_ON|VM_BUG_ON|VM_BUG_ON_[A-Z]+)\b/) { > > Perhaps better as something like the below to pick up more variants > > if ($line =~ /\b(?!KVM_|BUILD_)(?:[A-Z_]*_)?BUG(?:_ON)?(?:_[A-Z_]+)?\s*\(/ ... then I'll have to scan the other cases if they do something similar as KVM. ... well, okay, I'll do it. :) > >> my $msg_level = \&WARN; >> $msg_level = \&CHK if ($file); >> &{$msg_level}("AVOID_BUG", >> - "Avoid crashing the kernel - try using WARN_ON & recovery code rather than BUG() or BUG_ON()\n" . $herecurr); > > and maybe: > > "Do not crash the kernel unless it is unavoidable - use WARN_ON_ONCE & recovery code (if reasonable) rather than BUG() or variants\n" . $herecurr); > > Yes, thanks!
On 24.08.22 18:52, Joe Perches wrote: > On Wed, 2022-08-24 at 18:31 +0200, David Hildenbrand wrote: >> checkpatch does not point out that VM_BUG_ON() and friends should be >> avoided, however, Linus notes: >> >> VM_BUG_ON() has the exact same semantics as BUG_ON. It is literally >> no different, the only difference is "we can make the code smaller >> because these are less important". [1] >> >> So let's warn on VM_BUG_ON() and friends as well. While at it, make it >> clearer that the kernel really shouldn't be crashed. >> >> Note that there are some other *_BUG_ON flavors, but they are not all >> bad: for example, KVM_BUG_ON() only triggers a WARN_ON_ONCE and then >> flags KVM as being buggy, so we'll not care about them for now here. > [] >> diff --git a/scripts/checkpatch.pl b/scripts/checkpatch.pl > [] >> @@ -4695,12 +4695,12 @@ sub process { >> } >> } >> >> -# avoid BUG() or BUG_ON() >> - if ($line =~ /\b(?:BUG|BUG_ON)\b/) { >> +# do not use BUG(), BUG_ON(), VM_BUG_ON() and friends. >> + if ($line =~ /\b(?:BUG|BUG_ON|VM_BUG_ON|VM_BUG_ON_[A-Z]+)\b/) { > > Perhaps better as something like the below to pick up more variants > Trying to find more possible variants and exceptions $ git grep -h -o -E "\b[a-zA-Z]+_BUG(_ON(_[a-zA-Z]+)*)?\(" | sort | uniq AA_BUG( -> Ok, no BUG() ASM_BUG( -> Bad BUILD_BUG( BUILD_BUG_ON( BUILD_BUG_ON_INVALID( BUILD_BUG_ON_MSG( BUILD_BUG_ON_ZERO( -> Ok CI_BUG_ON( -> Bad with CONFIG_DRM_I915_DEBUG DCCP_BUG( DCCP_BUG_ON( -> Ok, no BUG() do_BUG( -> BUG implementation, ok. GEM_BUG_ON( -> Bad with CONFIG_DRM_I915_DEBUG_GEM_ONCE GLOCK_BUG_ON( -> Bad handle_BUG( -> BUG implementation, ok. IDA_BUG_ON( KVM_BUG( KVM_BUG_ON( -> Ok, no BUG() lkdtm_BUG( paravirt_BUG( -> bad PROM_BUG( -> unused, will remove RWLOCK_BUG_ON( -> Ok, no BUG() snd_BUG( snd_BUG_ON( -> Ok, no BUG() SNIC_BUG_ON( -> Bad SPIN_BUG_ON( -> Ok, no BUG() UNWINDER_BUG( UNWINDER_BUG_ON( VIRTUAL_BUG_ON( VM_BUG_ON( VM_BUG_ON_FOLIO( VM_BUG_ON_MM( VM_BUG_ON_PAGE( VM_BUG_ON_PGFLAGS( VM_BUG_ON_VMA( XA_BUG_ON( -> Bad So an extended versions of your proposal like (ignoring do_BUG and handle_BUG, people are smart enough to figure that out) if ($line =~ /\b(?!AA_|BUILD_|DCCP_|IDA_|KVM_|RWLOCK_|snd_|SPIN_)(?:[a-zA-Z_]*_)?BUG(?:_ON)?(?:_[A-Z_]+)?\s*\(/ ?
On Thu, 25 Aug 2022, David Hildenbrand <david@redhat.com> wrote: > On 24.08.22 18:52, Joe Perches wrote: >> On Wed, 2022-08-24 at 18:31 +0200, David Hildenbrand wrote: >>> checkpatch does not point out that VM_BUG_ON() and friends should be >>> avoided, however, Linus notes: >>> >>> VM_BUG_ON() has the exact same semantics as BUG_ON. It is literally >>> no different, the only difference is "we can make the code smaller >>> because these are less important". [1] >>> >>> So let's warn on VM_BUG_ON() and friends as well. While at it, make it >>> clearer that the kernel really shouldn't be crashed. >>> >>> Note that there are some other *_BUG_ON flavors, but they are not all >>> bad: for example, KVM_BUG_ON() only triggers a WARN_ON_ONCE and then >>> flags KVM as being buggy, so we'll not care about them for now here. >> [] >>> diff --git a/scripts/checkpatch.pl b/scripts/checkpatch.pl >> [] >>> @@ -4695,12 +4695,12 @@ sub process { >>> } >>> } >>> >>> -# avoid BUG() or BUG_ON() >>> - if ($line =~ /\b(?:BUG|BUG_ON)\b/) { >>> +# do not use BUG(), BUG_ON(), VM_BUG_ON() and friends. >>> + if ($line =~ /\b(?:BUG|BUG_ON|VM_BUG_ON|VM_BUG_ON_[A-Z]+)\b/) { >> >> Perhaps better as something like the below to pick up more variants >> > > Trying to find more possible variants and exceptions > CI_BUG_ON( > -> Bad with CONFIG_DRM_I915_DEBUG > GEM_BUG_ON( > -> Bad with CONFIG_DRM_I915_DEBUG_GEM_ONCE These are hidden behind debug knobs that we use in our CI to specifically catch "should not happen" cases fast and loud. Should not be a problem for regular users. BR, Jani. > So an extended versions of your proposal like (ignoring do_BUG and handle_BUG, people are smart enough to figure that out) > > if ($line =~ /\b(?!AA_|BUILD_|DCCP_|IDA_|KVM_|RWLOCK_|snd_|SPIN_)(?:[a-zA-Z_]*_)?BUG(?:_ON)?(?:_[A-Z_]+)?\s*\(/ > > ?
On 25.08.22 13:43, Jani Nikula wrote: > On Thu, 25 Aug 2022, David Hildenbrand <david@redhat.com> wrote: >> On 24.08.22 18:52, Joe Perches wrote: >>> On Wed, 2022-08-24 at 18:31 +0200, David Hildenbrand wrote: >>>> checkpatch does not point out that VM_BUG_ON() and friends should be >>>> avoided, however, Linus notes: >>>> >>>> VM_BUG_ON() has the exact same semantics as BUG_ON. It is literally >>>> no different, the only difference is "we can make the code smaller >>>> because these are less important". [1] >>>> >>>> So let's warn on VM_BUG_ON() and friends as well. While at it, make it >>>> clearer that the kernel really shouldn't be crashed. >>>> >>>> Note that there are some other *_BUG_ON flavors, but they are not all >>>> bad: for example, KVM_BUG_ON() only triggers a WARN_ON_ONCE and then >>>> flags KVM as being buggy, so we'll not care about them for now here. >>> [] >>>> diff --git a/scripts/checkpatch.pl b/scripts/checkpatch.pl >>> [] >>>> @@ -4695,12 +4695,12 @@ sub process { >>>> } >>>> } >>>> >>>> -# avoid BUG() or BUG_ON() >>>> - if ($line =~ /\b(?:BUG|BUG_ON)\b/) { >>>> +# do not use BUG(), BUG_ON(), VM_BUG_ON() and friends. >>>> + if ($line =~ /\b(?:BUG|BUG_ON|VM_BUG_ON|VM_BUG_ON_[A-Z]+)\b/) { >>> >>> Perhaps better as something like the below to pick up more variants >>> >> >> Trying to find more possible variants and exceptions > >> CI_BUG_ON( >> -> Bad with CONFIG_DRM_I915_DEBUG >> GEM_BUG_ON( >> -> Bad with CONFIG_DRM_I915_DEBUG_GEM_ONCE > > These are hidden behind debug knobs that we use in our CI to > specifically catch "should not happen" cases fast and loud. Should not > be a problem for regular users. > I tend to agree but I don't think this is worth an exception. VM_BUG_ON also requires CONFIG_DEBUG_VM and absolutely shouldn't be used as I learned. Quoting Linus: Really. BUG_ON() IS NOT FOR DEBUGGING. [1] This kind of "I don't think this can happen" is _never_ an excuse for it. [2] For CI work, it might be sufficient to use WARN_ON_ONCE() combined with panic_on_warn. [1] https://lore.kernel.org/all/CAHk-=wiEAH+ojSpAgx_Ep=NKPWHU8AdO3V56BXcCsU97oYJ1EA@mail.gmail.com/ [2] https://lore.kernel.org/all/CAHk-=wg40EAZofO16Eviaj7mfqDhZ2gVEbvfsMf6gYzspRjYvw@mail.gmail.com/
diff --git a/scripts/checkpatch.pl b/scripts/checkpatch.pl index 79e759aac543..4c18acf17032 100755 --- a/scripts/checkpatch.pl +++ b/scripts/checkpatch.pl @@ -4695,12 +4695,12 @@ sub process { } } -# avoid BUG() or BUG_ON() - if ($line =~ /\b(?:BUG|BUG_ON)\b/) { +# do not use BUG(), BUG_ON(), VM_BUG_ON() and friends. + if ($line =~ /\b(?:BUG|BUG_ON|VM_BUG_ON|VM_BUG_ON_[A-Z]+)\b/) { my $msg_level = \&WARN; $msg_level = \&CHK if ($file); &{$msg_level}("AVOID_BUG", - "Avoid crashing the kernel - try using WARN_ON & recovery code rather than BUG() or BUG_ON()\n" . $herecurr); + "Do not crash the kernel unless it is unavoidable - use WARN_ON_ONCE & recovery code (if reasonable) rather than BUG(), BUG_ON(), VM_BUG_ON(), ...\n" . $herecurr); } # avoid LINUX_VERSION_CODE
checkpatch does not point out that VM_BUG_ON() and friends should be avoided, however, Linus notes: VM_BUG_ON() has the exact same semantics as BUG_ON. It is literally no different, the only difference is "we can make the code smaller because these are less important". [1] So let's warn on VM_BUG_ON() and friends as well. While at it, make it clearer that the kernel really shouldn't be crashed. Note that there are some other *_BUG_ON flavors, but they are not all bad: for example, KVM_BUG_ON() only triggers a WARN_ON_ONCE and then flags KVM as being buggy, so we'll not care about them for now here. [1] https://lore.kernel.org/r/CAHk-=wg40EAZofO16Eviaj7mfqDhZ2gVEbvfsMf6gYzspRjYvw@mail.gmail.com Signed-off-by: David Hildenbrand <david@redhat.com> --- scripts/checkpatch.pl | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-)