From: Linus Torvalds <torvalds@linux-foundation.org>
To: Andrea Arcangeli <aarcange@redhat.com>
Cc: "Huangpeng (Peter)" <peter.huangpeng@huawei.com>,
Paolo Bonzini <pbonzini@redhat.com>,
qemu-devel@nongnu.org, Pavel Emelyanov <xemul@parallels.com>,
Hugh Dickins <hughd@google.com>,
Andrew Morton <akpm@linux-foundation.org>,
"Dr. David Alan Gilbert" <dgilbert@redhat.com>,
Andres Lagar-Cavilla <andreslc@google.com>,
Andy Lutomirski <luto@amacapital.net>,
linux-mm@kvack.org, Johannes Weiner <hannes@cmpxchg.org>,
Rik van Riel <riel@redhat.com>,
"Kirill A. Shutemov" <kirill@shutemov.name>,
linux-kernel@vger.kernel.org, zhang.zhanghailiang@huawei.com,
Sanidhya Kashyap <sanidhya.gatech@gmail.com>,
Dave Hansen <dave.hansen@intel.com>,
Peter Feiner <pfeiner@google.com>, Mel Gorman <mgorman@suse.de>,
kvm@vger.kernel.org
Subject: Re: [PATCH 1/7] userfaultfd: require UFFDIO_API before other ioctls
Date: Mon, 15 Jun 2015 08:11:50 -1000 [thread overview]
Message-ID: <CA+55aFzdZJw7Ot7=PYyyskNhkv=H+NPzoF6rKtb6oMyzkuQ-=Q@mail.gmail.com> (raw)
In-Reply-To: <1434388931-24487-2-git-send-email-aarcange@redhat.com>
[-- Attachment #1: Type: text/plain, Size: 990 bytes --]
On Jun 15, 2015 7:22 AM, "Andrea Arcangeli" <aarcange@redhat.com> wrote:
>
> + if (cmd != UFFDIO_API) {
> + if (ctx->state == UFFD_STATE_WAIT_API)
> + return -EINVAL;
> + BUG_ON(ctx->state != UFFD_STATE_RUNNING);
> + }
NAK.
Once again: we don't add BUG_ON() as some kind of assert. If your
non-critical code has s bug in it, you do WARN_ONCE() and you return. You
don't kill the machine just because of some "this can't happen" situation.
It turns out "this can't happen" happens way too often, just because code
changes, or programmers didn't think all the cases through. And killing the
machine is just NOT ACCEPTABLE.
People need to stop adding machine-killing checks to code that just doesn't
merit killing the machine.
And if you are so damn sure that it really cannot happen ever, then you
damn well had better remove the test too!
BUG_ON is not a debugging tool, or a "I think this would be bad" helper.
Linus
[-- Attachment #2: Type: text/html, Size: 1338 bytes --]
WARNING: multiple messages have this Message-ID (diff)
From: Linus Torvalds <torvalds@linux-foundation.org>
To: Andrea Arcangeli <aarcange@redhat.com>
Cc: Dave Hansen <dave.hansen@intel.com>,
zhang.zhanghailiang@huawei.com, kvm@vger.kernel.org,
Pavel Emelyanov <xemul@parallels.com>,
linux-kernel@vger.kernel.org,
"Kirill A. Shutemov" <kirill@shutemov.name>,
Hugh Dickins <hughd@google.com>,
"Huangpeng (Peter)" <peter.huangpeng@huawei.com>,
qemu-devel@nongnu.org,
Sanidhya Kashyap <sanidhya.gatech@gmail.com>,
linux-mm@kvack.org, Andres Lagar-Cavilla <andreslc@google.com>,
Mel Gorman <mgorman@suse.de>,
Johannes Weiner <hannes@cmpxchg.org>,
Paolo Bonzini <pbonzini@redhat.com>,
Andrew Morton <akpm@linux-foundation.org>,
Andy Lutomirski <luto@amacapital.net>,
"Dr. David Alan Gilbert" <dgilbert@redhat.com>,
Peter Feiner <pfeiner@google.com>
Subject: Re: [Qemu-devel] [PATCH 1/7] userfaultfd: require UFFDIO_API before other ioctls
Date: Mon, 15 Jun 2015 08:11:50 -1000 [thread overview]
Message-ID: <CA+55aFzdZJw7Ot7=PYyyskNhkv=H+NPzoF6rKtb6oMyzkuQ-=Q@mail.gmail.com> (raw)
In-Reply-To: <1434388931-24487-2-git-send-email-aarcange@redhat.com>
[-- Attachment #1: Type: text/plain, Size: 990 bytes --]
On Jun 15, 2015 7:22 AM, "Andrea Arcangeli" <aarcange@redhat.com> wrote:
>
> + if (cmd != UFFDIO_API) {
> + if (ctx->state == UFFD_STATE_WAIT_API)
> + return -EINVAL;
> + BUG_ON(ctx->state != UFFD_STATE_RUNNING);
> + }
NAK.
Once again: we don't add BUG_ON() as some kind of assert. If your
non-critical code has s bug in it, you do WARN_ONCE() and you return. You
don't kill the machine just because of some "this can't happen" situation.
It turns out "this can't happen" happens way too often, just because code
changes, or programmers didn't think all the cases through. And killing the
machine is just NOT ACCEPTABLE.
People need to stop adding machine-killing checks to code that just doesn't
merit killing the machine.
And if you are so damn sure that it really cannot happen ever, then you
damn well had better remove the test too!
BUG_ON is not a debugging tool, or a "I think this would be bad" helper.
Linus
[-- Attachment #2: Type: text/html, Size: 1338 bytes --]
next prev parent reply other threads:[~2015-06-15 18:11 UTC|newest]
Thread overview: 52+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-06-15 17:22 [PATCH 0/7] userfault21 update Andrea Arcangeli
2015-06-15 17:22 ` [Qemu-devel] " Andrea Arcangeli
2015-06-15 17:22 ` Andrea Arcangeli
2015-06-15 17:22 ` [PATCH 1/7] userfaultfd: require UFFDIO_API before other ioctls Andrea Arcangeli
2015-06-15 17:22 ` [Qemu-devel] " Andrea Arcangeli
2015-06-15 17:22 ` Andrea Arcangeli
2015-06-15 18:11 ` Linus Torvalds [this message]
2015-06-15 18:11 ` [Qemu-devel] " Linus Torvalds
2015-06-15 21:43 ` Andrea Arcangeli
2015-06-15 21:43 ` [Qemu-devel] " Andrea Arcangeli
2015-06-15 21:43 ` Andrea Arcangeli
2015-06-15 21:55 ` Linus Torvalds
2015-06-15 21:55 ` [Qemu-devel] " Linus Torvalds
2015-06-15 17:22 ` [PATCH 2/7] userfaultfd: propagate the full address in THP faults Andrea Arcangeli
2015-06-15 17:22 ` [Qemu-devel] " Andrea Arcangeli
2015-06-15 17:22 ` Andrea Arcangeli
2015-06-15 17:22 ` [PATCH 3/7] userfaultfd: allow signals to interrupt a userfault Andrea Arcangeli
2015-06-15 17:22 ` [Qemu-devel] " Andrea Arcangeli
2015-06-15 17:22 ` Andrea Arcangeli
2015-06-15 17:22 ` [PATCH 4/7] userfaultfd: avoid missing wakeups during refile in userfaultfd_read Andrea Arcangeli
2015-06-15 17:22 ` [Qemu-devel] " Andrea Arcangeli
2015-06-15 17:22 ` Andrea Arcangeli
2015-06-15 17:22 ` [PATCH 5/7] userfaultfd: switch to exclusive wakeup for blocking reads Andrea Arcangeli
2015-06-15 17:22 ` [Qemu-devel] " Andrea Arcangeli
2015-06-15 17:22 ` Andrea Arcangeli
2015-06-15 18:19 ` Linus Torvalds
2015-06-15 18:19 ` [Qemu-devel] " Linus Torvalds
2015-06-15 22:19 ` Andrea Arcangeli
2015-06-15 22:19 ` [Qemu-devel] " Andrea Arcangeli
2015-06-15 22:19 ` Andrea Arcangeli
2015-06-16 6:41 ` Linus Torvalds
2015-06-16 6:41 ` [Qemu-devel] " Linus Torvalds
2015-06-16 6:41 ` Linus Torvalds
2015-06-16 12:17 ` Andrea Arcangeli
2015-06-16 12:17 ` [Qemu-devel] " Andrea Arcangeli
2015-06-16 12:17 ` Andrea Arcangeli
2015-06-15 17:22 ` [PATCH 6/7] userfaultfd: Revert "userfaultfd: waitqueue: add nr wake parameter to __wake_up_locked_key" Andrea Arcangeli
2015-06-15 17:22 ` [Qemu-devel] " Andrea Arcangeli
2015-06-15 17:22 ` Andrea Arcangeli
2015-06-15 17:22 ` [PATCH 7/7] userfaultfd: selftest Andrea Arcangeli
2015-06-15 17:22 ` [Qemu-devel] " Andrea Arcangeli
2015-06-15 17:22 ` Andrea Arcangeli
2015-10-12 15:04 ` [PATCH 0/7] userfault21 update Patrick Donnelly
2015-10-12 15:04 ` [Qemu-devel] " Patrick Donnelly
2015-10-12 15:04 ` Patrick Donnelly
2015-10-19 21:42 ` Andrea Arcangeli
2015-10-19 21:42 ` [Qemu-devel] " Andrea Arcangeli
2015-10-19 21:42 ` Andrea Arcangeli
2015-10-19 21:42 ` Andrea Arcangeli
2015-10-20 13:44 ` Patrick Donnelly
2015-10-20 13:44 ` [Qemu-devel] " Patrick Donnelly
2015-10-20 13:44 ` Patrick Donnelly
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CA+55aFzdZJw7Ot7=PYyyskNhkv=H+NPzoF6rKtb6oMyzkuQ-=Q@mail.gmail.com' \
--to=torvalds@linux-foundation.org \
--cc=aarcange@redhat.com \
--cc=akpm@linux-foundation.org \
--cc=andreslc@google.com \
--cc=dave.hansen@intel.com \
--cc=dgilbert@redhat.com \
--cc=hannes@cmpxchg.org \
--cc=hughd@google.com \
--cc=kirill@shutemov.name \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=luto@amacapital.net \
--cc=mgorman@suse.de \
--cc=pbonzini@redhat.com \
--cc=peter.huangpeng@huawei.com \
--cc=pfeiner@google.com \
--cc=qemu-devel@nongnu.org \
--cc=riel@redhat.com \
--cc=sanidhya.gatech@gmail.com \
--cc=xemul@parallels.com \
--cc=zhang.zhanghailiang@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.