[PATCH, re-send] Always trap on BUG()

Russell King - ARM Linux linux at arm.linux.org.uk
Mon Jul 15 18:47:59 EDT 2013 

On Mon, Jul 15, 2013 at 03:35:16PM -0700, H. Peter Anvin wrote:
> On 07/15/2013 03:27 PM, Russell King - ARM Linux wrote:
> > On Mon, Jul 15, 2013 at 03:16:12PM -0700, Andrew Morton wrote:
> >> I've been thinking for a while that CONFIG_BUG=n is a pretty dumb thing
> >> to do, and that maintaining it (and trying to fix the warnings it
> >> produces) aren't worth the effort and that we should remove the whole
> >> thing.  Perhaps your patch changes that calculus, dunno.  Please discuss.
> > 
> > This isn't about introducing "CONFIG_BUG=n" - this is about making a
> > kernel with CONFIG_BUG=n build without producing tonnes and tonnes of
> > warnings, as it does today.  It makes building randconfig pretty
> > useless to find what could be more important warnings.
> > 
> 
> Well, there are three alternatives here, right:

There's many more than three alternatives - some of them may not pass
your taste filter.

> 1. We can use unreachable(), which means that the compiler can assume it
> never happens.

Arnd tried that... see the commit message for the build results from
that.  Arnd included a whole boat-load of other solutions to this
problem and documented the build results there too.

What this actually means in reality is that you're giving permission for
the CPU to run off the end of a function and start executing whatever it
finds there - which could be literal tables.  That might cause some
memory to be corrupted but otherwise go by unnoticed until very much
later.

Infinite while loops on the other hand... probably a single instruction,
but if we're using a single instruction why not make it trap with an
exception anyway so that the system can panic() and maybe reboot without
needing to wait for the watchdog?

> 2. We can trap without metadata.
> 
> 3. We can trap with metadata (current CONFIG_BUG=y).
> 
> I am *guessing* this does 2, but it isn't clear.

That is what this paragraph in Arnd's mail conveys to me:

  This basically loses any of the BUG() reporting, but leaves the
  logic to trap and kill the task in place when CONFIG_BUG is disabled.

More information about the linux-arm-kernel mailing list