From: Greg KH <gregkh@linuxfoundation.org>
To: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Cc: Alex Elder <elder@linaro.org>,
corbet@lwn.net, workflows@vger.kernel.org,
linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH] Documentation: coding-style: don't encourage WARN*()
Date: Mon, 15 Apr 2024 07:21:37 +0200 [thread overview]
Message-ID: <2024041503-affidavit-stopwatch-72d7@gregkh> (raw)
In-Reply-To: <20240414194835.GA12561@pendragon.ideasonboard.com>
On Sun, Apr 14, 2024 at 10:48:35PM +0300, Laurent Pinchart wrote:
> Hi Alex,
>
> Thank you for the patch.
>
> On Sun, Apr 14, 2024 at 12:08:50PM -0500, Alex Elder wrote:
> > Several times recently Greg KH has admonished that variants of WARN()
> > should not be used, because when the panic_on_warn kernel option is set,
> > their use can lead to a panic. His reasoning was that the majority of
> > Linux instances (including Android and cloud systems) run with this option
> > enabled. And therefore a condition leading to a warning will frequently
> > cause an undesirable panic.
> >
> > The "coding-style.rst" document says not to worry about this kernel
> > option. Update it to provide a more nuanced explanation.
> >
> > Signed-off-by: Alex Elder <elder@linaro.org>
> > ---
> > Documentation/process/coding-style.rst | 21 +++++++++++----------
> > 1 file changed, 11 insertions(+), 10 deletions(-)
> >
> > diff --git a/Documentation/process/coding-style.rst b/Documentation/process/coding-style.rst
> > index 9c7cf73473943..bce43b01721cb 100644
> > --- a/Documentation/process/coding-style.rst
> > +++ b/Documentation/process/coding-style.rst
> > @@ -1235,17 +1235,18 @@ example. Again: WARN*() must not be used for a condition that is expected
> > to trigger easily, for example, by user space actions. pr_warn_once() is a
> > possible alternative, if you need to notify the user of a problem.
> >
> > -Do not worry about panic_on_warn users
> > -**************************************
> > +The panic_on_warn kernel option
> > +********************************
> >
> > -A few more words about panic_on_warn: Remember that ``panic_on_warn`` is an
> > -available kernel option, and that many users set this option. This is why
> > -there is a "Do not WARN lightly" writeup, above. However, the existence of
> > -panic_on_warn users is not a valid reason to avoid the judicious use
> > -WARN*(). That is because, whoever enables panic_on_warn has explicitly
> > -asked the kernel to crash if a WARN*() fires, and such users must be
> > -prepared to deal with the consequences of a system that is somewhat more
> > -likely to crash.
> > +Note that ``panic_on_warn`` is an available kernel option. If it is enabled,
> > +a WARN*() call whose condition holds leads to a kernel panic. Many users
> > +(including Android and many cloud providers) set this option, and this is
> > +why there is a "Do not WARN lightly" writeup, above.
> > +
> > +The existence of this option is not a valid reason to avoid the judicious
> > +use of warnings. There are other options: ``dev_warn*()`` and ``pr_warn*()``
> > +issue warnings but do **not** cause the kernel to crash. Use these if you
> > +want to prevent such panics.
>
> Those options are not equivalent, they print a single message, which is
> much easier to ignore. WARN() is similar to -Werror in some sense, it
> pushes vendors to fix the warnings. I have used WARN() in the past to
> indicate usage of long-deprecated APIs that we were getting close to
> removing for instance. dev_warn() wouldn't have had the same effect.
If you want to reboot a box because someone called an "improper" api,
then sure, use WARN(), but that feels like a really bad idea. Just
remove the api and fix up all in-kernel users instead. Why wait?
If you want to show a traceback, then just print that out, but I've seen
that totally ignored as well, removing the api is usually the only way
to get people to actually notice, as then their builds break.
thanks,
greg k-h
next prev parent reply other threads:[~2024-04-15 5:21 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-04-14 17:08 Alex Elder
2024-04-14 19:48 ` Laurent Pinchart
2024-04-14 20:06 ` Alex Elder
2024-04-15 5:21 ` Greg KH [this message]
2024-04-15 8:25 ` Laurent Pinchart
2024-04-15 8:33 ` Greg KH
2024-04-15 8:42 ` Laurent Pinchart
2024-04-15 5:22 ` Greg KH
2024-04-15 8:07 ` Christoph Hellwig
2024-04-15 8:35 ` Greg KH
2024-04-15 8:46 ` Christoph Hellwig
2024-04-15 16:26 ` Kees Cook
2024-04-18 15:57 ` Jason Gunthorpe
2024-04-18 16:14 ` Eric Biggers
2024-04-18 17:12 ` Kees Cook
2024-04-18 22:33 ` John Hubbard
2024-04-19 7:16 ` David Hildenbrand
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2024041503-affidavit-stopwatch-72d7@gregkh \
--to=gregkh@linuxfoundation.org \
--cc=corbet@lwn.net \
--cc=elder@linaro.org \
--cc=laurent.pinchart@ideasonboard.com \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=workflows@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox