From: John Hubbard <jhubbard@nvidia.com>
To: Eric Biggers <ebiggers@kernel.org>, Alex Elder <elder@linaro.org>
Cc: <corbet@lwn.net>, <gregkh@linuxfoundation.org>,
<workflows@vger.kernel.org>, <linux-doc@vger.kernel.org>,
<linux-kernel@vger.kernel.org>
Subject: Re: [PATCH] Documentation: coding-style: don't encourage WARN*()
Date: Thu, 18 Apr 2024 15:33:19 -0700 [thread overview]
Message-ID: <4149777d-d8ab-43aa-8de2-f240fee2ba2b@nvidia.com> (raw)
In-Reply-To: <20240418161430.GB2410@sol.localdomain>
On 4/18/24 9:14 AM, Eric Biggers wrote:
> On Sun, Apr 14, 2024 at 12:08:50PM -0500, Alex Elder wrote:
>> diff --git a/Documentation/process/coding-style.rst b/Documentation/process/coding-style.rst
>> index 9c7cf73473943..bce43b01721cb 100644
>> --- a/Documentation/process/coding-style.rst
>> +++ b/Documentation/process/coding-style.rst
>> @@ -1235,17 +1235,18 @@ example. Again: WARN*() must not be used for a condition that is expected
>> to trigger easily, for example, by user space actions. pr_warn_once() is a
>> possible alternative, if you need to notify the user of a problem.
>>
>> -Do not worry about panic_on_warn users
This is still[1] good advice. panic_on_warn users have made a
trade-off that works for them, but that should not mean that
all of the valid cases for WARN*() suddenly disappear. In fact,
without the WARN*() calls, panic_on_warn is a no-op, as someone
else has already pointed out.
>> -**************************************
>> +The panic_on_warn kernel option
>> +********************************
>>
>> -A few more words about panic_on_warn: Remember that ``panic_on_warn`` is an
>> -available kernel option, and that many users set this option. This is why
>> -there is a "Do not WARN lightly" writeup, above. However, the existence of
>> -panic_on_warn users is not a valid reason to avoid the judicious use
>> -WARN*(). That is because, whoever enables panic_on_warn has explicitly
>> -asked the kernel to crash if a WARN*() fires, and such users must be
>> -prepared to deal with the consequences of a system that is somewhat more
>> -likely to crash.
>> +Note that ``panic_on_warn`` is an available kernel option. If it is enabled,
>> +a WARN*() call whose condition holds leads to a kernel panic. Many users
>> +(including Android and many cloud providers) set this option, and this is
>> +why there is a "Do not WARN lightly" writeup, above.
>> +
>> +The existence of this option is not a valid reason to avoid the judicious
>> +use of warnings. There are other options: ``dev_warn*()`` and ``pr_warn*()``
>> +issue warnings but do **not** cause the kernel to crash. Use these if you
>> +want to prevent such panics.
>>
>
> Nacked-by: Eric Biggers <ebiggers@google.com>
Yes. I agree with this NAK.
>
> WARN*() are for recoverable assertions, i.e. situations where the condition
> being true can only happen due to a kernel bug but where they can be recovered
> from (unlike BUG*() which are for unrecoverable situations). The people who use
> panic_on_warn *want* the kernel to crash when such a situation happens so that
> the underlying issue can be discovered and fixed. That's the whole point.
>
> Also, it's not true that "Android" sets this option. It might be the case that
> some individual Android OEMs have decided to use it for some reason (they do
> have the ability to customize their kernel command line, after all). It's
> certainly not used by default or even recommended.
>
> - Eric
>
[1] https://lore.kernel.org/lkml/0db131cf-013e-6f0e-c90b-5c1e840d869c@nvidia.com/T/#md6836102150ac1e6265569aad55a692e3af75f34
thanks,
--
John Hubbard
NVIDIA
next prev parent reply other threads:[~2024-04-18 22:33 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-04-14 17:08 Alex Elder
2024-04-14 19:48 ` Laurent Pinchart
2024-04-14 20:06 ` Alex Elder
2024-04-15 5:21 ` Greg KH
2024-04-15 8:25 ` Laurent Pinchart
2024-04-15 8:33 ` Greg KH
2024-04-15 8:42 ` Laurent Pinchart
2024-04-15 5:22 ` Greg KH
2024-04-15 8:07 ` Christoph Hellwig
2024-04-15 8:35 ` Greg KH
2024-04-15 8:46 ` Christoph Hellwig
2024-04-15 16:26 ` Kees Cook
2024-04-18 15:57 ` Jason Gunthorpe
2024-04-18 16:14 ` Eric Biggers
2024-04-18 17:12 ` Kees Cook
2024-04-18 22:33 ` John Hubbard [this message]
2024-04-19 7:16 ` David Hildenbrand
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4149777d-d8ab-43aa-8de2-f240fee2ba2b@nvidia.com \
--to=jhubbard@nvidia.com \
--cc=corbet@lwn.net \
--cc=ebiggers@kernel.org \
--cc=elder@linaro.org \
--cc=gregkh@linuxfoundation.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=workflows@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox