From owner-svn-src-head@freebsd.org Sun Nov 5 18:54:10 2017 Return-Path: Delivered-To: svn-src-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A29D0E4E207 for ; Sun, 5 Nov 2017 18:54:10 +0000 (UTC) (envelope-from oliver.pinter@hardenedbsd.org) Received: from mail-wm0-x22e.google.com (mail-wm0-x22e.google.com [IPv6:2a00:1450:400c:c09::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 2121B6564B for ; Sun, 5 Nov 2017 18:54:10 +0000 (UTC) (envelope-from oliver.pinter@hardenedbsd.org) Received: by mail-wm0-x22e.google.com with SMTP id r196so9896788wmf.2 for ; Sun, 05 Nov 2017 10:54:10 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hardenedbsd-org.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=8KwC8Ze6+eiO2ksoVfJOgVIjPEwS1/b0DpRaoZnWkFw=; b=iAsUfiBHQPF4isIvU+JCguZQY2ItnK8n273tB0m/uBo356lvzG1KUb+qnepSwvxVQK N6JyjaassxThIzsKU9uTu9S+hoKm6yxQCxXHmfP4xBLC9W7gp/1SW/JMsmdmHtm7K84u VkFzDuMSoQcM+PBFJjkWICx3+OTDF+TWUhjHhsM1Bstd/3XVEic4A854Q1rKxpyg3XSO mbMH8TGcxK8kYM/N16MjypFHrjipjiLSOcblKX1m+2m61Kakbg+vT2Q/zSWRUlQfliRJ Fd0T0HJsV3BoMlMz9NXQdQ1otHQXZCn8paGN4Mz+NhBWb6/qjwO3WA1deNSiR/dcAOPR q0NA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=8KwC8Ze6+eiO2ksoVfJOgVIjPEwS1/b0DpRaoZnWkFw=; b=cn2WojSPhHrQR2SAnVvpQmVKcazXQC8xIp+38KVPkhlVdnxVvfKvTLC+WwNaNs3a3r CwddZows/4FseWRi/Ky5Zb1U+S+LxbpM8pagebVCpsrYmLiBhDL31RMQM1yymXHx803b Dkc6IyQFx/9CN6i81npnmByJ2rjC9SC9F+upqOHcMPNPzxSeoQTCAgP2h+6N/eov1ZOG LhQHqb9m+4CKLSmTxu7EsNgh3pSoWzkJ1ykEWesIRZowr8ms6IQqtSyWa3+NpQ2OLFHN L+Ol1Tr6TgsAGj18lfgdqWoubvn4jnjLjyTX8cMtMHWlEjubrbNWVF5+l3S03ReLe8w3 Tmaw== X-Gm-Message-State: AMCzsaU2NCUKTWlWWcj1ZtSK6GrnAWPsjgYmKoXEo4oHU8NN220Pym8X NHkC6g2W6idpqxHXbbJsXN0QeKucdkwzCMOANV+okQ== X-Google-Smtp-Source: ABhQp+Ss/6GiOapTG/Kzbp5l0rx61F+Py3daulet1JhL8MfHaZAQ3EdT3ZW7kyWPXNhp1/TA60ShVzRlqKU2X6uIbGU= X-Received: by 10.80.222.130 with SMTP id c2mr17396901edl.218.1509908048548; Sun, 05 Nov 2017 10:54:08 -0800 (PST) MIME-Version: 1.0 Received: by 10.80.135.21 with HTTP; Sun, 5 Nov 2017 10:54:08 -0800 (PST) In-Reply-To: References: <201711041049.vA4AnZUE096709@repo.freebsd.org> <20171105130607.GA2566@kib.kiev.ua> <20171105173032.GE2566@kib.kiev.ua> From: Oliver Pinter Date: Sun, 5 Nov 2017 19:54:08 +0100 Message-ID: Subject: Re: svn commit: r325386 - head/sys/kern To: Warner Losh Cc: "Conrad E. Meyer" , Konstantin Belousov , "svn-src-head@freebsd.org" , "svn-src-all@freebsd.org" , src-committers Content-Type: text/plain; charset="UTF-8" X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 05 Nov 2017 18:54:10 -0000 On 11/5/17, Warner Losh wrote: > On Sun, Nov 5, 2017 at 11:32 AM, Conrad Meyer wrote: > >> E.g., >> >> --- a/sys/ufs/ffs/ffs_alloc.c >> +++ b/sys/ufs/ffs/ffs_alloc.c >> @@ -304,8 +304,7 @@ retry: >> } >> >> if (bp->b_blkno == bp->b_lblkno) { >> - if (lbprev >= UFS_NDADDR) >> - panic("ffs_realloccg: lbprev out of range"); >> + ASSERT(lbprev < UFS_NDADDR, "ffs_realloccg: lbprev out >> of range"); >> bp->b_blkno = fsbtodb(fs, bprev); >> } >> > > Just a side point: All these should be programming errors. Yes, they are programming errors, but the INVATIANTS and all of the debugging kernel facilities are disabled on -STABLE branches, and no one (except us) running on system with enabled debug stuffs. So it would be nice to enable the debug facilities on -STABLE branches and disable them on -RELENG branch time. There was always several errors / patch, which could be catch. Now I don't want to search for them, but I uptreamed them one or two years ago. > The bogus data > that comes or could come from the FS itself should remain always-on panics. > Well, actually, they should transition from always-on panics to some sort > of degraded mount that would be more resilient in the face of such > corruption. But failing that, they should remain always-on panics :) > > Warner > > > >> On Sun, Nov 5, 2017 at 9:30 AM, Konstantin Belousov >> wrote: >> > On Sun, Nov 05, 2017 at 09:16:28AM -0800, Conrad Meyer wrote: >> >> On Sun, Nov 5, 2017 at 5:06 AM, Konstantin Belousov < >> kostikbel@gmail.com> wrote: >> >> > On Sat, Nov 04, 2017 at 12:04:56PM -0700, Conrad Meyer wrote: >> >> >> This is a functional change, because MPASS (via KASSERT) is only >> >> >> enabled on DEBUG kernels. Ideally we would have a kind of ASSERT >> that >> >> >> worked on NODEBUG kernels. >> >> > Why would we need such thing ? >> >> > >> >> > Our conventions are clear: consistency checks are normally done with >> >> > KASSERT() and enabled for DEBUG (INVARIANTS or harder) >> >> > configurations. >> >> > We only leave explicit panics in the production kernels when there >> >> > continuation of operations is worse then abort, e.g. when UFS >> >> > detects >> >> > the metadata corruption. >> >> >> >> An always-on assert construct would be precisely for the latter >> >> scenario. Instead, we litter the tree with "if (!invariant) { >> >> panic(); }." >> > We do >> > >> > #ifdef INVARIANTS >> > if (!condition) panic(); >> > #endif >> > >> > I do not understand what do you mean by 'instead'. >> >> > _______________________________________________ > svn-src-head@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/svn-src-head > To unsubscribe, send any mail to "svn-src-head-unsubscribe@freebsd.org" >