From owner-svn-src-head@freebsd.org Sat May 26 19:47:09 2018 Return-Path: Delivered-To: svn-src-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 5FCBAEF41FB; Sat, 26 May 2018 19:47:09 +0000 (UTC) (envelope-from mmacy@freebsd.org) Received: from smtp.freebsd.org (unknown [IPv6:2610:1c1:1:606c::24b:4]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "smtp.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id B8AA47EC0D; Sat, 26 May 2018 19:47:08 +0000 (UTC) (envelope-from mmacy@freebsd.org) Received: from mail-it0-f44.google.com (mail-it0-f44.google.com [209.85.214.44]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) (Authenticated sender: mmacy) by smtp.freebsd.org (Postfix) with ESMTPSA id 7AE10256D6; Sat, 26 May 2018 19:47:08 +0000 (UTC) (envelope-from mmacy@freebsd.org) Received: by mail-it0-f44.google.com with SMTP id y189-v6so10650451itb.2; Sat, 26 May 2018 12:47:08 -0700 (PDT) X-Gm-Message-State: ALKqPwfg7niAVPd+jnLTcaL75kkHtjq+JlfgDTYiCu8XBxjku7MVA/cj Wrcekrstrpt2p0F4AJU2UpNNvQLNWt+U8K7QWpI= X-Google-Smtp-Source: ADUXVKJ4rOpXW3tY4cCCPd08lAkQ9qpjH1gUICHv1j9PRfbvF/N72kZe01NN1jdxxziiydvBWLIxWGJcCLqNDZFUgyM= X-Received: by 2002:a24:4455:: with SMTP id o82-v6mr6248942ita.4.1527364027787; Sat, 26 May 2018 12:47:07 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a02:85ca:0:0:0:0:0 with HTTP; Sat, 26 May 2018 12:47:07 -0700 (PDT) In-Reply-To: <954ca6de-43dd-af9a-2ab1-2786473de611@vangyzen.net> References: <201805231700.w4NH05hs047395@repo.freebsd.org> <2281830.zrSQodBeDb@ralph.baldwin.cx> <20180524044746.GX71675@FreeBSD.org> <954ca6de-43dd-af9a-2ab1-2786473de611@vangyzen.net> From: Matthew Macy Date: Sat, 26 May 2018 12:47:07 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: svn commit: r334104 - in head/sys: netinet sys To: Eric van Gyzen Cc: Gleb Smirnoff , Mateusz Guzik , "Jonathan T. Looney" , John Baldwin , src-committers , svn-src-all@freebsd.org, svn-src-head@freebsd.org Content-Type: text/plain; charset="UTF-8" X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 26 May 2018 19:47:09 -0000 I've re-edited that code twice by request by others. I will amend it again at some point to reflect this viewpoint. On Sat, May 26, 2018 at 12:44 PM, Eric van Gyzen wrote: > On 05/23/2018 23:47, Gleb Smirnoff wrote: >> >> On Thu, May 24, 2018 at 06:44:20AM +0200, Mateusz Guzik wrote: >> M> I fundamentally disagree with this part. >> M> >> M> If a known value of a given field is needed for assertion purposes, you >> M> can add (possibly conditional) code setting this specific value. It >> M> probably should not be zero if it can be helped. >> M> >> M> Conditional zeroing of the *whole* struct depending on invariants will >> M> *hide* uninitialized memory read bugs - production kernel will have >> M> whatever it happens to find, while *debug* kernel will guarantee to >> M> have all the values zeroed. In fact the flag actively combats >> redzoning. >> M> if the resulting allocation is zeroed, poisoning is actively neutered. >> M> But only if debug is enabled. >> M> >> M> That said, I find the change harmful. >> >> +1 on fundamentally disagree with M_ZERO_INVARIANTS. It makes the >> INVARIANTS-enabled kernels to crash _later_ than production kernels, >> since instead of uma_junk it places clean zeroes. > > > Matt, > > Mateusz and Gleb raise very good points. This operates contrary to the > whole idea of INVARIANTS. Please revisit this. > > Eric