From owner-svn-src-head@FreeBSD.ORG Wed Dec 12 22:15:26 2012 Return-Path: Delivered-To: svn-src-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 3700CF32; Wed, 12 Dec 2012 22:15:26 +0000 (UTC) (envelope-from adrian.chadd@gmail.com) Received: from mail-we0-f182.google.com (mail-we0-f182.google.com [74.125.82.182]) by mx1.freebsd.org (Postfix) with ESMTP id C83198FC0A; Wed, 12 Dec 2012 22:15:24 +0000 (UTC) Received: by mail-we0-f182.google.com with SMTP id u54so567903wey.13 for ; Wed, 12 Dec 2012 14:15:23 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type; bh=yyijKWTqY9HV2HPXTuWRcDOzCeE5SiZxLBLqf52XBYs=; b=lY3jTF1QE86nEZunYmsRf0/evGIqJZo+XKbZlmuPG9zF+QVEfdnEMtgPSkvjpI1ibF nSXEyshFQ/haK9ltPwrw891RBCuqS45mPYexWGmjz0/PrmyKZVtmeZ6mYEtoVVzRzGtt SH0GX37SMgJ5p9kFrrI+CDijuW8n4OXaoWvW3EiNiaVKXhWVeZnH3WdKw3Yc1yS4xw4j MGdQ8Sk796ih1MCLEB7135O48ZabXGI68m4W1yjRhbuLd7Hbg7qbVwxhyrkxk11nwE9o F6ZtpTT8RaBz6/nohTy5kn6MwbntG6mtpDDJ185npirrqbAyoQfgUpPz9ydjwCv1wA/z Kkww== MIME-Version: 1.0 Received: by 10.180.24.4 with SMTP id q4mr25293854wif.19.1355350523804; Wed, 12 Dec 2012 14:15:23 -0800 (PST) Sender: adrian.chadd@gmail.com Received: by 10.217.57.9 with HTTP; Wed, 12 Dec 2012 14:15:23 -0800 (PST) In-Reply-To: <201212121658.49048.jhb@freebsd.org> References: <201212110708.qBB78EWx025288@svn.freebsd.org> <201212121046.43706.jhb@freebsd.org> <201212121658.49048.jhb@freebsd.org> Date: Wed, 12 Dec 2012 14:15:23 -0800 X-Google-Sender-Auth: 2JhGvDMng89EICCqRRmX8fv5n38 Message-ID: Subject: Re: svn commit: r244112 - head/sys/kern From: Adrian Chadd To: John Baldwin Content-Type: text/plain; charset=ISO-8859-1 Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org, Alfred Perlstein , src-committers@freebsd.org X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 12 Dec 2012 22:15:26 -0000 On 12 December 2012 13:58, John Baldwin wrote: >> Anything which is a KASSERT() can and should be treated as a run-time >> warning just as much as a run-time "crash here so I can figure out >> what broke." Having the warning in a production box is going to be >> helpful for developers. > > Hmmm, I'll have to chew on this. Adding lots of returns because panic's are > now no longer dead2 was why I ended up backing the removal of the > RESTARTABLE_PANICS option. Yes, for panic() as it stands it should just do that - panic. We should likely go over the panic()s and replace them with kassert+handle gracefully wherever its appropriate (there are a few places in net80211 for example that I'd like to do this.) But you're right. For panic(), the rest of the code likely doesn't handle or continue gracefully, so we shouldn't automatically disable them. But this is about KASSERT(). Alfred mixed this in with witness "non panic" mode, which I think is what's confusing people. > I'm inclined to say that it's really bad to let a kernel known to be in a > bad state continue, and that if someone has asked for the slowdown of all > the extra checks INVARIANTS adds, they might as well minimize the chance for > data corruption by having the kernel stop as soon as a problem is detected. Right, but that should be an option. It'd be nice if we were able to dump out some system state when an invariant condition or witness issue was hit (like a mini scripted ddb dump - say, log things like the current lock state) but then continue. > (Note that the primary reason I know for people not running with INVARIANTS > enabled is not that they don't want panics, but that they don't want the > performance hit.) Well, it would be nice to be able to enable invariants on some shipping "debug" versions of images in order to gather more data without crashing the kernel. Adrian