Date: Sun, 25 Nov 2012 14:09:00 +0000 From: Attilio Rao <attilio@freebsd.org> To: Pawel Jakub Dawidek <pjd@freebsd.org> Cc: "freebsd-hackers@freebsd.org" <freebsd-hackers@freebsd.org>, Adrian Chadd <adrian@freebsd.org>, Giovanni Trematerra <giovanni.trematerra@gmail.com>, freebsd-arch@freebsd.org Subject: Re: [RFQ] make witness panic an option Message-ID: <CAJ-FndDEPZNq10hpwFkFWRXoM1HXFNaOAkhhRoYvTjmQ8n2L-g@mail.gmail.com> In-Reply-To: <20121125140620.GL1460@garage.freebsd.pl> References: <CAJ-Vmo=i=Amo_QqHi4GnGie0Gc0YnK3XaRKjvBO-=SFboFYPmA@mail.gmail.com> <CACfq090EiEiG7Ou2ZMUafWN6GLT9RNK1Q4tiOHnOBWe8GYJDjA@mail.gmail.com> <CAJ-VmonE3myRyeZ%2BAe0ZOXf7wKvC44rRVkFfDaEwnk8C-=5uoA@mail.gmail.com> <CAJ-FndCZPand_rx_uXUeetGMUZu1syGwjdFS7jv9BwdzuXvXOA@mail.gmail.com> <20121125123920.GI1460@garage.freebsd.pl> <CAJ-FndCnfqG4b_StS26WcPT-RhAhvJOOVryJ7rhi__y8Xkr92g@mail.gmail.com> <20121125131252.GJ1460@garage.freebsd.pl> <CAJ-FndAfCYmV7UawgxeKUMRaWaj%2B4XzVEUrxXnCC73sstJUqqg@mail.gmail.com> <20121125134743.GK1460@garage.freebsd.pl> <CAJ-FndDxTf3pEQ5S5TyJTh3rDSnErcsvZzGwyWwChD_d81uVoQ@mail.gmail.com> <20121125140620.GL1460@garage.freebsd.pl>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Nov 25, 2012 at 2:06 PM, Pawel Jakub Dawidek <pjd@freebsd.org> wrote: > On Sun, Nov 25, 2012 at 01:48:23PM +0000, Attilio Rao wrote: >> On Sun, Nov 25, 2012 at 1:47 PM, Pawel Jakub Dawidek <pjd@freebsd.org> wrote: >> > On Sun, Nov 25, 2012 at 01:37:19PM +0000, Attilio Rao wrote: >> >> On Sun, Nov 25, 2012 at 1:12 PM, Pawel Jakub Dawidek <pjd@freebsd.org> wrote: >> >> > On Sun, Nov 25, 2012 at 12:42:16PM +0000, Attilio Rao wrote: >> >> >> On Sun, Nov 25, 2012 at 12:39 PM, Pawel Jakub Dawidek <pjd@freebsd.org> wrote: >> >> >> > WITNESS is a development tool. We don't ship production kernels with >> >> >> > WITNESS even compiled in. What is more efficient use of developer time: >> >> >> > going through full reboot cycle every time or reading the warning from >> >> >> > console, unloading a module, fixing the bug and loading it again? >> >> >> > >> >> >> > And if this option is turned off by default what is the problem? >> >> >> >> >> >> Yes, so, why do you write here? >> >> > >> >> > I'm trying to understand why do you object. Until now the only concern >> >> > you have that I found is that you are afraid of it being abused. I don't >> >> > see how this can be abused if it is turned off by default. If someone >> >> > will commit a change that will turn it on by default, believe me, I'll >> >> > unleash hell personally. >> >> >> >> So I don't understand what are you proposing. >> >> You are not proposing to switch BLESSING on and you are not proposing >> >> to import Adrian's patches in, if I get it correctly. I don't >> >> understand then. >> > >> > I propose to get Adrian's patches in, just leave current behaviour as >> > the default. >> >> So if I tell that I'm afraid this mechanism will be abused (and >> believe me, I really wanted to trimm out BLESSING stuff also for the >> same reason) and you say "you can't see how" there is not much we can >> discuss. > > This is not what I said. I would see it as abuse if someone will > suddenly decided to turn off locking assertions by default in FreeBSD > base. > > If he will turn that off on his private machine be it to speed up his > development (a good thing) or to shut up important lock assertion (a bad > thing) this is entirely his decision. He can already do that having all > the source code, its just more complex. Make tools, not policies. > > BLESSING is totally different subject. You were afraid that people will > start to silence LORs they don't understand by committing blessed pairs > to FreeBSD base. And this situation is abuse and I fully agree, but I > also still think BLESSING is useful, although I recognize it might be > hard to prevent mentioned abuse. > > In case of Adrian's patch nothing will change in how we enforce locking > assertions in FreeBSD base. > >> You know how I think, there is no need to wait for me to reconsider, >> because I don't believe this will happen with arguments like "I don't >> think", "I don't agree", etc. > > I provide valid arguments with I hope proper explanation, you choose not > to address them or ignore them and I hope this will change:) I'm not ignoring them, I'm saying that your arguments are not enough convincing to me. And really, giving the possibility to turn off assertions in witness is already a dangerous tool I want to avoid (not only related to BLESSING). If there are some cases that deserve a panic, we might just get it, not matter how sysctls are setup. However it seems to me I'm just saying the same thing since 20 e-mails, please drop me from CC in your next follow up. As I said, you can commit all the changes you want (assuming they are technically correct) even if I would appreciate my disagreement is expressed in the commit message. Attilio -- Peace can only be achieved by understanding - A. Einstein
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAJ-FndDEPZNq10hpwFkFWRXoM1HXFNaOAkhhRoYvTjmQ8n2L-g>