[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAHk-=wh3_NkjfHmhTSMsHVxVji1+Fp_f_SByFRspR+KW4uqWWQ@mail.gmail.com>
Date: Sun, 8 Nov 2020 10:04:35 -0800
From: Linus Torvalds <torvalds@...ux-foundation.org>
To: Thomas Gleixner <tglx@...utronix.de>
Cc: Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
"the arch/x86 maintainers" <x86@...nel.org>
Subject: Re: [GIT pull] locking/urgent for 5.10-rc3
On Sun, Nov 8, 2020 at 7:24 AM Thomas Gleixner <tglx@...utronix.de> wrote:
>
> A single fix for the futex code where an intermediate state in the
> underlying RT mutex was not handled correctly and triggering a BUG()
> instead of treating it as another variant of retry condition.
I'd just like to point out that the old code was *exactly* the kind of
code that I've been ranting about forever.
BUG_ON() is not a debug aid. If it's a "cannot happen" condition, you
don't write any code for it at all. And if it's a "I'm not sure this
cannot happen", you either handle it (like this patch does), or you do
a "WARN_ON()" with proper cleanup.
Using BUG_ON() is never the right thing to do, unless you can explain
why the condition is some kind of fatal corruption thing where you
cannot do cleanup, and cannot just ignore it.
And so often - and this case doesn't look different - a BUG_ON() will
cause serious kernel issues, including locks held that may well cause
fundamental problems downstream for users even reporting the BUG to
anybody else.
This particular BUG_ON seems to be three years old, so clearly very
hard to hit. Or possibly very hard to report? Regardless, please
people, keep the whole "BUG_ON() is evil and wrong" in mind.
Linus
Powered by blists - more mailing lists