Re: [PATCH v2 01/17] powerpc/mm: Don't BUG() in hugepd_page()

From: Christophe Leroy
Date: Thu May 02 2019 - 08:11:41 EST

Le 02/05/2019 Ã 14:02, Michael Ellerman a ÃcritÂ:
Christophe Leroy <christophe.leroy@xxxxxx> writes:
Use VM_BUG_ON() instead of BUG_ON(), as those BUG_ON()
are not there to catch runtime errors but to catch errors
during development cycle only.

I've dropped this one and the next, because I don't like VM_BUG_ON().

Why not? Because it's contradictory. It's a condition that's so
important that we should BUG, but only if the kernel has been built
specially for debugging.

I don't really buy the development cycle distinction, it's not like we
have a rigorous test suite that we run and then we declare everything's
gold and ship a product. We often don't find bugs until they're hit in
the wild.

For example the recent corruption Joel discovered with STRICT_KERNEL_RWX
could have been caught by a BUG_ON() to check we weren't patching kernel
text in radix__change_memory_range(), but he wouldn't have been using
CONFIG_DEBUG_VM. (See 8adddf349fda)

I know Aneesh disagrees with me on this, so maybe you two can convince
me otherwise.

I have no strong oppinion about this. In v1, I replaced them with a WARN_ON(), and Aneesh suggested to go with VM_BUG_ON() instead.

My main purpose was to reduce the amount of BUG/BUG_ON and I thought those were good candidates, but if you prefer keeping the BUG(), that's ok for me. Or maybe you prefered v1 alternatives (series at ?