[PATCH] debug: Deprecate BUG_ON() use in new code, introduce CRASH_ON()

From: Ingo Molnar
Date: Mon Jun 08 2015 - 03:01:43 EST

Next message: Peter Zijlstra: "Re: [PATCH 0/3] : Fixes to make /proc/sched_debug better"
Previous message: Javier Martinez Canillas: "Re: [RESEND 1/2] usb: ehci-exynos: Make provision for vdd regulators"
Next in thread: Ingo Molnar: "[PATCH] debug: Deprecate BUG_ON() use in new code, introduce CRASH_ON()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

So people still keep adding random BUG_ON() lines, as a mistaken practice
to put asserts that will never trigger, into supposedly perfect kernel code.

So such BUG_ON()s should either not be added, because the code is truly
perfect, or if there's a chance that it's imperfect, use WARN_ON() instead
and limp along, in the hope of getting some debug information back from
the user.

Using BUG_ON() will just hang or reboot most systems, with no useful
feedback provided. It's as user hostile as it gets.

Add a checkpatch rule that warns against new BUG_ON() uses:

WARNING: Using BUG_ON() is generally wrong, use WARN_ON() instead - or CRASH_ON() if the kernel absolutely must crash.

CRASH_ON() can be used in code that must absolutely crash right then,
in the very rare case where there's no way the system can be allowed
to continue execution.

It should be used sparingly, and its name will hopefully achieve this.

Signed-off-by: Ingo Molnar <mingo@xxxxxxxxxx>
---
include/asm-generic/bug.h | 7 +++++++
scripts/checkpatch.pl | 6 ++++++
2 files changed, 13 insertions(+)

diff --git a/include/asm-generic/bug.h b/include/asm-generic/bug.h
index 630dd2372238..c6424723277b 100644
--- a/include/asm-generic/bug.h
+++ b/include/asm-generic/bug.h
@@ -165,6 +165,13 @@ extern void warn_slowpath_null(const char *file, const int line);
#define WARN_TAINT(condition, taint, format...) WARN(condition, format)
#define WARN_TAINT_ONCE(condition, taint, format...) WARN(condition, format)

+/*
+ * BUG_ON() is deprecated, use either one of the WARN_ON() variants,
+ * or if it's absolutely unavoidable to crash the system due to
+ * some grave condition, use CRASH_ON():
+ */
+#define CRASH_ON(condition) BUG_ON(condition)
+
#endif

/*
diff --git a/scripts/checkpatch.pl b/scripts/checkpatch.pl
index 89b1df4e72ab..6e0887057398 100755
--- a/scripts/checkpatch.pl
+++ b/scripts/checkpatch.pl
@@ -5414,6 +5414,12 @@ sub process {
"Using $1 should generally have parentheses around the comparison\n" . $herecurr);
}

+# check for use of BUG_ON()
+ if ($line =~ /\bBUG_ON\s*\(/) {
+ WARN("BUG_ON",
+ "Using BUG_ON() is generally wrong, use WARN_ON() instead - or CRASH_ON() if the kernel absolutely must crash.\n" . $herecurr);
+ }
+
# whine mightly about in_atomic
if ($line =~ /\bin_atomic\s*\(/) {
if ($realfile =~ m@^drivers/@) {
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Peter Zijlstra: "Re: [PATCH 0/3] : Fixes to make /proc/sched_debug better"
Previous message: Javier Martinez Canillas: "Re: [RESEND 1/2] usb: ehci-exynos: Make provision for vdd regulators"
Next in thread: Ingo Molnar: "[PATCH] debug: Deprecate BUG_ON() use in new code, introduce CRASH_ON()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]