LKML Archive on lore.kernel.org
help / color / mirror / Atom feed
From: Ingo Molnar <mingo@elte.hu>
To: Steven Rostedt <rostedt@goodmis.org>
Cc: linux-kernel@vger.kernel.org,
	Thomas Gleixner <tglx@linutronix.de>,
	Peter Zijlstra <peterz@infradead.org>,
	Andrew Morton <akpm@linux-foundation.org>,
	David Miller <davem@davemloft.net>,
	Linus Torvalds <torvalds@linux-foundation.org>,
	Steven Rostedt <srostedt@redhat.com>
Subject: Re: [PATCH 1/2] ftrace: make dynamic ftrace more robust
Date: Wed, 22 Oct 2008 08:53:46 +0200	[thread overview]
Message-ID: <20081022065346.GD17485@elte.hu> (raw)
In-Reply-To: <20081021164302.399002797@goodmis.org>


* Steven Rostedt <rostedt@goodmis.org> wrote:

> +enum {
> +	FTRACE_CODE_MODIFIED,

i'd suggest to name it FTRACE_CODE_MODIFIED_OK here, to make it stand 
out from the failure codes.

> +	FTRACE_CODE_FAILED_READ,
> +	FTRACE_CODE_FAILED_CMP,
> +	FTRACE_CODE_FAILED_WRITE,

but maybe we should just use the standard kernel return codes. 0 for 
success, -EINVAL for the rest. Is there any real value to know exactly 
why it failed? We just know the modification was fishy (this is an 
exception situation), and want to stop ftrace ASAP and then print a 
warning so a kernel developer can debug it.

Complicating error handling by introducing similar-looking return code 
names just makes it easier to mess up accidentally, hence it _reduces_ 
robustness.

> --- linux-compile.git.orig/include/linux/init.h	2008-10-20 19:39:54.000000000 -0400
> +++ linux-compile.git/include/linux/init.h	2008-10-20 19:40:06.000000000 -0400
> @@ -75,15 +75,15 @@
>  
>  
>  #ifdef MODULE
> -#define __exitused
> +#define __exitused  notrace
>  #else
> -#define __exitused  __used
> +#define __exitused  __used  notrace
>  #endif
>  
>  #define __exit          __section(.exit.text) __exitused __cold
>  
>  /* Used for HOTPLUG */
> -#define __devinit        __section(.devinit.text) __cold
> +#define __devinit        __section(.devinit.text) __cold notrace
>  #define __devinitdata    __section(.devinit.data)
>  #define __devinitconst   __section(.devinit.rodata)
>  #define __devexit        __section(.devexit.text) __exitused __cold
> @@ -91,7 +91,7 @@
>  #define __devexitconst   __section(.devexit.rodata)
>  
>  /* Used for HOTPLUG_CPU */
> -#define __cpuinit        __section(.cpuinit.text) __cold
> +#define __cpuinit        __section(.cpuinit.text) __cold notrace
>  #define __cpuinitdata    __section(.cpuinit.data)
>  #define __cpuinitconst   __section(.cpuinit.rodata)
>  #define __cpuexit        __section(.cpuexit.text) __exitused __cold
> @@ -99,7 +99,7 @@
>  #define __cpuexitconst   __section(.cpuexit.rodata)
>  
>  /* Used for MEMORY_HOTPLUG */
> -#define __meminit        __section(.meminit.text) __cold
> +#define __meminit        __section(.meminit.text) __cold notrace
>  #define __meminitdata    __section(.meminit.data)
>  #define __meminitconst   __section(.meminit.rodata)
>  #define __memexit        __section(.memexit.text) __exitused __cold

there's no justification given for this in the changelog and the change 
looks fishy.

>  static void ftrace_free_rec(struct dyn_ftrace *rec)
>  {
> +	/*
> +	 * No locking, only called from kstop_machine, or
> +	 * from module unloading with module locks and interrupts
> +	 * disabled to prevent kstop machine from running.
> +	 */
> +
> +	WARN_ON(rec->flags & FTRACE_FL_FREE);

this should _NOT_ be just a WARN_ON(). It should immediately stop ftrace 
entirely, then print _one_ warning. Then it should never ever run up to 
the next reboot.

this is a basic principle for instrumentation. If we detect a bug we 
disable ourselves immediately and print a _single_ warning.

Do _not_ print possibly thousands of warnings and continue as if nothing 
happened ...

> +					/* kprobes was not the fault */
> +					ftrace_kill_atomic();

while at it, ftrace_kill_atomic() is a misnomer.

Please use something more understandable and less ambigious, like 
"ftrace_turn_off()". Both 'kill' and 'atomic' are heavily laden phrases 
used for many other things in the kernel.

And any such facility must work from any context, because we might call 
it from crash paths, etc. So dont name it _atomic() - it must obviously 
be atomic.

	Ingo

  reply	other threads:[~2008-10-22  6:54 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-10-21 16:40 [PATCH 0/2] ftrace: clean ups and sanity checks Steven Rostedt
2008-10-21 16:40 ` [PATCH 1/2] ftrace: make dynamic ftrace more robust Steven Rostedt
2008-10-22  6:53   ` Ingo Molnar [this message]
2008-10-22 11:07     ` Steven Rostedt
2008-10-22 11:28       ` Steven Rostedt
2008-10-22 11:47       ` Ingo Molnar
2008-10-22 12:07         ` Steven Rostedt
2008-10-21 16:40 ` [PATCH 2/2] ftrace: release functions from hash Steven Rostedt
2008-10-21 18:27   ` Steven Rostedt

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20081022065346.GD17485@elte.hu \
    --to=mingo@elte.hu \
    --cc=akpm@linux-foundation.org \
    --cc=davem@davemloft.net \
    --cc=linux-kernel@vger.kernel.org \
    --cc=peterz@infradead.org \
    --cc=rostedt@goodmis.org \
    --cc=srostedt@redhat.com \
    --cc=tglx@linutronix.de \
    --cc=torvalds@linux-foundation.org \
    --subject='Re: [PATCH 1/2] ftrace: make dynamic ftrace more robust' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).