LKML Archive on lore.kernel.org
help / color / mirror / Atom feed
From: Ingo Molnar <mingo@elte.hu>
To: Steven Rostedt <rostedt@goodmis.org>
Cc: linux-kernel@vger.kernel.org,
	Thomas Gleixner <tglx@linutronix.de>,
	Peter Zijlstra <peterz@infradead.org>,
	Andrew Morton <akpm@linux-foundation.org>,
	David Miller <davem@davemloft.net>,
	Linus Torvalds <torvalds@linux-foundation.org>,
	Steven Rostedt <srostedt@redhat.com>
Subject: Re: [PATCH 1/2] ftrace: make dynamic ftrace more robust
Date: Wed, 22 Oct 2008 13:47:53 +0200	[thread overview]
Message-ID: <20081022114753.GC8095@elte.hu> (raw)
In-Reply-To: <alpine.DEB.1.10.0810220658380.21358@gandalf.stny.rr.com>


* Steven Rostedt <rostedt@goodmis.org> wrote:

> > i'd suggest to name it FTRACE_CODE_MODIFIED_OK here, to make it 
> > stand out from the failure codes.
> > 
> > > +	FTRACE_CODE_FAILED_READ,
> > > +	FTRACE_CODE_FAILED_CMP,
> > > +	FTRACE_CODE_FAILED_WRITE,
> > 
> > but maybe we should just use the standard kernel return codes. 0 for 
> > success, -EINVAL for the rest. Is there any real value to know 
> > exactly why it failed? We just know the modification was fishy (this 
> > is an exception situation), and want to stop ftrace ASAP and then 
> > print a warning so a kernel developer can debug it.
> 
> Yes it is important to know the reason of failure, since it helps with 
> diagnosing the issue.

we have everything we need: a warning message. We only add "reason 
debugging" _if and only if_ problems are so frequent in an area of code 
that it's absolutely needed. Otherwise we just fix the bugs, whenever 
they happen.

> > Complicating error handling by introducing similar-looking return 
> > code names just makes it easier to mess up accidentally, hence it 
> > _reduces_ robustness.
> 
> I had in mind for 2.6.29 that I would let an arch add another 
> non-error code that says, "FAIL NICELY". [...]

no ... you are really thinking about robustness in the wrong way.

This code runs in the deepest guts of the kernel and hence is playing 
with fire and it must be absolutely robust. Not 'nicely diagnosable', 
not 'fail nicely'. But utterly robust in stopping whatever it does early 
enough to make that problem reportable, should it trigger. (which it 
really should not)

> > >  /* Used for MEMORY_HOTPLUG */
> > > -#define __meminit        __section(.meminit.text) __cold
> > > +#define __meminit        __section(.meminit.text) __cold notrace
> > >  #define __meminitdata    __section(.meminit.data)
> > >  #define __meminitconst   __section(.meminit.rodata)
> > >  #define __memexit        __section(.memexit.text) __exitused __cold
> > 
> > there's no justification given for this in the changelog and the change 
> > looks fishy.
> 
> Sorry, I missed writing this. I had it in other patches, but forgot to 
> add the change log here. These are areas, just like the __init section 
> that I have no way ok finding out in an arch independent way, what to 
> remove from the ftrace records. So by not adding these notraces, we 
> are guaranteed to hit the warnings above!

this is utterly fragile and might miss places that insert symbols into 
some of these sections manually.

the robust approach is to make sure these things are never in an ftrace 
record to begin with. scripts/recordmcount.pl should be taught to only 
record places that it is _100% sure of is traceable_. Not "everything 
and we'll sort out the stuff that we think is not okay".

if that needs arch dependent smarts then so be it - ftrace has to be 
enabled per arch anyway.

	Ingo

  parent reply	other threads:[~2008-10-22 11:48 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-10-21 16:40 [PATCH 0/2] ftrace: clean ups and sanity checks Steven Rostedt
2008-10-21 16:40 ` [PATCH 1/2] ftrace: make dynamic ftrace more robust Steven Rostedt
2008-10-22  6:53   ` Ingo Molnar
2008-10-22 11:07     ` Steven Rostedt
2008-10-22 11:28       ` Steven Rostedt
2008-10-22 11:47       ` Ingo Molnar [this message]
2008-10-22 12:07         ` Steven Rostedt
2008-10-21 16:40 ` [PATCH 2/2] ftrace: release functions from hash Steven Rostedt
2008-10-21 18:27   ` Steven Rostedt

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20081022114753.GC8095@elte.hu \
    --to=mingo@elte.hu \
    --cc=akpm@linux-foundation.org \
    --cc=davem@davemloft.net \
    --cc=linux-kernel@vger.kernel.org \
    --cc=peterz@infradead.org \
    --cc=rostedt@goodmis.org \
    --cc=srostedt@redhat.com \
    --cc=tglx@linutronix.de \
    --cc=torvalds@linux-foundation.org \
    --subject='Re: [PATCH 1/2] ftrace: make dynamic ftrace more robust' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).