mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
synced 2025-01-01 10:43:43 +00:00
3c047057d1
When CONFIG_BUG is disabled, BUG_ON() will only evaluate the condition,
but will not actually stop the current thread. GCC warns about a couple
of BUG_ON() users where this actually leads to further undefined
behavior:
include/linux/ceph/osdmap.h: In function 'ceph_can_shift_osds':
include/linux/ceph/osdmap.h:54:1: warning: control reaches end of non-void function
fs/ext4/inode.c: In function 'ext4_map_blocks':
fs/ext4/inode.c:548:5: warning: 'retval' may be used uninitialized in this function
drivers/mfd/db8500-prcmu.c: In function 'prcmu_config_clkout':
drivers/mfd/db8500-prcmu.c:762:10: warning: 'div_mask' may be used uninitialized in this function
drivers/mfd/db8500-prcmu.c:769:13: warning: 'mask' may be used uninitialized in this function
drivers/mfd/db8500-prcmu.c:757:7: warning: 'bits' may be used uninitialized in this function
drivers/tty/serial/8250/8250_core.c: In function 'univ8250_release_irq':
drivers/tty/serial/8250/8250_core.c:252:18: warning: 'i' may be used uninitialized in this function
drivers/tty/serial/8250/8250_core.c:235:19: note: 'i' was declared here
There is an obvious conflict of interest here: on the one hand, someone
who disables CONFIG_BUG() will want the kernel to be as small as possible
and doesn't care about printing error messages to a console that nobody
looks at. On the other hand, running into a BUG_ON() condition means that
something has gone wrong, and we probably want to also stop doing things
that might cause data corruption.
This patch picks the second choice, and changes the NOP to BUG(), which
normally stops the execution of the current thread in some form (endless
loop or a trap). This follows the logic we applied in a4b5d580e0 ("bug:
Make BUG() always stop the machine").
For ARM multi_v7_defconfig, the size slightly increases:
section CONFIG_BUG=y CONFIG_BUG=n CONFIG_BUG=n+patch
.text 8320248 | 8180944 | 8207688
.rodata 3633720 | 3567144 | 3570648
__bug_table 32508 | --- | ---
__modver 692 | 1584 | 2176
.init.text 558132 | 548300 | 550088
.exit.text 12380 | 12256 | 12380
.data 1016672 | 1016064 | 1016128
Total 14622556 | 14374510 | 14407326
So instead of saving 1.70% of the total image size, we only save 1.48%
by turning off CONFIG_BUG, but in return we can ensure that we don't run
into cases of uninitialized variable or return code uses when something
bad happens. Aside from that, we significantly reduce the number of
warnings in randconfig builds, which makes it easier to fix the warnings
about other problems.
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
212 lines
5.7 KiB
C
212 lines
5.7 KiB
C
#ifndef _ASM_GENERIC_BUG_H
|
|
#define _ASM_GENERIC_BUG_H
|
|
|
|
#include <linux/compiler.h>
|
|
|
|
#ifdef CONFIG_GENERIC_BUG
|
|
#define BUGFLAG_WARNING (1 << 0)
|
|
#define BUGFLAG_TAINT(taint) (BUGFLAG_WARNING | ((taint) << 8))
|
|
#define BUG_GET_TAINT(bug) ((bug)->flags >> 8)
|
|
#endif
|
|
|
|
#ifndef __ASSEMBLY__
|
|
#include <linux/kernel.h>
|
|
|
|
#ifdef CONFIG_BUG
|
|
|
|
#ifdef CONFIG_GENERIC_BUG
|
|
struct bug_entry {
|
|
#ifndef CONFIG_GENERIC_BUG_RELATIVE_POINTERS
|
|
unsigned long bug_addr;
|
|
#else
|
|
signed int bug_addr_disp;
|
|
#endif
|
|
#ifdef CONFIG_DEBUG_BUGVERBOSE
|
|
#ifndef CONFIG_GENERIC_BUG_RELATIVE_POINTERS
|
|
const char *file;
|
|
#else
|
|
signed int file_disp;
|
|
#endif
|
|
unsigned short line;
|
|
#endif
|
|
unsigned short flags;
|
|
};
|
|
#endif /* CONFIG_GENERIC_BUG */
|
|
|
|
/*
|
|
* Don't use BUG() or BUG_ON() unless there's really no way out; one
|
|
* example might be detecting data structure corruption in the middle
|
|
* of an operation that can't be backed out of. If the (sub)system
|
|
* can somehow continue operating, perhaps with reduced functionality,
|
|
* it's probably not BUG-worthy.
|
|
*
|
|
* If you're tempted to BUG(), think again: is completely giving up
|
|
* really the *only* solution? There are usually better options, where
|
|
* users don't need to reboot ASAP and can mostly shut down cleanly.
|
|
*/
|
|
#ifndef HAVE_ARCH_BUG
|
|
#define BUG() do { \
|
|
printk("BUG: failure at %s:%d/%s()!\n", __FILE__, __LINE__, __func__); \
|
|
panic("BUG!"); \
|
|
} while (0)
|
|
#endif
|
|
|
|
#ifndef HAVE_ARCH_BUG_ON
|
|
#define BUG_ON(condition) do { if (unlikely(condition)) BUG(); } while (0)
|
|
#endif
|
|
|
|
/*
|
|
* WARN(), WARN_ON(), WARN_ON_ONCE, and so on can be used to report
|
|
* significant issues that need prompt attention if they should ever
|
|
* appear at runtime. Use the versions with printk format strings
|
|
* to provide better diagnostics.
|
|
*/
|
|
#ifndef __WARN_TAINT
|
|
extern __printf(3, 4)
|
|
void warn_slowpath_fmt(const char *file, const int line,
|
|
const char *fmt, ...);
|
|
extern __printf(4, 5)
|
|
void warn_slowpath_fmt_taint(const char *file, const int line, unsigned taint,
|
|
const char *fmt, ...);
|
|
extern void warn_slowpath_null(const char *file, const int line);
|
|
#define WANT_WARN_ON_SLOWPATH
|
|
#define __WARN() warn_slowpath_null(__FILE__, __LINE__)
|
|
#define __WARN_printf(arg...) warn_slowpath_fmt(__FILE__, __LINE__, arg)
|
|
#define __WARN_printf_taint(taint, arg...) \
|
|
warn_slowpath_fmt_taint(__FILE__, __LINE__, taint, arg)
|
|
#else
|
|
#define __WARN() __WARN_TAINT(TAINT_WARN)
|
|
#define __WARN_printf(arg...) do { printk(arg); __WARN(); } while (0)
|
|
#define __WARN_printf_taint(taint, arg...) \
|
|
do { printk(arg); __WARN_TAINT(taint); } while (0)
|
|
#endif
|
|
|
|
#ifndef WARN_ON
|
|
#define WARN_ON(condition) ({ \
|
|
int __ret_warn_on = !!(condition); \
|
|
if (unlikely(__ret_warn_on)) \
|
|
__WARN(); \
|
|
unlikely(__ret_warn_on); \
|
|
})
|
|
#endif
|
|
|
|
#ifndef WARN
|
|
#define WARN(condition, format...) ({ \
|
|
int __ret_warn_on = !!(condition); \
|
|
if (unlikely(__ret_warn_on)) \
|
|
__WARN_printf(format); \
|
|
unlikely(__ret_warn_on); \
|
|
})
|
|
#endif
|
|
|
|
#define WARN_TAINT(condition, taint, format...) ({ \
|
|
int __ret_warn_on = !!(condition); \
|
|
if (unlikely(__ret_warn_on)) \
|
|
__WARN_printf_taint(taint, format); \
|
|
unlikely(__ret_warn_on); \
|
|
})
|
|
|
|
#define WARN_ON_ONCE(condition) ({ \
|
|
static bool __section(.data.unlikely) __warned; \
|
|
int __ret_warn_once = !!(condition); \
|
|
\
|
|
if (unlikely(__ret_warn_once)) \
|
|
if (WARN_ON(!__warned)) \
|
|
__warned = true; \
|
|
unlikely(__ret_warn_once); \
|
|
})
|
|
|
|
#define WARN_ONCE(condition, format...) ({ \
|
|
static bool __section(.data.unlikely) __warned; \
|
|
int __ret_warn_once = !!(condition); \
|
|
\
|
|
if (unlikely(__ret_warn_once)) \
|
|
if (WARN(!__warned, format)) \
|
|
__warned = true; \
|
|
unlikely(__ret_warn_once); \
|
|
})
|
|
|
|
#define WARN_TAINT_ONCE(condition, taint, format...) ({ \
|
|
static bool __section(.data.unlikely) __warned; \
|
|
int __ret_warn_once = !!(condition); \
|
|
\
|
|
if (unlikely(__ret_warn_once)) \
|
|
if (WARN_TAINT(!__warned, taint, format)) \
|
|
__warned = true; \
|
|
unlikely(__ret_warn_once); \
|
|
})
|
|
|
|
#else /* !CONFIG_BUG */
|
|
#ifndef HAVE_ARCH_BUG
|
|
#define BUG() do {} while (1)
|
|
#endif
|
|
|
|
#ifndef HAVE_ARCH_BUG_ON
|
|
#define BUG_ON(condition) do { if (condition) BUG(); } while (0)
|
|
#endif
|
|
|
|
#ifndef HAVE_ARCH_WARN_ON
|
|
#define WARN_ON(condition) ({ \
|
|
int __ret_warn_on = !!(condition); \
|
|
unlikely(__ret_warn_on); \
|
|
})
|
|
#endif
|
|
|
|
#ifndef WARN
|
|
#define WARN(condition, format...) ({ \
|
|
int __ret_warn_on = !!(condition); \
|
|
no_printk(format); \
|
|
unlikely(__ret_warn_on); \
|
|
})
|
|
#endif
|
|
|
|
#define WARN_ON_ONCE(condition) WARN_ON(condition)
|
|
#define WARN_ONCE(condition, format...) WARN(condition, format)
|
|
#define WARN_TAINT(condition, taint, format...) WARN(condition, format)
|
|
#define WARN_TAINT_ONCE(condition, taint, format...) WARN(condition, format)
|
|
|
|
#endif
|
|
|
|
/*
|
|
* WARN_ON_SMP() is for cases that the warning is either
|
|
* meaningless for !SMP or may even cause failures.
|
|
* This is usually used for cases that we have
|
|
* WARN_ON(!spin_is_locked(&lock)) checks, as spin_is_locked()
|
|
* returns 0 for uniprocessor settings.
|
|
* It can also be used with values that are only defined
|
|
* on SMP:
|
|
*
|
|
* struct foo {
|
|
* [...]
|
|
* #ifdef CONFIG_SMP
|
|
* int bar;
|
|
* #endif
|
|
* };
|
|
*
|
|
* void func(struct foo *zoot)
|
|
* {
|
|
* WARN_ON_SMP(!zoot->bar);
|
|
*
|
|
* For CONFIG_SMP, WARN_ON_SMP() should act the same as WARN_ON(),
|
|
* and should be a nop and return false for uniprocessor.
|
|
*
|
|
* if (WARN_ON_SMP(x)) returns true only when CONFIG_SMP is set
|
|
* and x is true.
|
|
*/
|
|
#ifdef CONFIG_SMP
|
|
# define WARN_ON_SMP(x) WARN_ON(x)
|
|
#else
|
|
/*
|
|
* Use of ({0;}) because WARN_ON_SMP(x) may be used either as
|
|
* a stand alone line statement or as a condition in an if ()
|
|
* statement.
|
|
* A simple "0" would cause gcc to give a "statement has no effect"
|
|
* warning.
|
|
*/
|
|
# define WARN_ON_SMP(x) ({0;})
|
|
#endif
|
|
|
|
#endif /* __ASSEMBLY__ */
|
|
|
|
#endif
|