[RFQ] make witness panic an option

Attilio Rao attilio at freebsd.org
Sun Nov 25 14:09:03 UTC 2012


On Sun, Nov 25, 2012 at 2:06 PM, Pawel Jakub Dawidek <pjd at freebsd.org> wrote:
> On Sun, Nov 25, 2012 at 01:48:23PM +0000, Attilio Rao wrote:
>> On Sun, Nov 25, 2012 at 1:47 PM, Pawel Jakub Dawidek <pjd at freebsd.org> wrote:
>> > On Sun, Nov 25, 2012 at 01:37:19PM +0000, Attilio Rao wrote:
>> >> On Sun, Nov 25, 2012 at 1:12 PM, Pawel Jakub Dawidek <pjd at freebsd.org> wrote:
>> >> > On Sun, Nov 25, 2012 at 12:42:16PM +0000, Attilio Rao wrote:
>> >> >> On Sun, Nov 25, 2012 at 12:39 PM, Pawel Jakub Dawidek <pjd at freebsd.org> wrote:
>> >> >> > WITNESS is a development tool. We don't ship production kernels with
>> >> >> > WITNESS even compiled in. What is more efficient use of developer time:
>> >> >> > going through full reboot cycle every time or reading the warning from
>> >> >> > console, unloading a module, fixing the bug and loading it again?
>> >> >> >
>> >> >> > And if this option is turned off by default what is the problem?
>> >> >>
>> >> >> Yes, so, why do you write here?
>> >> >
>> >> > I'm trying to understand why do you object. Until now the only concern
>> >> > you have that I found is that you are afraid of it being abused. I don't
>> >> > see how this can be abused if it is turned off by default. If someone
>> >> > will commit a change that will turn it on by default, believe me, I'll
>> >> > unleash hell personally.
>> >>
>> >> So I don't understand what are you proposing.
>> >> You are not proposing to switch BLESSING on and you are not proposing
>> >> to import Adrian's patches in, if I get it correctly. I don't
>> >> understand then.
>> >
>> > I propose to get Adrian's patches in, just leave current behaviour as
>> > the default.
>>
>> So if I tell that I'm afraid this mechanism will be abused (and
>> believe me, I really wanted to trimm out BLESSING stuff also for the
>> same reason) and you say "you can't see how" there is not much we can
>> discuss.
>
> This is not what I said. I would see it as abuse if someone will
> suddenly decided to turn off locking assertions by default in FreeBSD
> base.
>
> If he will turn that off on his private machine be it to speed up his
> development (a good thing) or to shut up important lock assertion (a bad
> thing) this is entirely his decision. He can already do that having all
> the source code, its just more complex. Make tools, not policies.
>
> BLESSING is totally different subject. You were afraid that people will
> start to silence LORs they don't understand by committing blessed pairs
> to FreeBSD base. And this situation is abuse and I fully agree, but I
> also still think BLESSING is useful, although I recognize it might be
> hard to prevent mentioned abuse.
>
> In case of Adrian's patch nothing will change in how we enforce locking
> assertions in FreeBSD base.
>
>> You know how I think, there is no need to wait for me to reconsider,
>> because I don't believe this will happen with arguments like "I don't
>> think", "I don't agree", etc.
>
> I provide valid arguments with I hope proper explanation, you choose not
> to address them or ignore them and I hope this will change:)

I'm not ignoring them, I'm saying that your arguments are not enough
convincing to me.
And really, giving the possibility to turn off assertions in witness
is already a dangerous tool I want to avoid (not only related to
BLESSING). If there are some cases that deserve a panic, we might just
get it, not matter how sysctls are setup.

However it seems to me I'm just saying the same thing since 20
e-mails, please drop me from CC in your next follow up. As I said, you
can commit all the changes you want (assuming they are technically
correct) even if I would appreciate my disagreement is expressed in
the commit message.

Attilio


-- 
Peace can only be achieved by understanding - A. Einstein


More information about the freebsd-hackers mailing list