[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] xen: arm: Don't use stop_cpu() in halt_this_cpu()



Hi Stefano,

On 28/06/2022 23:56, Stefano Stabellini wrote:
The advantage of the panic() is it will remind us that some needs to be fixed.
With a warning (or WARN()) people will tend to ignore it.

I know that this specific code path (cpu off) is probably not super
relevant for what I am about to say, but as we move closer to safety
certifiability we need to get away from using "panic" and BUG_ON as a
reminder that more work is needed to have a fully correct implementation
of something.

I don't think we have many places at runtime using BUG_ON()/panic(). They are often used because we think Xen would not be able to recover if the condition is hit.

I am happy to remove them, but this should not be at the expense to introduce other potential weird bugs.


I also see your point and agree that ASSERT is not acceptable for
external input but from my point of view panic is the same (slightly
worse because it doesn't go away in production builds).

I think it depends on your target. Would you be happy if Xen continue to run with potentially a fatal flaw?


Julien if you are going to ack the patch feel free to go ahead.

I will do and commit it.

Cheers,

--
Julien Grall



 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.