zlacker

[parent] [thread] 7 comments
1. atty+(OP)[view] [source] 2022-10-02 15:00:29
The kernel can’t fail to complete its operations, because then the entire system crashes and no logs are created. Instead, you can finish the operation and check the result.
replies(2): >>charci+O7 >>chlori+8U1
2. charci+O7[view] [source] 2022-10-02 15:44:21
>>atty+(OP)
panic doesn't instantly crash the program. It prints out debug information first. You could have kernel panics work the same way.
replies(3): >>wtalli+dd >>Someon+4f >>second+Ij
◧◩
3. wtalli+dd[view] [source] [discussion] 2022-10-02 16:14:05
>>charci+O7
Printing debug information to the kernel log then immediately triggering a kernel panic is not as useful as it sounds, because that approach will quite often result in that debugging information never reaching a display or any kind of persistent storage.
◧◩
4. Someon+4f[view] [source] [discussion] 2022-10-02 16:23:48
>>charci+O7
And when Linux is running on your fridge, in your car, or on a headless VM then who is there to read out this "printed output." The great thing about "log and continue" is you can automate collection and fix the underlying bug (or know that the hardware is failing).

Keep in mind that in a kernel panic no hardware is assumed to work, so assumptions like "just write to storage!" isn't an assumption you can make, you're in a panic the IO could have been literally pulled out.

replies(1): >>charci+XO
◧◩
5. second+Ij[view] [source] [discussion] 2022-10-02 16:45:58
>>charci+O7
Prints it out how? If the kernel has crashed how do you guarantee anything gets printed, either to the screen, tty, log file?
replies(1): >>charci+KO
◧◩◪
6. charci+KO[view] [source] [discussion] 2022-10-02 19:56:40
>>second+Ij
Print it to the cloud
◧◩◪
7. charci+XO[view] [source] [discussion] 2022-10-02 19:57:43
>>Someon+4f
>Keep in mind that in a kernel panic no hardware is assumed to work

So just change that assumption since for these edge cases that is an incorrect assumption.

8. chlori+8U1[view] [source] 2022-10-03 05:26:15
>>atty+(OP)
The kernel can't panic and display an error message, but corrupting itself and deleting valuable data or allowing people to execute arbitrary code (possibly remotely) is okay?

I really have a hard time understanding how anyone could possibly think that's okay.

It sounds like the kernel's quality is so poor that UB is commonplace and even expected at this point. Pretty scary how many systems are relying on this huge pile of broken C code to hopefully only slightly corrupt itself and your system.

I'm not even sure how useful Rust in the kernel is going to be considering they want it to just ignore errors. You can't even have bounds checking on arrays because invalid accesses might be detected at runtime and cause an error, which is totally insane.

[go to top]