ddb: make db_error reliably no-return
ClosedPublic
Actions

Authored by rlibby on Jul 8 2024, 3:59 PM.

Details

Reviewers

kib
rgrimes

Commits

rGf0a7df4a6cc9: ddb: make db_error reliably no-return

Summary

Most code assumes db_error does not return, but according to
kdb_reenter_silent, there may be cases where it could. Instead, panic
if kdb_reenter_silent returns and mark the routine as __dead2. This
addresses gcc warnings.

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

rlibby created this revision.Jul 8 2024, 3:59 PM

Herald added a subscriber: imp. · View Herald TranscriptJul 8 2024, 3:59 PM

rlibby requested review of this revision.Jul 8 2024, 3:59 PM

rlibby added a parent revision: D45917: kdb_sysctl_trap: suppress gcc -Warray-bounds.

Harbormaster completed remote builds in B58567: Diff 140693.Jul 8 2024, 3:59 PM

rlibby added a reviewer: rgrimes.Jul 8 2024, 4:05 PM

It seems that db_error() is the only caller of kdb_reenter_silent(). And then it might be better to panic in kdb_reenter_silent() instead, I am not sure. [To make kdb_reenter_silent() more strict]

In D45918#1046830, @kib wrote:

It seems that db_error() is the only caller of kdb_reenter_silent(). And then it might be better to panic in kdb_reenter_silent() instead, I am not sure. [To make kdb_reenter_silent() more strict]

I waffled on that. It seems like kdb_reenter_silent() was meant to be a version of kdb_reenter() without the prints, and kdb_reenter() has other callers... I also wondered if both kdb_reenter() and kdb_reenter_silent() should be no-return / panic. It seems the major difference would be whether we continue after not handling a trap when kdb_active but no kdb_jmpbufp is set. (Is that actually what we want? How does the happen? I'm unsure.) I went with just modifying db_error() as a change with less potential fallout.