From: Al Viro <viro@ZenIV.linux.org.uk>
To: Thomas Gleixner <tglx@linutronix.de>
Cc: Nick Krause <xerofoify@gmail.com>,
Dan Carpenter <dan.carpenter@oracle.com>,
akpm@linux-foundation.org, fabf@skynet.be,
kirill.shutemov@linux.intel.com, linux-fsdevel@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH] Check for Null return of function of affs_bread in function affs_truncate
Date: Sun, 22 Jun 2014 20:12:48 +0100 [thread overview]
Message-ID: <20140622191248.GU18016@ZenIV.linux.org.uk> (raw)
In-Reply-To: <alpine.DEB.2.10.1406210143030.5170@nanos>
On Sat, Jun 21, 2014 at 01:59:15AM +0200, Thomas Gleixner wrote:
> > > The problem is that we don't know if we should return here or break
> > > here. If you don't understand the code, then it's best to just leave it
> > > alone.
>
> Dan, what kind of attitude is that?
>
> Nick certainly found an issue where a possible NULL return from
> affs_bread() can cause havoc.
Yes. No arguments here.
> Do YOU understand that code?
>
> If yes, you better explain, WHY Nicks finding is a false positive
> instead of just telling him off in a very inpolite way.
It's not a false positive at all.
> If not, you better refrain from telling a reporter that he does not
> understand the code and should stay away.
Tone aside, he does have a point - namely, that patch in question doesn't
contain any analysis of the bug and recovery strategy, turning a bug into
something that is much harder to spot on inspection.
If nothing else, such patches should contain a loud printk added on
the b0rken codepath, along with a big fat warning in the source.
I'm not saying that "fuck off unless you understand the code" is a sane
policy - it's not. But "anything's better than an oops" is also wrong.
> > > The problem is that we don't know if we should return here or break
> > > here.
>
> The problem here is that proceeding with a known NULL pointer is wrong
> to begin with. It does not matter at all whether break or return is
> the proper thing to do. What matters is that proceeding with a NULL
> pointer is wrong to begin with, no matter what.
>
> So either explain why this is a non issue and the NULL pointer return
> cannot happen or shut up and try to find a proper solution for that
> "return" vs. "break" issue.
return vs. break here is the difference between discarding preallocated blocks
and leaking them as well. The thing is, it's either severe OOM or a corrupted
image. I'd *probably* go for "affs_error() and return" here, but that's
not the only question - we probably ought to make it return an error, instead
of having it void. And callers tend to do that affs_free_prealloc(), so
much that I'm not sure if we actually want to keep it in affs_truncate() at
all.
next prev parent reply other threads:[~2014-06-22 19:12 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-06-18 22:08 [PATCH] Check for Null return of function of affs_bread in function affs_truncate Nicholas Krause
2014-06-19 5:21 ` Dan Carpenter
2014-06-20 16:30 ` Nick Krause
2014-06-20 23:59 ` Thomas Gleixner
2014-06-21 2:25 ` Nick Krause
2014-06-21 2:38 ` Andrew Morton
2014-06-21 2:55 ` Nick Krause
2014-06-21 3:09 ` Andrew Morton
2014-06-21 3:20 ` Nick Krause
2014-06-22 19:12 ` Al Viro [this message]
2014-07-11 15:05 ` Dan Carpenter
2014-07-13 6:18 ` Nick Krause
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140622191248.GU18016@ZenIV.linux.org.uk \
--to=viro@zeniv.linux.org.uk \
--cc=akpm@linux-foundation.org \
--cc=dan.carpenter@oracle.com \
--cc=fabf@skynet.be \
--cc=kirill.shutemov@linux.intel.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=tglx@linutronix.de \
--cc=xerofoify@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.