On Thu, Oct 01, 2020 at 01:01:20PM +0200, Greg KH wrote:
> On Wed, Sep 30, 2020 at 03:50:46PM -0700, Dave Ertman wrote:
> > +int ancillary_device_initialize(struct ancillary_device *ancildev)
> > +{
> > + struct device *dev = &ancildev->dev;
> > +
> > + dev->bus = &ancillary_bus_type;
> > +
> > + if (WARN_ON(!dev->parent) || WARN_ON(!ancildev->name) ||
> > + WARN_ON(!(dev->type && dev->type->release) && !dev->release))
> > + return -EINVAL;
>
> You have a lot of WARN_ON() calls in this patch. That blows up anyone
> who runs with panic-on-warn, right?
AFAIK this is the standard pattern to code a "can't happen"
assertion. Linus has been clear not to use BUG_ON, but to try and
recover. The WARN_ON directly points to the faulty driver so it can be
fixed.
panic-on-warn is a good thing because it causes fuzzers to report a
"can't happen" condition as a failure.
In a real production system if any of these trigger it means the
kernel has detected an internal integrity problem (corrupted memory,
code, ROP attempt, etc). People using panic-on-warn absolutely want
their kernel to stop of it is not functioning properly to protect
data-integrity.
Jason
