On Fri, May 12, 2023 at 09:15:17AM +0200, Takashi Iwai wrote:
On Wed, 10 May 2023 19:39:10 +0200,
Oswald Buddenhagen wrote:
If these are hit, we've already trashed kernel memory by writing past
the end of the allocated buffer. There is no recovery from that.
Again, this is NAK.
First of all, if we really do care the overflow
seriously, we should check at each increment instead of after
breakage. It shouldn't be too difficult at all.
not difficult, but pointless bloat.
Second, using BUG_ON() like this case is an overkill. It was clearly
stated by Linus in the past a few times (although I can't find the
source right now).
you seem to have an irrational aversion against assertions, maybe
because linus likes to scream at people.
relevant comments from linus were easy enough to find:
https://yarchive.net/comp/linux/BUG.html
https://lore.kernel.org/all/CA+55aFwyNTLuZgOWMTRuabWobF27ygskuxvFd-P0n-3UNT=0Og@xxxxxxxxxxxxxx/T/#u
and there is also the documentation on BUG() itself.
i don't see anything in either of these that would imply that my use of
BUG_ON() is inappropriate. it catches a serious programming error, is
easy to prove correct (the scope is a single function), and the only
immediate effect is that it will crash the insmod process (though i
would expect possible followup effects due to the kernel memory
corruption, which is exactly why the assert is there). i have a hard
time thinking of a *more* appropriate use for BUG().
regards