On Fri, 12 May 2023 11:25:23 +0200, Oswald Buddenhagen wrote: > > On Fri, May 12, 2023 at 09:15:17AM +0200, Takashi Iwai wrote: > > On Wed, 10 May 2023 19:39:10 +0200, > > Oswald Buddenhagen wrote: > >> > >> If these are hit, we've already trashed kernel memory by writing past > >> the end of the allocated buffer. There is no recovery from that. > >> > > Again, this is NAK. > > > First of all, if we really do care the overflow > > seriously, we should check at each increment instead of after > > breakage. It shouldn't be too difficult at all. > > > not difficult, but pointless bloat. > > > Second, using BUG_ON() like this case is an overkill. It was clearly > > stated by Linus in the past a few times (although I can't find the > > source right now). > > > you seem to have an irrational aversion against assertions, maybe > because linus likes to scream at people. Not because he's screaming but, it's because his opinion is correct regarding this. > relevant comments from linus were easy enough to find: > https://yarchive.net/comp/linux/BUG.html > https://lore.kernel.org/all/CA+55aFwyNTLuZgOWMTRuabWobF27ygskuxvFd-P0n-3UNT=0Og@xxxxxxxxxxxxxx/T/#u > > and there is also the documentation on BUG() itself. > > i don't see anything in either of these that would imply that my use > of BUG_ON() is inappropriate. it catches a serious programming error, > is easy to prove correct (the scope is a single function), and the > only immediate effect is that it will crash the insmod process (though > i would expect possible followup effects due to the kernel memory > corruption, which is exactly why the assert is there). i have a hard > time thinking of a *more* appropriate use for BUG(). I can't agree here at all. Sorry, but this is still NAK. The reason why BUG_ON() is bad is that it cannot allow debugging easily. It crashes and locks up, and you may not see what's going on. Do you want to catch and fix the bug? Then put the check at more proper pint that prevents the real corruption. the check is basically already too late -- it means that you might have already broken someone else's system. If the size matters, it can be a conditional build with CONFIG_SND_DEBUG, for example. But simply replacing and putting BUG_ON() makes little sense. Of course, it's just my opinion, but I won't change my mind about it. So I'm not going to discuss about this further and waste time. thanks, Takashi
