On Thu, Jul 07, 2022 at 10:12:41AM -0700, Nicolin Chen wrote: > On Thu, Jul 07, 2022 at 08:42:28AM +0000, Tian, Kevin wrote: > > External email: Use caution opening links or attachments > > > > > > > From: Nicolin Chen <nicolinc@xxxxxxxxxx> > > > Sent: Wednesday, July 6, 2022 2:28 PM > > > > > > There's only one caller that checks its return value with a WARN_ON_ONCE, > > > while all other callers do not check return value at all. So simplify the > > > API to return void by embedding similar WARN_ON_ONCEs. > > > > While this change keeps the similar effect as before it leads to different > > policy for same type of errors between pin and unpin paths: > > I think it's because of the policy that an undo function should not > fail. Meanwhile, indulging faulty inputs isn't good either. > > > e.g. > > > > vfio_unpin_pages(): > > if (WARN_ON_ONCE(!user_pfn || !npage || !vfio_assert_device_open(device))) > > return; > > > > vfio_pin_pages(): > > if (!user_pfn || !phys_pfn || !npage || > > !vfio_assert_device_open(device)) > > return -EINVAL; > > > > It sounds a bit weird when reading related code... > > Any better way to handle this? They should all be WARN_ON's, that is the standard pattern to assert that function arguments must be correctly formed. I would also drop the tests that obviously will oops on their on anyone, like NULL pointer checks. This is a semi-performance path. Jason
