On Tue, May 05, 2020 at 10:03:27PM +0000, Luis Chamberlain wrote: > On Tue, May 05, 2020 at 01:41:44PM -0700, Kees Cook wrote: > > Right -- while it'd be nice if the developer noticed it, it is _usually_ > > an unsuspecting end user (or fuzzer), in which case we absolutely want a > > WARN (and not a BUG![1]) and have the situations handled gracefully, so > > it can be reported and fixed. > > I've been using WARN*() for this exact purpose before, so I am as > surprised as you are bout these concerns. However if we have folks I don't see any mismatch here: it's not user-reachable, which is what Greg said. WARN is for non-user-reachable "impossible situations". We want to know if those can be hit (via bad API usage, races, etc). If it's reachable from userspace, then it can't be a WARN() any more and needs to be pr_warn(). > shipping with panic-on-warn this would be rather detrimental to our > goals. > > Greg, are you aware of folks shipping with panic-on-warn on some products? People shipping with panic_on_warn are expecting to panic for WARNs like this. :P -- Kees Cook
