On 2020/06/30 5:19, Eric W. Biederman wrote: > Tetsuo Handa <penguin-kernel@xxxxxxxxxxxxxxxxxxx> writes: > >> On 2020/06/29 4:44, Alexei Starovoitov wrote: >>> But all the defensive programming kinda goes against general kernel style. >>> I wouldn't do it. Especially pr_info() ?! >>> Though I don't feel strongly about it. >> >> Honestly speaking, caller should check for errors and print appropriate >> messages. info->wd.mnt->mnt_root != info->wd.dentry indicates that something >> went wrong (maybe memory corruption). But other conditions are not fatal. >> That is, I consider even pr_info() here should be unnecessary. > > They were all should never happen cases. Which is why my patches do: > if (WARN_ON_ONCE(...)) No. Fuzz testing (which uses panic_on_warn=1) will trivially hit them. This bug was unfortunately not found by syzkaller because this path is not easily reachable via syscall interface. > > That let's the caller know the messed up very clearly while still > providing a change to continue. > > If they were clearly corruption no ones kernel should ever continue > BUG_ON would be appropriate. Please use BUG_ON() (to only corruption case) like I suggested in my updated diff.
