On Fri, Oct 28, 2022 at 10:02 AM David Howells <dhowells@xxxxxxxxxx> wrote:
>
> Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx> wrote:
>
> > Honestly, I think the *real* fix would be a type-based one. Don't do
> >
> > iov_iter_kvec(&iter, ITER_DEST, ...
> >
> > at all, but instead have two different kinds of 'struct iov_iter': one
> > as a destination (iov_iter_dst), and one as a source (iov_iter_src),
>
> Or maybe something along the lines of iov_iter_into_kvec() and
> iov_iter_from_kvec()?
For the type-based ones, you would need that to initialize the two cases.
But without the type-based approach, it ends up being yet another case
of "you just have to use the right name, and if you don't, you won't
know until the dynamic WARN_ON() tells you".
And the dynamic WARN_ON() (or, WARN_ON_ONCE(), as it should be) is
great, but only for the drivers that get active testing by developers
and robots.
Which leaves potentially a _lot_ of random code that ends up being
wrong for years.
I really like static checking that actually gets noticed by the
compiler when you get it wrong.
It may not be entirely realistic in this situation, but it would be
really nice to try...
Linus
