On Thu 22-08-24 19:57:41, Barry Song wrote: > Regarding the concern about 'leaving locks > behind' you have in that subthread, I believe there's no difference > when returning NULL, as it could still leave locks behind but offers > a chance for the calling process to avoid an immediate crash. Yes, I have mentioned this risk just for completeness. Without having some sort of unwinding mechanism we are doomed to not be able to handle this. The sole difference between just returning NULL and OOPsing rigth away is that the former is not guaranteed to happen and the caller can cause an actual harm by derefering non-oopsing addressed close to 0 which would be a) much harder to find out b) could cause much more damage than killing the context right away. Besides that I believe we have many BUG_ON users which would really prefer to just call the current context instead, they just do not have means to do that so OOPS_ON could be a safer way to stop bad users and reduce the number of BUG_ONs as well. I am just not really sure how to implement that. A stupid and an obvious way would be to have a dereference from a known (pre-defined) unmapped area. But this smells like something that should be achievable in a better way. -- Michal Hocko SUSE Labs
