On Jun 15, 2015 7:22 AM, "Andrea Arcangeli" <aarcange@xxxxxxxxxx> wrote:
>
> + if (cmd != UFFDIO_API) {
> + if (ctx->state == UFFD_STATE_WAIT_API)
> + return -EINVAL;
> + BUG_ON(ctx->state != UFFD_STATE_RUNNING);
> + }
NAK.
Once again: we don't add BUG_ON() as some kind of assert. If your non-critical code has s bug in it, you do WARN_ONCE() and you return. You don't kill the machine just because of some "this can't happen" situation.
It turns out "this can't happen" happens way too often, just because code changes, or programmers didn't think all the cases through. And killing the machine is just NOT ACCEPTABLE.
People need to stop adding machine-killing checks to code that just doesn't merit killing the machine.
And if you are so damn sure that it really cannot happen ever, then you damn well had better remove the test too!
BUG_ON is not a debugging tool, or a "I think this would be bad" helper.
Linus