Re: [PATCH v26 00/10] Simple Donor Migration for Proxy Execution

[Peter Zijlstra]

On Fri, Mar 27, 2026 at 04:20:52PM +0100, Peter Zijlstra wrote:
> On Fri, Mar 27, 2026 at 07:03:19PM +0530, K Prateek Nayak wrote:
> 
> > So John originally had that and then I saw Dan's comment in
> > cleanup.h that reads:
> > 
> >   Lastly, given that the benefit of cleanup helpers is removal of
> >   "goto", and that the "goto" statement can jump between scopes, the
> >   expectation is that usage of "goto" and cleanup helpers is never
> >   mixed in the same function. I.e. for a given routine, convert all
> >   resources that need a "goto" cleanup to scope-based cleanup, or
> >   convert none of them.
> > 
> > which can either be interpreted as "Don't do it unless you know what
> > you are doing" or "There is at least one compiler that will get a
> > goto + cleanup guard wrong" and to err on side of caution, I
> > suggested we do break + enums.
> > 
> > If there are no concerns, then the suggested diff is indeed much
> > better.
> 
> IIRC the concern was doing partial error handling conversions and
> getting it hopelessly wrong.
> 
> And while some GCC's generate wrong code when you goto into a guard, all
> clangs ever will error on that, so any such code should not survive the
> robots.
> 
> And then there was an issue with computed gotos and asm_goto, but I the
> former are exceedingly rare (and again, clang will error IIRC) and the
> latter we upped the minimum clang version for.
> 
> Anyway, there is nothing inherently wrong with using goto to exit a
> scope and it works well.

That is, consider this:

void *foo(int bar)
{
	int err;

	something_1();

	err = register_something(..);
	if (!err)
		goto unregister;

	void *obj __free(kfree) = kzalloc_obj(...);

	....

	return_ptr(obj);

unregister:
	undo_something_1();
	return ERR_PTR(err);
}

Looks okay, right? Except note how 'unregister' is inside the scope of
@obj.

(And this compiles 'fine' with various GCC)

This is the kind of errors that you get from partial error handling
conversion and is why Dan wrote what he did.