Re: [PATCH v3 5/6] staging: r8188eu: add error handling of rtw_read32

From: gregkh@xxxxxxxxxxxxxxxxxxx
Date: Fri Aug 27 2021 - 03:12:38 EST


On Thu, Aug 26, 2021 at 11:03:04PM +0300, Pavel Skripkin wrote:
> On 8/26/21 1:59 PM, David Laight wrote:
> > From: Pavel Skripkin
> > > Sent: 26 August 2021 11:55
> > >
> > > On 8/26/21 1:22 PM, David Laight wrote:
> > > > From: Pavel Skripkin
> > > >> Sent: 26 August 2021 10:28
> > > >>
> > > >> On 8/26/21 12:22 PM, Pavel Skripkin wrote:
> > > >> > On Thu, 26 Aug 2021 08:51:23 +0000
> > > >> > David Laight <David.Laight@xxxxxxxxxx> wrote:
> > > > ...
> > > >> >> ...
> > > >> >> > -static u32 usb_read32(struct intf_hdl *pintfhdl, u32 addr)
> > > >> >> > +static int usb_read32(struct intf_hdl *pintfhdl, u32 addr, u32
> > > >> >> > *data) {
> > > >> >> > u8 requesttype;
> > > >> >> > u16 wvalue;
> > > >> >> > u16 len;
> > > >> >> > - __le32 data;
> > > >> >> > + int res;
> > > >> >> > + __le32 tmp;
> > > >> >> > +
> > > >> >> > + if (WARN_ON(unlikely(!data)))
> > > >> >> > + return -EINVAL;
> > > >> >> >
> > > >> >>
> > > >> >> Kill the NULL check - it is a silly coding error.
> > > >> >> An OOPS is just as easy to debug.
> > > >> >>
> > > >> >
> > > >> >
> > > >> > I don't think that one single driver should kill the whole system. It's
> > > >> > 100% an error, but kernel can recover from it (for example disconnect
> > > >> > the driver, since it's broken).
> > > >> >
> > > >> >
> > > >> > AFIAK, Greg and Linus do not like BUG_ONs in recoverable state...
> > > >> > Correct me, if I am wrong
> > > >> >
> > > >> Oops, I thought about BUG_ON() instead of WARN_ON(), sorry for
> > > >> confusion. My point is "we should not let the box boom".
> > > >
> > > >
> > > > There is no point checking for NULL that just can't happen.
> > > > In this case all the callers will pass the address of a local.
> > > > There really is no point checking.
> > > >
> > >
> > > We not always read in local variable, there are few places, where we
> > > read into passed buffer.
> >
> > It is still a very local coding bug.
> >
> > David
> >
>
> Sure, but is defensive programming so bad?

Yes it is, for when it is not needed.

> Greg, what your opinion about this NULL check?

Never check for things that you know are not going to happen. Otherwise
the kernel would just be full of pointless checks everywhere.

And why are you waiting for me to tell you this? Why do you not believe
David?

thanks,

greg k-h