From: Linus Torvalds <torvalds@linux-foundation.org>
To: Yang Shi <shy828301@gmail.com>
Cc: Jens Axboe <axboe@kernel.dk>, Arnd Bergmann <arnd@arndb.de>,
Ajay Garg <ajaygargnsit@gmail.com>,
Hugh Dickins <hughd@google.com>,
Andrew Morton <akpm@linux-foundation.org>,
Linux-MM <linux-mm@kvack.org>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH] mm: shmem: do not call PageHWPoison on a ERR-page
Date: Sat, 13 Nov 2021 14:58:13 -0800 [thread overview]
Message-ID: <CAHk-=whEG9pOPmVEYw+_uruxgHZLh6ewc7MmZXGBWjuBOwFB+Q@mail.gmail.com> (raw)
In-Reply-To: <CAHbLzkp_SGYbjK27-TPajxbKYJDCv==8Oj4TzP6MdTNoBtve0A@mail.gmail.com>
On Sat, Nov 13, 2021 at 2:30 PM Yang Shi <shy828301@gmail.com> wrote:
>
> The above snippet is actually ok since if *pagep returned via
> shmem_getpage()'s parameter is not NULL, then ret is 0.
That's a random implementation detail, and is not ok to rely on.
It may or may not be true, and is not part of the rules of error handling.
If a function returns an error, you shouldn't be looking at the other
stuff it returned.
Here's a very recent example of the same kind of problem:
https://lore.kernel.org/lkml/163663333331.414.639840290224641315.tip-bot2@tip-bot2/
where people didn't actually look properly at the return value of the
function, and instead looked at the page pointers that the function
filled in.
See? EXACT same logic. And completely buggy.
> When shmem_getpage() returns error code, *pagep is NULL IIUC.
No.
When a function returns an error code, you check for the error code,
and don't rely on weather the function then filled in other data (or
left it alone, or whatever).
So the code should
(a) check and handle error returns properly
(b) be legible
That (b) basically means that if it's not entirely trivial (and none
of this was entirely trivial), then when you get an error, you just
deal with it right away. You return early, and undo anything you need
to undo.
You don't do "oh, let's keep that error, and then do something else
that maybe also generates an error".
That "don't handle the error directly" was why
shmem_read_mapping_page_gfp() was buggy and would cause an oops.
And while the shmem_write_begin() code migth not cause an oops, it had
the same fundamental bad pattern.
Error handling is where 99% of all problems occur. But that also means
that you should do the obvious thing wrt error handling, and not have
some crazy "if function X returned an error, it will have left the
return array untouched" which may or may not be true.
When a function returns an error code, you do error handling based on
that code. Not on some random other state.
Linus
next prev parent reply other threads:[~2021-11-13 22:58 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-11-11 8:46 Ajay Garg
2021-11-11 11:06 ` Muchun Song
2021-11-11 11:40 ` Ajay Garg
2021-11-11 12:11 ` Muchun Song
2021-11-11 12:21 ` Ajay Garg
2021-11-11 13:09 ` Muchun Song
2021-11-11 18:42 ` Yang Shi
2021-11-11 17:45 ` Ajay Garg
2021-11-11 17:59 ` Jens Axboe
2021-11-13 17:21 ` Jens Axboe
2021-11-13 20:16 ` Linus Torvalds
2021-11-13 20:21 ` Jens Axboe
2021-11-13 20:23 ` Linus Torvalds
2021-11-13 22:29 ` Yang Shi
2021-11-13 22:58 ` Linus Torvalds [this message]
2021-11-14 3:10 ` Yang Shi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAHk-=whEG9pOPmVEYw+_uruxgHZLh6ewc7MmZXGBWjuBOwFB+Q@mail.gmail.com' \
--to=torvalds@linux-foundation.org \
--cc=ajaygargnsit@gmail.com \
--cc=akpm@linux-foundation.org \
--cc=arnd@arndb.de \
--cc=axboe@kernel.dk \
--cc=hughd@google.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=shy828301@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox