| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 7 Dec 2017 16:26:48 -0500 (EST)
From: Alan Stern <stern@...land.harvard.edu>
To: Dan Carpenter <dan.carpenter@...cle.com>
cc: Geert Uytterhoeven <geert@...ux-m68k.org>,
SF Markus Elfring <elfring@...rs.sourceforge.net>,
USB list <linux-usb@...r.kernel.org>,
Joe Perches <joe@...ches.com>,
Daniel Drake <drake@...lessm.com>,
Dmitry Fleytman <dmitry@...nix.com>,
Eugene Korenevsky <ekorenevsky@...il.com>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Günter Röck <linux@...ck-us.net>,
Johan Hovold <johan@...nel.org>,
Mathias Nyman <mathias.nyman@...ux.intel.com>,
Peter Chen <peter.chen@....com>,
LKML <linux-kernel@...r.kernel.org>,
"kernel-janitors@...r.kernel.org" <kernel-janitors@...r.kernel.org>
Subject: Re: USB: hub: Delete an error message for a failed memory allocation
in usb_hub_clear_tt_buffer()
On Thu, 7 Dec 2017, Dan Carpenter wrote:
> On Thu, Dec 07, 2017 at 10:12:27AM -0500, Alan Stern wrote:
> > The real problem is that the kernel development community doesn't have
> > a fixed policy on how to handle memory allocation errors. There are
> > several possibilities:
> >
> > Ignore them on the grounds that they will never happen.
> > (Really? And what is the size limit above which they
> > might happen?)
> >
>
> It's pretty rare to ignore allocation failures these days. It causes
> static checker warnings.
>
> Sometimes it's accepted for people to ignore errors during boot but
> I hate that because how am I supposed to filter out those static checker
> warnings? It's better to pretend that the kernel will still boot
> without essential hardware instead of wasting everyone's time who looks
> at checker output.
>
> > Ignore them on the grounds that the machine will hang or
> > crash in the near future. (Is this guaranteed?)
>
> On boot sometimes yes.
>
> >
> > Treat them like other errors: try to press forward (perhaps
> > in a degraded mode).
> >
> > Treat them like other errors: log an error message and try
> > to press forward.
> >
>
> The standard is to treat them like errors and try press forward in a
> degraded mode but don't print a message. Checkpatch.pl complains if you
> print a warning for allocation failures. A lot of low level functions
> handle their own messages pretty well but especially kmalloc() does.
Which brings us back to my original objection. If an allocation
failure has localized effects, but the low-level warning is unable to
specify what will be affected, how is the user supposed to connect the
effect to the cause?
Alan Stern
>
> I also have a special static checker warning for when people do:
>
> foo = alloc();
> BUG_ON(!foo);
>
> People do that occasionally but fortunately it's pretty rare. 10 years
> ago that's how btrfs did error handling, but now there are only 4 of
> these still remaining in btrfs.
>
> regards,
> dan carpenter
>
>
>
Powered by blists - more mailing lists