On Thu, 19 Jul 2007, Krzysztof Halasa wrote:
> >
> > We absolutely NEVER add things like "must_check" unless not checking
> > causes a real and obvious SECURITY ISSUE.
>
> Oh, come on, almost every kernel bug is a potential security issue.
Sure. And adding unnecessary checking that doesn't make sense makes bugs
*more* likely rather than less.
> IMHO, if the function can only fail due to a kernel bug, it should
> return void and, in case of bug, explode with BUG_ON() or something
> like that. Sure, must_check doesn't apply too well to void.
There are absolutely tons of functions that can return errors (or other
values), and where many users MAY SIMPLY NOT CARE.
I think "must_check" is an abomination. It makes the callee dictate what
the caller has to do, but dammit, if the callee really "knows" its errors
are that serious, it should damn well handle them itself.
The whole "sysfs_create_file()" thing is an example of that. If it fails,
it fails. The caller can't do anythign about it anyway, except perhaps
print a message. Why the hell does such a function have the "right" to
dictate what the user should do?
That doesn't mean that *all* callers migth not care. Maybe some internal
sysfs routines really should care. But not a random driver.
Linus
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]