Re: [PATCH] mm: no need to check return value of debugfs_create functions
On Tue 22-01-19 17:27:49, Greg KH wrote: > On Tue, Jan 22, 2019 at 05:07:01PM +0100, Michal Hocko wrote: [...] > > sounds like a poor design goal to me but not mine code to maintain so... > > The design goal was to make it as simple as possible to use, and that > includes "you do not care about the return value". Now we do have to > return a value because some people need that for when they want to make > a subdirectory, or remove the file later on, otherwise I would have just > had everything be a void return function :) I suspect that you are making assumptions which might change in the future and this whole mess will be unfixable. But whatever I do not care about debugfs at all. -- Michal Hocko SUSE Labs
Re: [PATCH] mm: no need to check return value of debugfs_create functions
On Tue, Jan 22, 2019 at 05:07:01PM +0100, Michal Hocko wrote:
> On Tue 22-01-19 16:52:55, Greg KH wrote:
> > On Tue, Jan 22, 2019 at 04:31:02PM +0100, Michal Hocko wrote:
> > > On Tue 22-01-19 16:21:13, Greg KH wrote:
> > > [...]
> > > > diff --git a/mm/memblock.c b/mm/memblock.c
> > > > index 022d4cbb3618..18ee657fb918 100644
> > > > --- a/mm/memblock.c
> > > > +++ b/mm/memblock.c
> > > > @@ -1998,8 +1998,7 @@ DEFINE_SHOW_ATTRIBUTE(memblock_debug);
> > > > static int __init memblock_init_debugfs(void)
> > > > {
> > > > struct dentry *root = debugfs_create_dir("memblock", NULL);
> > > > - if (!root)
> > > > - return -ENXIO;
> > > > +
> > > > debugfs_create_file("memory", 0444, root,
> > > > , _debug_fops);
> > > > debugfs_create_file("reserved", 0444, root,
> > >
> > > I haven't really read the whole patch but this has just hit my eyes. Is
> > > this a correct behavior?
> > >
> > > Documentations says:
> > > * @parent: a pointer to the parent dentry for this file. This should be
> > > a
> > > * directory dentry if set. If this parameter is NULL, then the
> > > * file will be created in the root of the debugfs filesystem.
> > >
> > > so in case of failure we would get those debugfs files outside of their
> > > intended scope. I believe it is much more correct to simply not create
> > > anything, no?
> >
> > If debugfs_create_dir() returns NULL, then something is really wrong
> > (you passed it an invalid pointer as the parent dentry, or free memory
> > is gone), so there's nothing you can do except keep moving forward and
> > take that result and pass it as any parent pointer you want to. Your
> > code logic should never care if a debugfs file is created or not, it is
> > "fire and forget".
>
> OK, but does it make any sense to continue creating files when you know
> that the parent directory has failed to create? What kind of advantage
> does this have?
It has no advantage or disadvantage. And again, it can't really happen
unless the system is out of memory and in that case, everything else
just crashed anyway.
> > And any result of a debugfs call, like this one, that is to be passed
> > into another debugfs call, will work just fine if the first one failed
> > (the second one usually will also fail, which is fine.)
> >
> > Also, and this is the biggest problem, everyone gets the return value
> > check wrong thinking NULL will be an error, it is one type of error, but
> > other ones are also returned and no one checks them properly. So just
> > don't check at all, that is the design goal here.
>
> sounds like a poor design goal to me but not mine code to maintain so...
The design goal was to make it as simple as possible to use, and that
includes "you do not care about the return value". Now we do have to
return a value because some people need that for when they want to make
a subdirectory, or remove the file later on, otherwise I would have just
had everything be a void return function :)
thanks,
greg k-h
Re: [PATCH] mm: no need to check return value of debugfs_create functions
On Tue 22-01-19 16:52:55, Greg KH wrote:
> On Tue, Jan 22, 2019 at 04:31:02PM +0100, Michal Hocko wrote:
> > On Tue 22-01-19 16:21:13, Greg KH wrote:
> > [...]
> > > diff --git a/mm/memblock.c b/mm/memblock.c
> > > index 022d4cbb3618..18ee657fb918 100644
> > > --- a/mm/memblock.c
> > > +++ b/mm/memblock.c
> > > @@ -1998,8 +1998,7 @@ DEFINE_SHOW_ATTRIBUTE(memblock_debug);
> > > static int __init memblock_init_debugfs(void)
> > > {
> > > struct dentry *root = debugfs_create_dir("memblock", NULL);
> > > - if (!root)
> > > - return -ENXIO;
> > > +
> > > debugfs_create_file("memory", 0444, root,
> > > , _debug_fops);
> > > debugfs_create_file("reserved", 0444, root,
> >
> > I haven't really read the whole patch but this has just hit my eyes. Is
> > this a correct behavior?
> >
> > Documentations says:
> > * @parent: a pointer to the parent dentry for this file. This should be a
> > * directory dentry if set. If this parameter is NULL, then the
> > * file will be created in the root of the debugfs filesystem.
> >
> > so in case of failure we would get those debugfs files outside of their
> > intended scope. I believe it is much more correct to simply not create
> > anything, no?
>
> If debugfs_create_dir() returns NULL, then something is really wrong
> (you passed it an invalid pointer as the parent dentry, or free memory
> is gone), so there's nothing you can do except keep moving forward and
> take that result and pass it as any parent pointer you want to. Your
> code logic should never care if a debugfs file is created or not, it is
> "fire and forget".
OK, but does it make any sense to continue creating files when you know
that the parent directory has failed to create? What kind of advantage
does this have?
> And any result of a debugfs call, like this one, that is to be passed
> into another debugfs call, will work just fine if the first one failed
> (the second one usually will also fail, which is fine.)
>
> Also, and this is the biggest problem, everyone gets the return value
> check wrong thinking NULL will be an error, it is one type of error, but
> other ones are also returned and no one checks them properly. So just
> don't check at all, that is the design goal here.
sounds like a poor design goal to me but not mine code to maintain so...
--
Michal Hocko
SUSE Labs
Re: [PATCH] mm: no need to check return value of debugfs_create functions
On Tue, Jan 22, 2019 at 04:31:02PM +0100, Michal Hocko wrote:
> On Tue 22-01-19 16:21:13, Greg KH wrote:
> [...]
> > diff --git a/mm/memblock.c b/mm/memblock.c
> > index 022d4cbb3618..18ee657fb918 100644
> > --- a/mm/memblock.c
> > +++ b/mm/memblock.c
> > @@ -1998,8 +1998,7 @@ DEFINE_SHOW_ATTRIBUTE(memblock_debug);
> > static int __init memblock_init_debugfs(void)
> > {
> > struct dentry *root = debugfs_create_dir("memblock", NULL);
> > - if (!root)
> > - return -ENXIO;
> > +
> > debugfs_create_file("memory", 0444, root,
> > , _debug_fops);
> > debugfs_create_file("reserved", 0444, root,
>
> I haven't really read the whole patch but this has just hit my eyes. Is
> this a correct behavior?
>
> Documentations says:
> * @parent: a pointer to the parent dentry for this file. This should be a
> * directory dentry if set. If this parameter is NULL, then the
> * file will be created in the root of the debugfs filesystem.
>
> so in case of failure we would get those debugfs files outside of their
> intended scope. I believe it is much more correct to simply not create
> anything, no?
If debugfs_create_dir() returns NULL, then something is really wrong
(you passed it an invalid pointer as the parent dentry, or free memory
is gone), so there's nothing you can do except keep moving forward and
take that result and pass it as any parent pointer you want to. Your
code logic should never care if a debugfs file is created or not, it is
"fire and forget".
And any result of a debugfs call, like this one, that is to be passed
into another debugfs call, will work just fine if the first one failed
(the second one usually will also fail, which is fine.)
Also, and this is the biggest problem, everyone gets the return value
check wrong thinking NULL will be an error, it is one type of error, but
other ones are also returned and no one checks them properly. So just
don't check at all, that is the design goal here.
hope this helps,
greg k-h
Re: [PATCH] mm: no need to check return value of debugfs_create functions
On Tue 22-01-19 16:21:13, Greg KH wrote:
[...]
> diff --git a/mm/memblock.c b/mm/memblock.c
> index 022d4cbb3618..18ee657fb918 100644
> --- a/mm/memblock.c
> +++ b/mm/memblock.c
> @@ -1998,8 +1998,7 @@ DEFINE_SHOW_ATTRIBUTE(memblock_debug);
> static int __init memblock_init_debugfs(void)
> {
> struct dentry *root = debugfs_create_dir("memblock", NULL);
> - if (!root)
> - return -ENXIO;
> +
> debugfs_create_file("memory", 0444, root,
> , _debug_fops);
> debugfs_create_file("reserved", 0444, root,
I haven't really read the whole patch but this has just hit my eyes. Is
this a correct behavior?
Documentations says:
* @parent: a pointer to the parent dentry for this file. This should be a
* directory dentry if set. If this parameter is NULL, then the
* file will be created in the root of the debugfs filesystem.
so in case of failure we would get those debugfs files outside of their
intended scope. I believe it is much more correct to simply not create
anything, no?
--
Michal Hocko
SUSE Labs
