On Jun 15, 2015 7:22 AM, "Andrea Arcangeli" <aarca...@redhat.com> wrote:
>
> + if (cmd != UFFDIO_API) {
> + if (ctx->state == UFFD_STATE_WAIT_API)
> + return -EINVAL;
> + BUG_ON(ctx->state != UFFD_STATE_RUNNING);
> + }
NAK.
Once again: we don't add BUG_ON() as some kind of assert. If your
non-critical code has s bug in it, you do WARN_ONCE() and you return. You
don't kill the machine just because of some "this can't happen" situation.
It turns out "this can't happen" happens way too often, just because code
changes, or programmers didn't think all the cases through. And killing the
machine is just NOT ACCEPTABLE.
People need to stop adding machine-killing checks to code that just doesn't
merit killing the machine.
And if you are so damn sure that it really cannot happen ever, then you
damn well had better remove the test too!
BUG_ON is not a debugging tool, or a "I think this would be bad" helper.
Linus
