On Tue, Sep 02, 2014 at 10:52:25AM +0530, Vinod Koul wrote:
On Mon, Sep 01, 2014 at 03:41:34PM +0100, Mark Brown wrote:
No. You've described what happens when things are working and everything is operating correctly and there are no bugs in the kernel, the goal with error checking is to provide robustness against the possibility that one of those things isn't true so we can tell what went wrong more easily than if we get memory corruption.
Lets assume a wrong case here is triggered due to some other issue. So we get invoked twice for the same pointer. Since the function holds the lock and searches the object in the list, only first access will find the object and start to free it and relinquish the lock.
Now, the second access will not find this and return, so no harm done.
Consider the case where we do another allocation and happen to get a previously allocated address back; if we end up doing a double free then that would result in the new allocation being freed which would in turn lead to memory corruption problems. It's the sort of thing that's really unlikely to happen but can be a nightmare to debug when it does, a little bit of defensiveness early on can help a lot with avoiding having to deal with such issues.
I agree that we need to at least put a log indicating such a scenario did occur and we failed to find the object. So we can return immediately after freeing up and then if we hit end of function implying we haven't found the object we should complain.
Would that help?
That's exactly what I'm asking for, thanks.