Re: [RESEND PATCH v5 3/5] drivers core: allow probe_err accept integer and pointer types
From: Robin Murphy
Date: Wed Jun 24 2020 - 10:25:43 EST
On 2020-06-24 13:55, Andy Shevchenko wrote:
On Wed, Jun 24, 2020 at 3:37 PM Robin Murphy <robin.murphy@xxxxxxx> wrote:
On 2020-06-24 12:41, Andrzej Hajda wrote:
Many resource acquisition functions return error value encapsulated in
pointer instead of integer value. To simplify coding we can use macro
which will accept both types of error.
With this patch user can use:
probe_err(dev, ptr, ...)
instead of:
probe_err(dev, PTR_ERR(ptr), ...)
Without loosing old functionality:
probe_err(dev, err, ...)
Personally I'm not convinced that simplification has much value, and I'd
say it *does* have a significant downside. This:
if (IS_ERR(x))
do_something_with(PTR_ERR(x));
is a familiar and expected pattern when reading/reviewing code, and at a
glance is almost certainly doing the right thing. If I see this, on the
other hand:
if (IS_ERR(x))
do_something_with(x);
I don't consider your arguments strong enough. You are appealing to
one pattern vs. new coming *pattern* just with a different name and
actually much less characters to parse. We have a lot of clean ups
like this, have you protested against them? JFYI: they are now
*established patterns* and saved a ton of LOCs in some of which even
were typos.
I'm not against probe_err() itself, I think that stands to be a
wonderfully helpful thing that will eliminate a hell of a lot of ugly
mess from drivers. It's only the specific elision of 9 characters worth
of "PTR_ERR()" in certain cases that I'm questioning. I mean, we've
already got +20 characters leeway now that checkpatch has acknowledged
all that blank space on the right-hand side of all my editor windows.
Sure, there's not necessarily anything bad about introducing a new
pattern in itself, but it's not going to *replace* the existing pattern
of "IS_ERR() pairs with PTR_ERR()", because IS_ERR() is used for more
than driver probe error handling. Instead, everybody now has to bear in
mind that the new pattern is "IS_ERR() pairs with PTR_ERR(), except
sometimes when it doesn't - last time I looked only probe_err() was
special, but maybe something's changed, I'll have to go check...", and
that's just adding cognitive load for the sake of not even saving a
linewrap any more.
First, the wave of Sparse errors from the build bots hits because it
turns out casting arbitrary pointers appropriately is hard. As it washes
past, the reality of authors' and maintainers' personal preferences
comes to bear... some inevitably prefer to keep spelling out PTR_ERR()
in probe_err() calls for the sake of clarity, bikeshedding ensues, and
the checkpatch and Coccinelle armies mobilise to send unwanted patches
changing things back and forth. Eventually, in all the confusion, a
synapse misfires in a muddled developer's mind, an ERR_PTR value passed
to kfree() "because kfree() is robust" slips through, and a bug is born.
And there's the thing: inconsistency breeds bugs. Sometimes, of course,
there are really good reasons to be inconsistent. Is 9 characters per
line for a few hundred lines across the kernel tree really a really good
reason?
The tersest code is not always the most maintainable. Consider that we
could also save many more "tons of LoC" by rewriting an entire category
of small if/else statements with ternaries. Would the overall effect on
maintainability be positive? I don't think so.
And yeah, anyone who pipes up suggesting that places where an ERR_PTR
value could be passed to probe_err() could simply refactor IS_ERR()
checks with more uses of the god-awful PTR_ERR_OR_ZERO() obfuscator gets
a long stare of disapproval...
Robin.
my immediate instinct is to be suspicious, and now I've got to go off
and double-check that if do_something_with() really expects a pointer
it's also robust against PTR_ERR values. Off-hand I can't think of any
APIs that work that way in the areas with which I'm familiar, so it
would be a pretty unusual and non-obvious thing.