gpiobus: gpio_pin_release: convert checks to KASSERTs
AcceptedPublic
Actions

Authored by vexeduxr on Mon, Jun 16, 7:45 AM.

Details

Reviewers

imp
wulf
mmel

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Skipped

Unit

Tests Skipped

Build Status

Buildable 64980
Build 61863: arc lint + arc unit

Event Timeline

vexeduxr requested review of this revision.Mon, Jun 16, 7:45 AM

vexeduxr created this revision.

Harbormaster completed remote builds in B64895: Diff 157089.Mon, Jun 16, 7:45 AM

vexeduxr added a child revision: D50869: gpiobus: add gpio_pin_acquire.Mon, Jun 16, 7:46 AM

Motivation? Why do we need gpio_pin_release to return errors?
This creates the problem of freeing the gpio structure in case of an error.
IMHO, I think all errors in gpiobus_release_pin() and gpiobus_acquire_pin() should be converted to panic().
Also passing NULL to gpio_pin_release() should be panic().

Motivation? Why do we need gpio_pin_release to return errors?

It was to have it in line with gpio_pin_acquire. I found it a little weird that only one of them would report errors.

This creates the problem of freeing the gpio structure in case of an error.

At first I was freeing on both failure and success, but I wasn't sure that was the right thing to do..

IMHO, I think all errors in gpiobus_release_pin() and gpiobus_acquire_pin() should be converted to panic().
Also passing NULL to gpio_pin_release() should be panic().

I agree for gpiobus_release_pin, since they're all programming errors. For gpiobus_acquire_pin, I think attempting to acquire a pin twice should just return an error to the caller, it's possible the caller can just recover.

In D50868#1162636, @vexeduxr wrote:

Motivation? Why do we need gpio_pin_release to return errors?

It was to have it in line with gpio_pin_acquire. I found it a little weird that only one of them would report errors.

All *release* functions are usually very difficult to recover, especially if they are called throw multiple layers.

This creates the problem of freeing the gpio structure in case of an error.

At first I was freeing on both failure and success, but I wasn't sure that was the right thing to do..

This leading to a situation where the malloc cannot be released in any way. If gpiobus_release_pin() fails once, then it will always fail. But this is irrelevant if we replace errors with panic...

IMHO, I think all errors in gpiobus_release_pin() and gpiobus_acquire_pin() should be converted to panic().
Also passing NULL to gpio_pin_release() should be panic().

I agree for gpiobus_release_pin, since they're all programming errors. For gpiobus_acquire_pin, I think attempting to acquire a pin twice should just return an error to the caller, it's possible the caller can just recover.

Yep, exactly. I missed the multiple acquisition case originally. Only error value should be better than -1.

vexeduxr retitled this revision from gpiobus: allow gpio_pin_release to return errors to gpiobus: gpio_pin_release: convert checks to KASSERTs.Thu, Jun 19, 2:27 PM

Convert checks to KASSERTs

Harbormaster completed remote builds in B64980: Diff 157309.Thu, Jun 19, 2:28 PM

I went for a KASSERT instead of a panic since it's what the other gpio_* functions do. On a non-INVARIANTS kernel, if gpio is actually NULL, it will panic when we try to dereference it anyways.

vexeduxr added a parent revision: D50939: gpiobus: gpiobus_release_pin: convert errors to panic.Thu, Jun 19, 2:34 PM

Thanks.

This revision is now accepted and ready to land.Thu, Jun 19, 2:37 PM

Revision Contents
Changeset List

Path

Size

sys/

dev/

gpio/

gpiobus.c

8 lines

Diff 157309

View Options

gpiobus: gpio_pin_release: convert checks to KASSERTsAcceptedPublicActions