Re: proposal for bus_dma(9) change

[Andrew Doran <ad%netbsd.org@localhost>]

On Wed, Mar 04, 2009 at 12:45:55AM +0100, Quentin Garnier wrote:
> On Wed, Mar 04, 2009 at 12:41:50AM +0100, Christoph Egger wrote:
> > 
> > Hi,
> > 
> > When bus_dmamap_create() fails, then the map pointer
> > is undefined. This is IMO a problem, because the
> > dma free routines in many drivers assume the map
> > pointer is NULL when invalid.
> > This let the drivers call bus_dmamap_destroy()
> > on an invalid map pointer.
> > Currently, I fixed two drivers: nfe(4) and age(4).
> > 
> > I see two ways to fix this: We go through all
> > drivers and set the map pointer explicitely
> > to NULL in the error path of bus_dmamap_create()
> 
> "We" go through all the drivers and fix that and the metric ton of other
> ways in which they break if anything goes wrong during attach.

I agree. Do not add new hacks into basic primitives to permit sloppy coding.
By all means poison the facility so that it explodes spectacularly when a
consumer does the wrong thing. This forces the problem to be fixed by those
who want to run with checking enabled and ensures that it's not going to be
replicated elsewhere.

A number of us have spent a lot of time applying this simple idea. It's
increases the pain level for those running -current but in the long term the
result should be a more reliable system.

Andrew

$ grep KASSERT nb4/src/sys/kern/* | wc -l 
     396
$ grep KASSERT nb5/src/sys/kern/* | wc -l 
    1899