Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S935336AbcKWLBG (ORCPT <rfc822;w@1wt.eu>);
        Wed, 23 Nov 2016 06:01:06 -0500
Received: from mga09.intel.com ([134.134.136.24]:32167 "EHLO mga09.intel.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S935098AbcKWLBF (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 23 Nov 2016 06:01:05 -0500
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.31,537,1473145200"; 
   d="scan'208";a="789872028"
From: Jani Nikula <jani.nikula@intel.com>
To: Liviu Dudau <Liviu.Dudau@arm.com>, Eric Engestrom <eric@engestrom.ch>
Cc: David Airlie <airlied@linux.ie>,
        DRI devel <dri-devel@lists.freedesktop.org>,
        LKML <linux-kernel@vger.kernel.org>, Rob Clark <robdclark@gmail.com>,
        Daniel Vetter <daniel.vetter@ffwll.ch>
Subject: Re: [PATCH v2] drm: check for NULL parameter in exported drm_get_format_name() function.
In-Reply-To: <20161123105213.27674-1-Liviu.Dudau@arm.com>
Organization: Intel Finland Oy - BIC 0357606-4 - Westendinkatu 7, 02160 Espoo
References: <CAF6AEGsU4Gksv3hGxXGJR-LiyZXKtevgf7chs0GDT4EfxLZajw@mail.gmail.com> <20161123105213.27674-1-Liviu.Dudau@arm.com>
Date: Wed, 23 Nov 2016 13:00:07 +0200
Message-ID: <87vavewjew.fsf@intel.com>
MIME-Version: 1.0
Content-Type: text/plain
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 1806
Lines: 49

On Wed, 23 Nov 2016, Liviu Dudau <Liviu.Dudau@arm.com> wrote:
> drm_get_format_name() de-references the buf parameter without checking
> if the pointer was not NULL. Given that the function is EXPORT-ed, lets
> sanitise the parameters before proceeding.
>
> v2: Use BUG_ON() to annoy users that did not pass valid parameters to function.
>
> Fixes: b3c11ac267d461d3d5 ("drm: move allocation out of drm_get_format_name())
> Cc: Eric Engestrom <eric@engestrom.ch>
> Cc: Rob Clark <robdclark@gmail.com>
> Cc: Jani Nikula <jani.nikula@intel.com>
> Cc: Daniel Vetter <daniel.vetter@ffwll.ch>
>
> Signed-off-by: Liviu Dudau <Liviu.Dudau@arm.com>
> ---
> I still think sanity checking the parameters of an exported function is worth
> doing, even if the way one triggers the NULL pointer crash is priviledged. Not
> a big fan of the verbosity of BUG_ON() and would rather silently reject NULL buf
> pointer, but that is a matter of taste.

There really is no meaningful difference between doing BUG_ON(!bug)
vs. just letting buf->str oops. The kernel is full of functions that
expect sensible pointers, and I don't see why this one in particular
should be so special to warrant a BUG_ON().

BR,
Jani.

>
>
>  drivers/gpu/drm/drm_fourcc.c | 2 ++
>  1 file changed, 2 insertions(+)
>
> diff --git a/drivers/gpu/drm/drm_fourcc.c b/drivers/gpu/drm/drm_fourcc.c
> index 90d2cc8..6d80239 100644
> --- a/drivers/gpu/drm/drm_fourcc.c
> +++ b/drivers/gpu/drm/drm_fourcc.c
> @@ -85,6 +85,8 @@ EXPORT_SYMBOL(drm_mode_legacy_fb_format);
>   */
>  const char *drm_get_format_name(uint32_t format, struct drm_format_name_buf *buf)
>  {
> +	BUG_ON(!buf);
> +
>  	snprintf(buf->str, sizeof(buf->str),
>  		 "%c%c%c%c %s-endian (0x%08x)",
>  		 printable_char(format & 0xff),

-- 
Jani Nikula, Intel Open Source Technology Center