Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S935701AbcKWLX1 (ORCPT ); Wed, 23 Nov 2016 06:23:27 -0500 Received: from foss.arm.com ([217.140.101.70]:49370 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751010AbcKWLX0 (ORCPT ); Wed, 23 Nov 2016 06:23:26 -0500 Date: Wed, 23 Nov 2016 11:23:23 +0000 From: Liviu Dudau To: Jani Nikula Cc: Eric Engestrom , Daniel Vetter , LKML , DRI devel Subject: Re: [PATCH v2] drm: check for NULL parameter in exported drm_get_format_name() function. Message-ID: <20161123112323.GX1005@e106497-lin.cambridge.arm.com> References: <20161123105213.27674-1-Liviu.Dudau@arm.com> <87vavewjew.fsf@intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <87vavewjew.fsf@intel.com> User-Agent: Mutt/1.5.24 (2015-08-30) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 2393 Lines: 70 On Wed, Nov 23, 2016 at 01:00:07PM +0200, Jani Nikula wrote: > On Wed, 23 Nov 2016, Liviu Dudau wrote: > > drm_get_format_name() de-references the buf parameter without checking > > if the pointer was not NULL. Given that the function is EXPORT-ed, lets > > sanitise the parameters before proceeding. > > > > v2: Use BUG_ON() to annoy users that did not pass valid parameters to function. > > > > Fixes: b3c11ac267d461d3d5 ("drm: move allocation out of drm_get_format_name()) > > Cc: Eric Engestrom > > Cc: Rob Clark > > Cc: Jani Nikula > > Cc: Daniel Vetter > > > > Signed-off-by: Liviu Dudau > > --- > > I still think sanity checking the parameters of an exported function is worth > > doing, even if the way one triggers the NULL pointer crash is priviledged. Not > > a big fan of the verbosity of BUG_ON() and would rather silently reject NULL buf > > pointer, but that is a matter of taste. > > There really is no meaningful difference between doing BUG_ON(!bug) > vs. just letting buf->str oops. The kernel is full of functions that > expect sensible pointers, and I don't see why this one in particular > should be so special to warrant a BUG_ON(). Agree. That is why I prefer v1 where I return immediately on NULL pointers. Best regards, Liviu > > BR, > Jani. > > > > > > > drivers/gpu/drm/drm_fourcc.c | 2 ++ > > 1 file changed, 2 insertions(+) > > > > diff --git a/drivers/gpu/drm/drm_fourcc.c b/drivers/gpu/drm/drm_fourcc.c > > index 90d2cc8..6d80239 100644 > > --- a/drivers/gpu/drm/drm_fourcc.c > > +++ b/drivers/gpu/drm/drm_fourcc.c > > @@ -85,6 +85,8 @@ EXPORT_SYMBOL(drm_mode_legacy_fb_format); > > */ > > const char *drm_get_format_name(uint32_t format, struct drm_format_name_buf *buf) > > { > > + BUG_ON(!buf); > > + > > snprintf(buf->str, sizeof(buf->str), > > "%c%c%c%c %s-endian (0x%08x)", > > printable_char(format & 0xff), > > -- > Jani Nikula, Intel Open Source Technology Center > _______________________________________________ > dri-devel mailing list > dri-devel@lists.freedesktop.org > https://lists.freedesktop.org/mailman/listinfo/dri-devel -- ==================== | I would like to | | fix the world, | | but they're not | | giving me the | \ source code! / --------------- ¯\_(ツ)_/¯