Received: by 2002:a05:7412:419a:b0:f3:1519:9f41 with SMTP id i26csp4440151rdh; Wed, 29 Nov 2023 01:19:00 -0800 (PST) X-Google-Smtp-Source: AGHT+IGaCf+jysGq19nNzxSpF5cs89m7LVJHtsRY3BsmAHQ3spE5Sgj3aeB+Bfthn98jtB7L7+yX X-Received: by 2002:a17:903:2285:b0:1cf:b964:5e37 with SMTP id b5-20020a170903228500b001cfb9645e37mr13309575plh.12.1701249540090; Wed, 29 Nov 2023 01:19:00 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1701249540; cv=none; d=google.com; s=arc-20160816; b=aia5GuwiyXqihMKVQMxetOeiITKjSHsmFnudf3gidnuykv3/QQsbc5aztGqIKoXnMK IQcv110MiVqsiwJv927PcwILIb5vB8Z2ytaQRXzbuxOGDd6QgbCc4+PgVOr+MKfRbltJ KwOmlH0zjs7xYLi9T/MhHacXk1XZZWiiif9EDUXOZfNHiZD0e8ArlGE/uQgk4MsEwUEP Za0kqvDNYJwNqg8Lho+kpCY/tuCiY+wRikXTHvTMJ9lYptUABacy7ut1GE8sBRzbnCnc T6sgInNwWkzk199BGYVqRdUWzpnBtmcAVY/vrpGi/XfMIGhNdV2YmepB7IhXFEuv1Exg whXg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-transfer-encoding :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature; bh=6Cn1L65bEYC3p6pwp5QA+rNUuPDd1+CUXYgLOzVh7LQ=; fh=xEKiaWSSKsulIgZY/DnMJ20XukDND9DHf1uJSG/Mv8A=; b=dIkwg+Ty6mabpGlDmh1i1/xMvAdBq45BbQ+IQ0rKGFDoPPWZC0feQm7jXL4ufjQAtT uWc6e1QGjZoqv6FdUWy8sqpBY7vnkKMPtwsgS4/FqFlAnnYbSI9W1wwAAtbkb7hYpB4S z214TJL8P7YxK+paOaF8RmmsBhcO7shgVTtponhi87ktidYbzirA2czn10hrQWRGVACQ f6ZQG6L9ut9AIAwrivDLxoSDPg4jWW6rZEATCeQXVWuhQdt4nzG7qMGJrfcm3i+eHNTo Vr6pTdcXNsSk+BNccgSB9Wcob/R9Stm/J5aRbG7NybwoYLlsGxungyMdRsYctyu0PKcr bp8w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=MQamiLbz; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:3 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from lipwig.vger.email (lipwig.vger.email. [2620:137:e000::3:3]) by mx.google.com with ESMTPS id y11-20020a170902700b00b001cfdf2b1d86si4649770plk.96.2023.11.29.01.18.59 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 29 Nov 2023 01:19:00 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:3 as permitted sender) client-ip=2620:137:e000::3:3; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=MQamiLbz; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:3 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by lipwig.vger.email (Postfix) with ESMTP id A6FD18041973; Wed, 29 Nov 2023 01:18:57 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at lipwig.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229816AbjK2JS3 (ORCPT + 99 others); Wed, 29 Nov 2023 04:18:29 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47288 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229603AbjK2JS0 (ORCPT ); Wed, 29 Nov 2023 04:18:26 -0500 Received: from mgamail.intel.com (mgamail.intel.com [192.55.52.115]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D063F10E2; Wed, 29 Nov 2023 01:18:32 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1701249512; x=1732785512; h=date:from:to:cc:subject:message-id:references: mime-version:content-transfer-encoding:in-reply-to; bh=fg/SG84dFmw5xtLeQyneQ3hhwKW3Ii9jSwQZ6X2juJ0=; b=MQamiLbz8b1au58frvr4aW9c6w7O+QkaVm9PVFXB1iVuaeGjHC6fUZzM U0DbvbiiqTfpPEPt+lbekKuQ7RXuQLVtVbxVz57vPrGH0k5DjhXFmUdic HP+H4Onz+6xoWhoCMrtYZj7iBEUWIBwR4CA6vqThgov2zn0QYhbxtBaKm 3klzhHYJkrERcVwRMGgkj4FojhhpHyuudnqCRL6P1l5f2woOTf+jDOn33 OhVdTnfKyGXRP60X7WkuVxOz+HB86HO+tSpsYHjTs4vbN42exEbHsrQqg qbvuj6iTZjn6/CA/VgXXg6W8qQxPZSgkuRIWp+iKjnXEUvVm1RmDgRBrp w==; X-IronPort-AV: E=McAfee;i="6600,9927,10908"; a="392876798" X-IronPort-AV: E=Sophos;i="6.04,235,1695711600"; d="scan'208";a="392876798" Received: from orsmga007.jf.intel.com ([10.7.209.58]) by fmsmga103.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 29 Nov 2023 01:18:32 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10908"; a="762242261" X-IronPort-AV: E=Sophos;i="6.04,235,1695711600"; d="scan'208";a="762242261" Received: from stinkpipe.fi.intel.com (HELO stinkbox) ([10.237.72.74]) by orsmga007.jf.intel.com with SMTP; 29 Nov 2023 01:18:25 -0800 Received: by stinkbox (sSMTP sendmail emulation); Wed, 29 Nov 2023 11:18:24 +0200 Date: Wed, 29 Nov 2023 11:18:24 +0200 From: Ville =?iso-8859-1?Q?Syrj=E4l=E4?= To: Maxime Ripard Cc: Jani Nikula , Thomas Zimmermann , Emma Anholt , Jonathan Corbet , linux-kernel@vger.kernel.org, Samuel Holland , Sandy Huang , Jernej Skrabec , linux-doc@vger.kernel.org, Hans Verkuil , linux-rockchip@lists.infradead.org, Chen-Yu Tsai , dri-devel@lists.freedesktop.org, linux-media@vger.kernel.org, linux-sunxi@lists.linux.dev, linux-arm-kernel@lists.infradead.org Subject: Re: [PATCH v4 05/45] drm/connector: Check drm_connector_init pointers arguments Message-ID: References: <20231128-kms-hdmi-connector-state-v4-0-c7602158306e@kernel.org> <20231128-kms-hdmi-connector-state-v4-5-c7602158306e@kernel.org> <87h6l66nth.fsf@intel.com> <2mnodqvu2oo674vspiy4gxhglu3it5cq47acx5itnbwevgc4cf@c7h2bvnx3m2n> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <2mnodqvu2oo674vspiy4gxhglu3it5cq47acx5itnbwevgc4cf@c7h2bvnx3m2n> X-Patchwork-Hint: comment X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lipwig.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (lipwig.vger.email [0.0.0.0]); Wed, 29 Nov 2023 01:18:57 -0800 (PST) On Wed, Nov 29, 2023 at 10:11:26AM +0100, Maxime Ripard wrote: > Hi Ville, > > On Tue, Nov 28, 2023 at 03:49:08PM +0200, Ville Syrj?l? wrote: > > On Tue, Nov 28, 2023 at 02:29:40PM +0100, Maxime Ripard wrote: > > > On Tue, Nov 28, 2023 at 02:54:02PM +0200, Jani Nikula wrote: > > > > On Tue, 28 Nov 2023, Maxime Ripard wrote: > > > > > All the drm_connector_init variants take at least a pointer to the > > > > > device, connector and hooks implementation. > > > > > > > > > > However, none of them check their value before dereferencing those > > > > > pointers which can lead to a NULL-pointer dereference if the author > > > > > isn't careful. > > > > > > > > Arguably oopsing on the spot is preferrable when this can't be caused by > > > > user input. It's always a mistake that should be caught early during > > > > development. > > > > > > > > Not everyone checks the return value of drm_connector_init and friends, > > > > so those cases will lead to more mysterious bugs later. And probably > > > > oopses as well. > > > > > > So maybe we can do both then, with something like > > > > > > if (WARN_ON(!dev)) > > > return -EINVAL > > > > > > if (drm_WARN_ON(dev, !connector || !funcs)) > > > return -EINVAL; > > > > > > I'd still like to check for this, so we can have proper testing, and we > > > already check for those pointers in some places (like funcs in > > > drm_connector_init), so if we don't cover everything we're inconsistent. > > > > People will invariably cargo-cult this kind of stuff absolutely > > everywhere and then all your functions will have tons of dead > > code to check their arguments. > > And that's a bad thing because... ? > > Also, are you really saying that checking that your arguments make sense > is cargo-cult? > > We're already doing it in some parts of KMS, so we have to be > consistent, and the answer to "most drivers don't check the error" > cannot be "let's just give on error checking then". > > > I'd prefer not to go there usually. > > > > Should we perhaps start to use the (arguably hideous) > > - void f(struct foo *bar) > > + void f(struct foo bar[static 1]) > > syntax to tell the compiler we don't accept NULL pointers? > > > > Hmm. Apparently that has the same problem as using any > > other kind of array syntax in the prototype. That is, > > the compiler demands to know the definition of 'struct foo' > > even though we're passing in effectively a pointer. Sigh. > > Honestly, I don't care as long as it's something we can unit-test to > make sure we make it consistent. We can't unit test a complete kernel > crash. Why do you want to put utterly broken code into a unit test? -- Ville Syrj?l? Intel