On Wed, Aug 18, 2021 at 02:31:34PM +0200, Christian König wrote:
Am 18.08.21 um 14:17 schrieb Sa, Nuno:
From: Christian König christian.koenig@amd.com Sent: Wednesday, August 18, 2021 2:10 PM To: Sa, Nuno Nuno.Sa@analog.com; linaro-mm-sig@lists.linaro.org; dri-devel@lists.freedesktop.org; linux-media@vger.kernel.org Cc: Rob Clark rob@ti.com; Sumit Semwal sumit.semwal@linaro.org Subject: Re: [PATCH] dma-buf: return -EINVAL if dmabuf object is NULL
[External]
To be honest I think the if(WARN_ON(!dmabuf)) return -EINVAL handling here is misleading in the first place.
Returning -EINVAL on a hard coding error is not good practice and should probably be removed from the DMA-buf subsystem in general.
Would you say to just return 0 then? I don't think that having the dereference is also good..
No, just run into the dereference.
Passing NULL as the core object you are working on is a hard coding error and not something we should bubble up as recoverable error.
I used -EINVAL to be coherent with the rest of the code.
I rather suggest to remove the check elsewhere as well.
It's a lot more complicated, and WARN_ON + bail out is rather well-established code-pattern. There's been plenty of discussions in the past that a BUG_ON is harmful since it makes debugging a major pain, e.g.
https://lore.kernel.org/lkml/CA+55aFwyNTLuZgOWMTRuabWobF27ygskuxvFd-P0n-3UNT...
There's also a checkpatch check for this.
commit 9d3e3c705eb395528fd8f17208c87581b134da48 Author: Joe Perches joe@perches.com Date: Wed Sep 9 15:37:27 2015 -0700
checkpatch: add warning on BUG/BUG_ON use
Anyone who is paranoid about security crashes their machine on any WARNING anyway (like syzkaller does).
My rule of thumb is that if the WARN_ON + bail-out code is just an if (WARN_ON()) return; then it's fine, if it's more then BUG_ON is the better choice perhaps.
I think the worst choice is just removing all these checks, because a few code reorgs later you might not Oops immediately afterwards anymore, and then we'll merge potentially very busted new code. Which is no good. -Daniel
Christian.
- Nuno Sá
Christian.
Am 18.08.21 um 13:58 schrieb Nuno Sá:
On top of warning about a NULL object, we also want to return with a proper error code (as done in 'dma_buf_begin_cpu_access()').
Otherwise,
we will get a NULL pointer dereference.
Fixes: fc13020e086b ("dma-buf: add support for kernel cpu access") Signed-off-by: Nuno Sá nuno.sa@analog.com
drivers/dma-buf/dma-buf.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/dma-buf/dma-buf.c b/drivers/dma-buf/dma-
buf.c
index 63d32261b63f..8ec7876dd523 100644 --- a/drivers/dma-buf/dma-buf.c +++ b/drivers/dma-buf/dma-buf.c @@ -1231,7 +1231,8 @@ int dma_buf_end_cpu_access(struct
dma_buf *dmabuf,
{ int ret = 0;
- WARN_ON(!dmabuf);
if (WARN_ON(!dmabuf))
return -EINVAL;might_lock(&dmabuf->resv->lock.base);
Linaro-mm-sig mailing list Linaro-mm-sig@lists.linaro.org https://lists.linaro.org/mailman/listinfo/linaro-mm-sig