[PATCH 07/13] drm/via: Remove unecessary NULL check
Daniel Vetter
daniel.vetter at ffwll.ch
Mon Apr 7 10:08:50 PDT 2014
On Mon, Apr 7, 2014 at 5:51 PM, David Herrmann <dh.herrmann at gmail.com> wrote:
> On Sat, Apr 5, 2014 at 11:44 AM, Daniel Vetter <daniel.vetter at ffwll.ch> wrote:
>> The context_dtor callback is only called once we've successfully loaded
>> the driver, which means dev->dev_private is set up. The check is hence
>> pointless.
>>
>> Also dev->dev_private is deref already above, so compilers are free
>> to elide it anyway.
>
> Are you sure compilers can assume "*ptr" implies "ptr != NULL"? I
> doubt that and depending on CONFIG_DEFAULT_MMAP_MIN_ADDR I think you
> can even build user-space that can successfully mmap(MAP_FIXED) at
> address 0. Anyhow, I guess no-one cares besides me, so patch looks
> good :)
Yeah, my understand has been that every time you deref a pointer
somewhere the compiler is allowed to presume that the pointer isn't
NULL. Which makes mmap(MAP_FIXED) at address NULL such a dangerous
thing and iirc there's been patches floating around to severely
restrict that to make exploiting such bugs much harder. Iirc it's only
emulators like dosemu who really need to be able to map something at
NULL. Since if gcc drops the NULL check the last line of defense
(namely Oopsing on the NULL deref) can be disabled by userspace. The
usual exploit is to put a real data structure at NULL and use that
(thorugh vtables if possible) to take over the kernel.
I'm not always entirely sure on what the precise rules are really in
detail, but since coverity screamed at me about this here I've figured
coverity is probably right ;-)
-Daniel
--
Daniel Vetter
Software Engineer, Intel Corporation
+41 (0) 79 365 57 48 - http://blog.ffwll.ch
More information about the dri-devel
mailing list