[Linaro-mm-sig] [PATCH] dma-buf: return -EINVAL if dmabuf object is NULL
Daniel Vetter
daniel at ffwll.ch
Wed Aug 18 12:46:40 UTC 2021
On Wed, Aug 18, 2021 at 02:31:34PM +0200, Christian König wrote:
> Am 18.08.21 um 14:17 schrieb Sa, Nuno:
> > > From: Christian König <christian.koenig at amd.com>
> > > Sent: Wednesday, August 18, 2021 2:10 PM
> > > To: Sa, Nuno <Nuno.Sa at analog.com>; linaro-mm-sig at lists.linaro.org;
> > > dri-devel at lists.freedesktop.org; linux-media at vger.kernel.org
> > > Cc: Rob Clark <rob at ti.com>; Sumit Semwal
> > > <sumit.semwal at linaro.org>
> > > Subject: Re: [PATCH] dma-buf: return -EINVAL if dmabuf object is
> > > NULL
> > >
> > > [External]
> > >
> > > To be honest I think the if(WARN_ON(!dmabuf)) return -EINVAL
> > > handling
> > > here is misleading in the first place.
> > >
> > > Returning -EINVAL on a hard coding error is not good practice and
> > > should
> > > probably be removed from the DMA-buf subsystem in general.
> > Would you say to just return 0 then? I don't think that having the
> > dereference is also good..
>
> No, just run into the dereference.
>
> Passing NULL as the core object you are working on is a hard coding error
> and not something we should bubble up as recoverable error.
>
> > I used -EINVAL to be coherent with the rest of the code.
>
> I rather suggest to remove the check elsewhere as well.
It's a lot more complicated, and WARN_ON + bail out is rather
well-established code-pattern. There's been plenty of discussions in the
past that a BUG_ON is harmful since it makes debugging a major pain, e.g.
https://lore.kernel.org/lkml/CA+55aFwyNTLuZgOWMTRuabWobF27ygskuxvFd-P0n-3UNT=0Og@mail.gmail.com/
There's also a checkpatch check for this.
commit 9d3e3c705eb395528fd8f17208c87581b134da48
Author: Joe Perches <joe at perches.com>
Date: Wed Sep 9 15:37:27 2015 -0700
checkpatch: add warning on BUG/BUG_ON use
Anyone who is paranoid about security crashes their machine on any WARNING
anyway (like syzkaller does).
My rule of thumb is that if the WARN_ON + bail-out code is just an if
(WARN_ON()) return; then it's fine, if it's more then BUG_ON is the better
choice perhaps.
I think the worst choice is just removing all these checks, because a few
code reorgs later you might not Oops immediately afterwards anymore, and
then we'll merge potentially very busted new code. Which is no good.
-Daniel
>
> Christian.
>
> >
> > - Nuno Sá
> >
> > > Christian.
> > >
> > > Am 18.08.21 um 13:58 schrieb Nuno Sá:
> > > > On top of warning about a NULL object, we also want to return with a
> > > > proper error code (as done in 'dma_buf_begin_cpu_access()').
> > > Otherwise,
> > > > we will get a NULL pointer dereference.
> > > >
> > > > Fixes: fc13020e086b ("dma-buf: add support for kernel cpu access")
> > > > Signed-off-by: Nuno Sá <nuno.sa at analog.com>
> > > > ---
> > > > drivers/dma-buf/dma-buf.c | 3 ++-
> > > > 1 file changed, 2 insertions(+), 1 deletion(-)
> > > >
> > > > diff --git a/drivers/dma-buf/dma-buf.c b/drivers/dma-buf/dma-
> > > buf.c
> > > > index 63d32261b63f..8ec7876dd523 100644
> > > > --- a/drivers/dma-buf/dma-buf.c
> > > > +++ b/drivers/dma-buf/dma-buf.c
> > > > @@ -1231,7 +1231,8 @@ int dma_buf_end_cpu_access(struct
> > > dma_buf *dmabuf,
> > > > {
> > > > int ret = 0;
> > > >
> > > > - WARN_ON(!dmabuf);
> > > > + if (WARN_ON(!dmabuf))
> > > > + return -EINVAL;
> > > >
> > > > might_lock(&dmabuf->resv->lock.base);
> > > >
>
> _______________________________________________
> Linaro-mm-sig mailing list
> Linaro-mm-sig at lists.linaro.org
> https://lists.linaro.org/mailman/listinfo/linaro-mm-sig
--
Daniel Vetter
Software Engineer, Intel Corporation
http://blog.ffwll.ch
More information about the dri-devel
mailing list