On Mon, Apr 7, 2014 at 5:51 PM, David Herrmann <dh.herrmann@xxxxxxxxx> wrote: > On Sat, Apr 5, 2014 at 11:44 AM, Daniel Vetter <daniel.vetter@xxxxxxxx> wrote: >> The context_dtor callback is only called once we've successfully loaded >> the driver, which means dev->dev_private is set up. The check is hence >> pointless. >> >> Also dev->dev_private is deref already above, so compilers are free >> to elide it anyway. > > Are you sure compilers can assume "*ptr" implies "ptr != NULL"? I > doubt that and depending on CONFIG_DEFAULT_MMAP_MIN_ADDR I think you > can even build user-space that can successfully mmap(MAP_FIXED) at > address 0. Anyhow, I guess no-one cares besides me, so patch looks > good :) Yeah, my understand has been that every time you deref a pointer somewhere the compiler is allowed to presume that the pointer isn't NULL. Which makes mmap(MAP_FIXED) at address NULL such a dangerous thing and iirc there's been patches floating around to severely restrict that to make exploiting such bugs much harder. Iirc it's only emulators like dosemu who really need to be able to map something at NULL. Since if gcc drops the NULL check the last line of defense (namely Oopsing on the NULL deref) can be disabled by userspace. The usual exploit is to put a real data structure at NULL and use that (thorugh vtables if possible) to take over the kernel. I'm not always entirely sure on what the precise rules are really in detail, but since coverity screamed at me about this here I've figured coverity is probably right ;-) -Daniel -- Daniel Vetter Software Engineer, Intel Corporation +41 (0) 79 365 57 48 - http://blog.ffwll.ch _______________________________________________ dri-devel mailing list dri-devel@xxxxxxxxxxxxxxxxxxxxx http://lists.freedesktop.org/mailman/listinfo/dri-devel
