On Sun, Sep 20, 2009 at 07:21:36AM +0200, Julia Lawall wrote:
> On Sat, 19 Sep 2009, Greg KH wrote:
>
> > On Fri, Sep 18, 2009 at 11:39:34PM +0200, Julia Lawall wrote:
> > > Functions that are exported using EXPORT_SYMBOL, and thus are presumably
> > > freely available for use in dynamically loaded modules, do not seem to
> > > very often check the validity of their inputs. For a simple example,
> > > the following code from arch/arm/mach-realview/clock.c does not even check
> > > that clk is not NULL:
> > >
> > > unsigned long clk_get_rate(struct clk *clk)
> > > {
> > > return clk->rate;
> > > }
> > > EXPORT_SYMBOL(clk_get_rate);
> > >
> > > Is this a problem?
> >
> > No, as long as all callers are not passing NULL :)
> >
> > Seriously, it's not an issue, putting error checking for everything
> > causes a lot of extra code for no reason, as we can easily audit all
> > callers of these symbols, it is not always necessary to check the
> > paramters.
>
> Who is we?
Us kernel developers.
> If the symbol is exported can't anyone write a kernel module
> that uses the function?
Yes, and we can see their code as well when it is distributed.
> Is the policy that in that case they get what they deserve?
Yes, that would be a trivial thing to debug :)
thanks,
greg k-h
--
To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
