On Wed, Aug 18, 2021 at 02:31:34PM +0200, Christian König wrote: > Am 18.08.21 um 14:17 schrieb Sa, Nuno: > > > From: Christian König <christian.koenig@xxxxxxx> > > > Sent: Wednesday, August 18, 2021 2:10 PM > > > To: Sa, Nuno <Nuno.Sa@xxxxxxxxxx>; linaro-mm-sig@xxxxxxxxxxxxxxxx; > > > dri-devel@xxxxxxxxxxxxxxxxxxxxx; linux-media@xxxxxxxxxxxxxxx > > > Cc: Rob Clark <rob@xxxxxx>; Sumit Semwal > > > <sumit.semwal@xxxxxxxxxx> > > > Subject: Re: [PATCH] dma-buf: return -EINVAL if dmabuf object is > > > NULL > > > > > > [External] > > > > > > To be honest I think the if(WARN_ON(!dmabuf)) return -EINVAL > > > handling > > > here is misleading in the first place. > > > > > > Returning -EINVAL on a hard coding error is not good practice and > > > should > > > probably be removed from the DMA-buf subsystem in general. > > Would you say to just return 0 then? I don't think that having the > > dereference is also good.. > > No, just run into the dereference. > > Passing NULL as the core object you are working on is a hard coding error > and not something we should bubble up as recoverable error. > > > I used -EINVAL to be coherent with the rest of the code. > > I rather suggest to remove the check elsewhere as well. It's a lot more complicated, and WARN_ON + bail out is rather well-established code-pattern. There's been plenty of discussions in the past that a BUG_ON is harmful since it makes debugging a major pain, e.g. https://lore.kernel.org/lkml/CA+55aFwyNTLuZgOWMTRuabWobF27ygskuxvFd-P0n-3UNT=0Og@xxxxxxxxxxxxxx/ There's also a checkpatch check for this. commit 9d3e3c705eb395528fd8f17208c87581b134da48 Author: Joe Perches <joe@xxxxxxxxxxx> Date: Wed Sep 9 15:37:27 2015 -0700 checkpatch: add warning on BUG/BUG_ON use Anyone who is paranoid about security crashes their machine on any WARNING anyway (like syzkaller does). My rule of thumb is that if the WARN_ON + bail-out code is just an if (WARN_ON()) return; then it's fine, if it's more then BUG_ON is the better choice perhaps. I think the worst choice is just removing all these checks, because a few code reorgs later you might not Oops immediately afterwards anymore, and then we'll merge potentially very busted new code. Which is no good. -Daniel > > Christian. > > > > > - Nuno Sá > > > > > Christian. > > > > > > Am 18.08.21 um 13:58 schrieb Nuno Sá: > > > > On top of warning about a NULL object, we also want to return with a > > > > proper error code (as done in 'dma_buf_begin_cpu_access()'). > > > Otherwise, > > > > we will get a NULL pointer dereference. > > > > > > > > Fixes: fc13020e086b ("dma-buf: add support for kernel cpu access") > > > > Signed-off-by: Nuno Sá <nuno.sa@xxxxxxxxxx> > > > > --- > > > > drivers/dma-buf/dma-buf.c | 3 ++- > > > > 1 file changed, 2 insertions(+), 1 deletion(-) > > > > > > > > diff --git a/drivers/dma-buf/dma-buf.c b/drivers/dma-buf/dma- > > > buf.c > > > > index 63d32261b63f..8ec7876dd523 100644 > > > > --- a/drivers/dma-buf/dma-buf.c > > > > +++ b/drivers/dma-buf/dma-buf.c > > > > @@ -1231,7 +1231,8 @@ int dma_buf_end_cpu_access(struct > > > dma_buf *dmabuf, > > > > { > > > > int ret = 0; > > > > > > > > - WARN_ON(!dmabuf); > > > > + if (WARN_ON(!dmabuf)) > > > > + return -EINVAL; > > > > > > > > might_lock(&dmabuf->resv->lock.base); > > > > > > _______________________________________________ > Linaro-mm-sig mailing list > Linaro-mm-sig@xxxxxxxxxxxxxxxx > https://lists.linaro.org/mailman/listinfo/linaro-mm-sig -- Daniel Vetter Software Engineer, Intel Corporation http://blog.ffwll.ch
