svn commit: r302841 - head/sys/dev/drm2
Garrett Cooper
ngie at FreeBSD.org
Thu Jul 14 13:55:39 UTC 2016
Author: ngie
Date: Thu Jul 14 13:55:38 2016
New Revision: 302841
URL: https://svnweb.freebsd.org/changeset/base/302841
Log:
Always panic if an invalid capability is passed to `capable(..)` instead of
just with INVARIANTS
rwatson's point was valid in the sense that if the data passed at runtime is
invalid, it should always trip the invariant, not just in the debug case.
This is a deterrent against malicious input, or input caused by hardware
errors.
MFC after: 4 days
X-MFC with: r302577
Requested by: rwatson
Sponsored by: EMC / Isilon Storage Division
Modified:
head/sys/dev/drm2/drm_os_freebsd.h
Modified: head/sys/dev/drm2/drm_os_freebsd.h
==============================================================================
--- head/sys/dev/drm2/drm_os_freebsd.h Thu Jul 14 11:53:39 2016 (r302840)
+++ head/sys/dev/drm2/drm_os_freebsd.h Thu Jul 14 13:55:38 2016 (r302841)
@@ -439,8 +439,7 @@ capable(enum __drm_capabilities cap)
case CAP_SYS_ADMIN:
return DRM_SUSER(curthread);
default:
- KASSERT(false,
- ("%s: unhandled capability: %0x", __func__, cap));
+ panic("%s: unhandled capability: %0x", __func__, cap);
return (false);
}
}
More information about the svn-src-head
mailing list