Date: Wed, 13 Jul 2016 16:56:39 -0700 From: Ngie Cooper <yaneurabeya@gmail.com> To: Robert Watson <rwatson@freebsd.org> Cc: Garrett Cooper <ngie@freebsd.org>, "src-committers@freebsd.org" <src-committers@freebsd.org>, "svn-src-all@freebsd.org" <svn-src-all@freebsd.org>, "svn-src-head@freebsd.org" <svn-src-head@freebsd.org> Subject: Re: svn commit: r302577 - head/sys/dev/drm2 Message-ID: <CAGHfRMC8c_okqZSiuM-_DEHMU4B6-oun_K0Dz=epjA0YG1EmtA@mail.gmail.com> In-Reply-To: <alpine.BSF.2.20.1607131252340.36917@fledge.watson.org> References: <201607111701.u6BH189R083052@repo.freebsd.org> <alpine.BSF.2.20.1607131252340.36917@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Jul 13, 2016 at 4:54 AM, Robert Watson <rwatson@freebsd.org> wrote: > On Mon, 11 Jul 2016, Garrett Cooper wrote: > >> Add missing default case to capable(..) function definition >> >> By definition (enum __drm_capabilities), cases other than CAP_SYS_ADMIN >> aren't possible. Add in a KASSERT safety belt and return false in >> !INVARIANTS case if an invalid value is passed in, as it would be a >> programmer error. >> >> This fixes a -Wreturn-type error with gcc 5.3.0. >> >> Differential Revision: https://reviews.freebsd.org/D7188 >> MFC after: 1 week >> Reported by: devel/amd64-gcc (5.3.0) >> Reviewed by: dumbbell >> Sponsored by: EMC / Isilon Storage Division > > Per my comment in the review, I think a panic() here would be preferable to > a KASSERT(), as it would come without perceptible runtime cost, and failstop > the system if we were violating a design-time security invariant. Good point. I'll commit the change tonight. Thanks! -Ngie
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAGHfRMC8c_okqZSiuM-_DEHMU4B6-oun_K0Dz=epjA0YG1EmtA>