From owner-svn-src-head@freebsd.org  Thu Jul 14 13:55:39 2016
Return-Path: <owner-svn-src-head@freebsd.org>
Delivered-To: svn-src-head@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 828DEB9920F;
 Thu, 14 Jul 2016 13:55:39 +0000 (UTC)
 (envelope-from ngie@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 506441324;
 Thu, 14 Jul 2016 13:55:39 +0000 (UTC)
 (envelope-from ngie@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u6EDtcbJ028694;
 Thu, 14 Jul 2016 13:55:38 GMT (envelope-from ngie@FreeBSD.org)
Received: (from ngie@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id u6EDtcFr028693;
 Thu, 14 Jul 2016 13:55:38 GMT (envelope-from ngie@FreeBSD.org)
Message-Id: <201607141355.u6EDtcFr028693@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: ngie set sender to
 ngie@FreeBSD.org using -f
From: Garrett Cooper <ngie@FreeBSD.org>
Date: Thu, 14 Jul 2016 13:55:38 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-head@freebsd.org
Subject: svn commit: r302841 - head/sys/dev/drm2
X-SVN-Group: head
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-head@freebsd.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: SVN commit messages for the src tree for head/-current
 <svn-src-head.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-head/>
List-Post: <mailto:svn-src-head@freebsd.org>
List-Help: <mailto:svn-src-head-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Jul 2016 13:55:39 -0000

Author: ngie
Date: Thu Jul 14 13:55:38 2016
New Revision: 302841
URL: https://svnweb.freebsd.org/changeset/base/302841

Log:
  Always panic if an invalid capability is passed to `capable(..)` instead of
  just with INVARIANTS
  
  rwatson's point was valid in the sense that if the data passed at runtime is
  invalid, it should always trip the invariant, not just in the debug case.
  This is a deterrent against malicious input, or input caused by hardware
  errors.
  
  MFC after: 4 days
  X-MFC with: r302577
  Requested by: rwatson
  Sponsored by: EMC / Isilon Storage Division

Modified:
  head/sys/dev/drm2/drm_os_freebsd.h

Modified: head/sys/dev/drm2/drm_os_freebsd.h
==============================================================================
--- head/sys/dev/drm2/drm_os_freebsd.h	Thu Jul 14 11:53:39 2016	(r302840)
+++ head/sys/dev/drm2/drm_os_freebsd.h	Thu Jul 14 13:55:38 2016	(r302841)
@@ -439,8 +439,7 @@ capable(enum __drm_capabilities cap)
 	case CAP_SYS_ADMIN:
 		return DRM_SUSER(curthread);
 	default:
-		KASSERT(false,
-		    ("%s: unhandled capability: %0x", __func__, cap));
+		panic("%s: unhandled capability: %0x", __func__, cap);
 		return (false);
 	}
 }