diff options
| author | Enji Cooper <ngie@FreeBSD.org> | 2016-07-14 13:55:38 +0000 |
|---|---|---|
| committer | Enji Cooper <ngie@FreeBSD.org> | 2016-07-14 13:55:38 +0000 |
| commit | e5619a893ee931fcc63ac4dac999d154d2133a07 (patch) | |
| tree | 26133def2dbde4156d695488a44205f1b7090b7c /sys/dev | |
| parent | 70e3da3892735446104365ffbc513855d2c7bf29 (diff) | |
| download | src-e5619a893ee931fcc63ac4dac999d154d2133a07.tar.gz src-e5619a893ee931fcc63ac4dac999d154d2133a07.zip | |
Always panic if an invalid capability is passed to `capable(..)` instead of
just with INVARIANTS
rwatson's point was valid in the sense that if the data passed at runtime is
invalid, it should always trip the invariant, not just in the debug case.
This is a deterrent against malicious input, or input caused by hardware
errors.
MFC after: 4 days
X-MFC with: r302577
Requested by: rwatson
Sponsored by: EMC / Isilon Storage Division
Notes
Notes:
svn path=/head/; revision=302841
Diffstat (limited to 'sys/dev')
| -rw-r--r-- | sys/dev/drm2/drm_os_freebsd.h | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/sys/dev/drm2/drm_os_freebsd.h b/sys/dev/drm2/drm_os_freebsd.h index b3f626b8965e..3c9983838e1d 100644 --- a/sys/dev/drm2/drm_os_freebsd.h +++ b/sys/dev/drm2/drm_os_freebsd.h @@ -439,8 +439,7 @@ capable(enum __drm_capabilities cap) case CAP_SYS_ADMIN: return DRM_SUSER(curthread); default: - KASSERT(false, - ("%s: unhandled capability: %0x", __func__, cap)); + panic("%s: unhandled capability: %0x", __func__, cap); return (false); } } |