Always panic if an invalid capability is passed to capable(..)
instead of
just with INVARIANTS rwatson's point was valid in the sense that if the data passed at runtime is invalid, it should always trip the invariant, not just in the debug case. This is a deterrent against malicious input, or input caused by hardware errors. MFC after: 4 days X-MFC with: r302577 Requested by: rwatson Sponsored by: EMC / Isilon Storage Division
This commit is contained in:
parent
70e3da3892
commit
e5619a893e
@ -439,8 +439,7 @@ capable(enum __drm_capabilities cap)
|
||||
case CAP_SYS_ADMIN:
|
||||
return DRM_SUSER(curthread);
|
||||
default:
|
||||
KASSERT(false,
|
||||
("%s: unhandled capability: %0x", __func__, cap));
|
||||
panic("%s: unhandled capability: %0x", __func__, cap);
|
||||
return (false);
|
||||
}
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user