This clarifies the comment above the access_ok check so a missing
VERIFY_READ doesn't alarm anyone.
Signed-off-by: Kees Cook <[email protected]>
Cc: Daniel Vetter <[email protected]>
---
drivers/gpu/drm/i915/i915_gem_execbuffer.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/i915/i915_gem_execbuffer.c b/drivers/gpu/drm/i915/i915_gem_execbuffer.c
index 2f2daeb..752e399 100644
--- a/drivers/gpu/drm/i915/i915_gem_execbuffer.c
+++ b/drivers/gpu/drm/i915/i915_gem_execbuffer.c
@@ -747,7 +747,11 @@ validate_exec_list(struct drm_i915_gem_exec_object2 *exec,
length = exec[i].relocation_count *
sizeof(struct drm_i915_gem_relocation_entry);
- /* we may also need to update the presumed offsets */
+ /*
+ * Validate memory range. Since we may need to update the
+ * presumed offsets, use VERIFY_WRITE. (Writable implies
+ * readable.)
+ */
if (!access_ok(VERIFY_WRITE, ptr, length))
return -EFAULT;
--
1.7.9.5
--
Kees Cook
Chrome OS Security
On Mon, Mar 11, 2013 at 12:26:30PM -0700, Kees Cook wrote:
> This clarifies the comment above the access_ok check so a missing
> VERIFY_READ doesn't alarm anyone.
Do we really need to copy the interface documentation?
/**
* access_ok: - Checks if a user space pointer is valid
* @type: Type of access: %VERIFY_READ or %VERIFY_WRITE. Note that
* %VERIFY_WRITE is a superset of %VERIFY_READ - if it is safe
* to write to a block, it is always safe to read from it.
* @addr: User space pointer to start of block to check
* @size: Size of block to check
*/
-Chris
--
Chris Wilson, Intel Open Source Technology Centre
On Mon, Mar 11, 2013 at 1:51 PM, Chris Wilson <[email protected]> wrote:
> On Mon, Mar 11, 2013 at 12:26:30PM -0700, Kees Cook wrote:
>> This clarifies the comment above the access_ok check so a missing
>> VERIFY_READ doesn't alarm anyone.
>
> Do we really need to copy the interface documentation?
>
> /**
> * access_ok: - Checks if a user space pointer is valid
> * @type: Type of access: %VERIFY_READ or %VERIFY_WRITE. Note that
> * %VERIFY_WRITE is a superset of %VERIFY_READ - if it is safe
> * to write to a block, it is always safe to read from it.
> * @addr: User space pointer to start of block to check
> * @size: Size of block to check
> */
> -Chris
Probably not. It just seemed like the existing comment was
insufficient after the removal of the redundant VERIFY_READ check that
happened recently.
-Kees
--
Kees Cook
Chrome OS Security
On Mon, Mar 11, 2013 at 02:04:51PM -0700, Kees Cook wrote:
> Probably not. It just seemed like the existing comment was
> insufficient after the removal of the redundant VERIFY_READ check that
> happened recently.
That's certainly true, the remaining comment is a little cryptic.
Something more like:
/* We need to check that we can read the entire relocation array, but
* as we may need to update the presumed_offsets upon execution, we
* need to check now for full write access.
*/
-Chris
--
Chris Wilson, Intel Open Source Technology Centre