On Mon, Aug 15, 2016 at 03:41:20PM +0100, Robert Bragg wrote: > check_cmd() is checking whether a command adheres to certain > restrictions that ensure it's safe to execute within a privileged batch > buffer. Returning false implies a privilege problem, not that the > command is invalid. > > The distinction makes the difference between allowing the buffer to be > executed as an unprivileged batch buffer or returning an EINVAL error to > userspace without executing anything.
Ah, but you choose to actually execute it instead. We can't allow that either. -Chris -- Chris Wilson, Intel Open Source Technology Centre
