Hollis, On Wed, Jun 04, 2003 at 05:17:52PM -0500, Hollis Blanchard wrote: > This is what the Stanford checker turned up recently when analyzing the > copy_to/from_user calls in the Linux kernel: > [...] > > This is all because the DRM_COPY_FROM_USER_UNCHECKED is being called in > radeon_cp_dispatch_indices. If the copy_from_user is needed, the whole > sarea_priv structure must be in user space, in which case all the other > direct sarea references are in error. The other possibility is that > copy_from_user isn't needed here at all. Can anyone comment?
The SAREA, and hence drm_radeon_sarea_t and 'boxes', lives on a shared memory segment accessible by all intervenients (kernel, X server, client). So the copy_from_user shouldn't be used. I guess that at some point, radeon_cp_dispatch_indices was called on userspace cliprects, but now it appears only to be called on the SAREA. Perhaps Keith can tell more about it. José Fonseca PS: This Stanford checker seams to be a very nifty tool! ;-) ------------------------------------------------------- This SF.net email is sponsored by: Etnus, makers of TotalView, The best thread debugger on the planet. Designed with thread debugging features you've never dreamed of, try TotalView 6 free at www.etnus.com. _______________________________________________ Dri-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/dri-devel
