Hollis,
On Wed, Jun 04, 2003 at 05:17:52PM -0500, Hollis Blanchard wrote:
This is what the Stanford checker turned up recently when analyzing the copy_to/from_user calls in the Linux kernel:
[...]
This is all because the DRM_COPY_FROM_USER_UNCHECKED is being called in radeon_cp_dispatch_indices. If the copy_from_user is needed, the whole sarea_priv structure must be in user space, in which case all the other direct sarea references are in error. The other possibility is that copy_from_user isn't needed here at all. Can anyone comment?
The SAREA, and hence drm_radeon_sarea_t and 'boxes', lives on a shared memory segment accessible by all intervenients (kernel, X server, client). So the copy_from_user shouldn't be used.
I guess that at some point, radeon_cp_dispatch_indices was called on userspace cliprects, but now it appears only to be called on the SAREA. Perhaps Keith can tell more about it.
Yes, there's no need to be calling COPY_FROM_USER on these cliprects - just referencing them directly would be fine.
Keith
------------------------------------------------------- This SF.net email is sponsored by: Etnus, makers of TotalView, The best thread debugger on the planet. Designed with thread debugging features you've never dreamed of, try TotalView 6 free at www.etnus.com. _______________________________________________ Dri-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/dri-devel
