Quoting Dan Carpenter (2019-05-29 12:52:43)
> Hello Tvrtko Ursulin,
>
> The patch c5d3e39caa45: "drm/i915: Engine discovery query" from May
> 22, 2019, leads to the following static checker warning:
>
> drivers/gpu/drm/i915/i915_query.c:134 query_engine_info()
> warn: calling '__copy_to_user()' without access_ok()
>
> drivers/gpu/drm/i915/i915_query.c
> 97 query_engine_info(struct drm_i915_private *i915,
> 98 struct drm_i915_query_item *query_item)
> 99 {
> 100 struct drm_i915_query_engine_info __user *query_ptr =
> 101 u64_to_user_ptr(query_item->data_ptr);
>
> query_item->data_ptr comes from the ioctl and hasn't been checked.
copy_query_items() does the access_ok() check for the data portion after
the header.
-Chris
_______________________________________________
Intel-gfx mailing list
[email protected]
https://lists.freedesktop.org/mailman/listinfo/intel-gfx
