Re: [Intel-gfx] [PATCH v2 2/3 drm: Check property/enum name length

2018-03-06 Thread Ville Syrjälä 
On Tue, Mar 06, 2018 at 11:22:54AM +0100, Daniel Vetter wrote:
> On Fri, Mar 02, 2018 at 04:03:00PM +0200, Ville Syrjala wrote:
> > From: Ville Syrjälä 
> > 
> > Reject requests to add properties/enums with an overly long name.
> > Previously we would have just silently truncated the string and exposed
> > it userspace.
> > 
> > v2: drm_property_create() returns a pointer
> > 
> > Signed-off-by: Ville Syrjälä 
> 
> While you're typing validation code, I noticed that drm_property_add_enum
> allows you to overwrite the name of an existing enum value already added.
> That sounds like something we never want to allow either.

Good point. I suppose we should just WARN and error out there as well?

> 
> Anyway, this is
> 
> Reviewed-by: Daniel Vetter 
> 
> > ---
> >  drivers/gpu/drm/drm_property.c | 6 ++
> >  1 file changed, 6 insertions(+)
> > 
> > diff --git a/drivers/gpu/drm/drm_property.c b/drivers/gpu/drm/drm_property.c
> > index fe8627fb7ae6..c37ac41125b5 100644
> > --- a/drivers/gpu/drm/drm_property.c
> > +++ b/drivers/gpu/drm/drm_property.c
> > @@ -78,6 +78,9 @@ struct drm_property *drm_property_create(struct 
> > drm_device *dev, int flags,
> > struct drm_property *property = NULL;
> > int ret;
> >  
> > +   if (WARN_ON(strlen(name) >= DRM_PROP_NAME_LEN))
> > +   return NULL;
> > +
> > property = kzalloc(sizeof(struct drm_property), GFP_KERNEL);
> > if (!property)
> > return NULL;
> > @@ -372,6 +375,9 @@ int drm_property_add_enum(struct drm_property 
> > *property, int index,
> >  {
> > struct drm_property_enum *prop_enum;
> >  
> > +   if (WARN_ON(strlen(name) >= DRM_PROP_NAME_LEN))
> > +   return -EINVAL;
> > +
> > if (!(drm_property_type_is(property, DRM_MODE_PROP_ENUM) ||
> > drm_property_type_is(property, DRM_MODE_PROP_BITMASK)))
> > return -EINVAL;
> > -- 
> > 2.16.1
> > 
> > ___
> > Intel-gfx mailing list
> > intel-...@lists.freedesktop.org
> > https://lists.freedesktop.org/mailman/listinfo/intel-gfx
> 
> -- 
> Daniel Vetter
> Software Engineer, Intel Corporation
> http://blog.ffwll.ch

-- 
Ville Syrjälä
Intel OTC
___
dri-devel mailing list
dri-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/dri-devel

Re: [Intel-gfx] [PATCH v2 2/3 drm: Check property/enum name length

2018-03-06 Thread Daniel Vetter 
On Fri, Mar 02, 2018 at 04:03:00PM +0200, Ville Syrjala wrote:
> From: Ville Syrjälä 
> 
> Reject requests to add properties/enums with an overly long name.
> Previously we would have just silently truncated the string and exposed
> it userspace.
> 
> v2: drm_property_create() returns a pointer
> 
> Signed-off-by: Ville Syrjälä 

While you're typing validation code, I noticed that drm_property_add_enum
allows you to overwrite the name of an existing enum value already added.
That sounds like something we never want to allow either.

Anyway, this is

Reviewed-by: Daniel Vetter 

> ---
>  drivers/gpu/drm/drm_property.c | 6 ++
>  1 file changed, 6 insertions(+)
> 
> diff --git a/drivers/gpu/drm/drm_property.c b/drivers/gpu/drm/drm_property.c
> index fe8627fb7ae6..c37ac41125b5 100644
> --- a/drivers/gpu/drm/drm_property.c
> +++ b/drivers/gpu/drm/drm_property.c
> @@ -78,6 +78,9 @@ struct drm_property *drm_property_create(struct drm_device 
> *dev, int flags,
>   struct drm_property *property = NULL;
>   int ret;
>  
> + if (WARN_ON(strlen(name) >= DRM_PROP_NAME_LEN))
> + return NULL;
> +
>   property = kzalloc(sizeof(struct drm_property), GFP_KERNEL);
>   if (!property)
>   return NULL;
> @@ -372,6 +375,9 @@ int drm_property_add_enum(struct drm_property *property, 
> int index,
>  {
>   struct drm_property_enum *prop_enum;
>  
> + if (WARN_ON(strlen(name) >= DRM_PROP_NAME_LEN))
> + return -EINVAL;
> +
>   if (!(drm_property_type_is(property, DRM_MODE_PROP_ENUM) ||
>   drm_property_type_is(property, DRM_MODE_PROP_BITMASK)))
>   return -EINVAL;
> -- 
> 2.16.1
> 
> ___
> Intel-gfx mailing list
> intel-...@lists.freedesktop.org
> https://lists.freedesktop.org/mailman/listinfo/intel-gfx

-- 
Daniel Vetter
Software Engineer, Intel Corporation
http://blog.ffwll.ch
___
dri-devel mailing list
dri-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/dri-devel

[PATCH v2 2/3 drm: Check property/enum name length

2018-03-02 Thread Ville Syrjala 
From: Ville Syrjälä 

Reject requests to add properties/enums with an overly long name.
Previously we would have just silently truncated the string and exposed
it userspace.

v2: drm_property_create() returns a pointer

Signed-off-by: Ville Syrjälä 
---
 drivers/gpu/drm/drm_property.c | 6 ++
 1 file changed, 6 insertions(+)

diff --git a/drivers/gpu/drm/drm_property.c b/drivers/gpu/drm/drm_property.c
index fe8627fb7ae6..c37ac41125b5 100644
--- a/drivers/gpu/drm/drm_property.c
+++ b/drivers/gpu/drm/drm_property.c
@@ -78,6 +78,9 @@ struct drm_property *drm_property_create(struct drm_device 
*dev, int flags,
struct drm_property *property = NULL;
int ret;
 
+   if (WARN_ON(strlen(name) >= DRM_PROP_NAME_LEN))
+   return NULL;
+
property = kzalloc(sizeof(struct drm_property), GFP_KERNEL);
if (!property)
return NULL;
@@ -372,6 +375,9 @@ int drm_property_add_enum(struct drm_property *property, 
int index,
 {
struct drm_property_enum *prop_enum;
 
+   if (WARN_ON(strlen(name) >= DRM_PROP_NAME_LEN))
+   return -EINVAL;
+
if (!(drm_property_type_is(property, DRM_MODE_PROP_ENUM) ||
drm_property_type_is(property, DRM_MODE_PROP_BITMASK)))
return -EINVAL;
-- 
2.16.1

___
dri-devel mailing list
dri-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/dri-devel