Re: [PATCH] drm/i915: clarify reasoning for the access_ok call
On Mon, Mar 11, 2013 at 02:04:51PM -0700, Kees Cook wrote: > Probably not. It just seemed like the existing comment was > insufficient after the removal of the redundant VERIFY_READ check that > happened recently. That's certainly true, the remaining comment is a little cryptic. Something more like: /* We need to check that we can read the entire relocation array, but * as we may need to update the presumed_offsets upon execution, we * need to check now for full write access. */ -Chris -- Chris Wilson, Intel Open Source Technology Centre -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] drm/i915: clarify reasoning for the access_ok call
On Mon, Mar 11, 2013 at 1:51 PM, Chris Wilson wrote: > On Mon, Mar 11, 2013 at 12:26:30PM -0700, Kees Cook wrote: >> This clarifies the comment above the access_ok check so a missing >> VERIFY_READ doesn't alarm anyone. > > Do we really need to copy the interface documentation? > > /** > * access_ok: - Checks if a user space pointer is valid > * @type: Type of access: %VERIFY_READ or %VERIFY_WRITE. Note that > *%VERIFY_WRITE is a superset of %VERIFY_READ - if it is safe > *to write to a block, it is always safe to read from it. > * @addr: User space pointer to start of block to check > * @size: Size of block to check > */ > -Chris Probably not. It just seemed like the existing comment was insufficient after the removal of the redundant VERIFY_READ check that happened recently. -Kees -- Kees Cook Chrome OS Security -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] drm/i915: clarify reasoning for the access_ok call
On Mon, Mar 11, 2013 at 12:26:30PM -0700, Kees Cook wrote: > This clarifies the comment above the access_ok check so a missing > VERIFY_READ doesn't alarm anyone. Do we really need to copy the interface documentation? /** * access_ok: - Checks if a user space pointer is valid * @type: Type of access: %VERIFY_READ or %VERIFY_WRITE. Note that *%VERIFY_WRITE is a superset of %VERIFY_READ - if it is safe *to write to a block, it is always safe to read from it. * @addr: User space pointer to start of block to check * @size: Size of block to check */ -Chris -- Chris Wilson, Intel Open Source Technology Centre -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
[PATCH] drm/i915: clarify reasoning for the access_ok call
This clarifies the comment above the access_ok check so a missing VERIFY_READ doesn't alarm anyone. Signed-off-by: Kees Cook Cc: Daniel Vetter --- drivers/gpu/drm/i915/i915_gem_execbuffer.c |6 +- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/i915/i915_gem_execbuffer.c b/drivers/gpu/drm/i915/i915_gem_execbuffer.c index 2f2daeb..752e399 100644 --- a/drivers/gpu/drm/i915/i915_gem_execbuffer.c +++ b/drivers/gpu/drm/i915/i915_gem_execbuffer.c @@ -747,7 +747,11 @@ validate_exec_list(struct drm_i915_gem_exec_object2 *exec, length = exec[i].relocation_count * sizeof(struct drm_i915_gem_relocation_entry); - /* we may also need to update the presumed offsets */ + /* +* Validate memory range. Since we may need to update the +* presumed offsets, use VERIFY_WRITE. (Writable implies +* readable.) +*/ if (!access_ok(VERIFY_WRITE, ptr, length)) return -EFAULT; -- 1.7.9.5 -- Kees Cook Chrome OS Security -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
[PATCH] drm/i915: clarify reasoning for the access_ok call
This clarifies the comment above the access_ok check so a missing VERIFY_READ doesn't alarm anyone. Signed-off-by: Kees Cook keesc...@chromium.org Cc: Daniel Vetter daniel.vet...@ffwll.ch --- drivers/gpu/drm/i915/i915_gem_execbuffer.c |6 +- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/i915/i915_gem_execbuffer.c b/drivers/gpu/drm/i915/i915_gem_execbuffer.c index 2f2daeb..752e399 100644 --- a/drivers/gpu/drm/i915/i915_gem_execbuffer.c +++ b/drivers/gpu/drm/i915/i915_gem_execbuffer.c @@ -747,7 +747,11 @@ validate_exec_list(struct drm_i915_gem_exec_object2 *exec, length = exec[i].relocation_count * sizeof(struct drm_i915_gem_relocation_entry); - /* we may also need to update the presumed offsets */ + /* +* Validate memory range. Since we may need to update the +* presumed offsets, use VERIFY_WRITE. (Writable implies +* readable.) +*/ if (!access_ok(VERIFY_WRITE, ptr, length)) return -EFAULT; -- 1.7.9.5 -- Kees Cook Chrome OS Security -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] drm/i915: clarify reasoning for the access_ok call
On Mon, Mar 11, 2013 at 12:26:30PM -0700, Kees Cook wrote: This clarifies the comment above the access_ok check so a missing VERIFY_READ doesn't alarm anyone. Do we really need to copy the interface documentation? /** * access_ok: - Checks if a user space pointer is valid * @type: Type of access: %VERIFY_READ or %VERIFY_WRITE. Note that *%VERIFY_WRITE is a superset of %VERIFY_READ - if it is safe *to write to a block, it is always safe to read from it. * @addr: User space pointer to start of block to check * @size: Size of block to check */ -Chris -- Chris Wilson, Intel Open Source Technology Centre -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] drm/i915: clarify reasoning for the access_ok call
On Mon, Mar 11, 2013 at 1:51 PM, Chris Wilson ch...@chris-wilson.co.uk wrote: On Mon, Mar 11, 2013 at 12:26:30PM -0700, Kees Cook wrote: This clarifies the comment above the access_ok check so a missing VERIFY_READ doesn't alarm anyone. Do we really need to copy the interface documentation? /** * access_ok: - Checks if a user space pointer is valid * @type: Type of access: %VERIFY_READ or %VERIFY_WRITE. Note that *%VERIFY_WRITE is a superset of %VERIFY_READ - if it is safe *to write to a block, it is always safe to read from it. * @addr: User space pointer to start of block to check * @size: Size of block to check */ -Chris Probably not. It just seemed like the existing comment was insufficient after the removal of the redundant VERIFY_READ check that happened recently. -Kees -- Kees Cook Chrome OS Security -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] drm/i915: clarify reasoning for the access_ok call
On Mon, Mar 11, 2013 at 02:04:51PM -0700, Kees Cook wrote: Probably not. It just seemed like the existing comment was insufficient after the removal of the redundant VERIFY_READ check that happened recently. That's certainly true, the remaining comment is a little cryptic. Something more like: /* We need to check that we can read the entire relocation array, but * as we may need to update the presumed_offsets upon execution, we * need to check now for full write access. */ -Chris -- Chris Wilson, Intel Open Source Technology Centre -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/