This clarifies the comment above the access_ok check so a missing VERIFY_READ doesn't alarm anyone. Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx> Cc: Daniel Vetter <daniel.vetter@xxxxxxxx> --- drivers/gpu/drm/i915/i915_gem_execbuffer.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/i915/i915_gem_execbuffer.c b/drivers/gpu/drm/i915/i915_gem_execbuffer.c index 2f2daeb..752e399 100644 --- a/drivers/gpu/drm/i915/i915_gem_execbuffer.c +++ b/drivers/gpu/drm/i915/i915_gem_execbuffer.c @@ -747,7 +747,11 @@ validate_exec_list(struct drm_i915_gem_exec_object2 *exec, length = exec[i].relocation_count * sizeof(struct drm_i915_gem_relocation_entry); - /* we may also need to update the presumed offsets */ + /* + * Validate memory range. Since we may need to update the + * presumed offsets, use VERIFY_WRITE. (Writable implies + * readable.) + */ if (!access_ok(VERIFY_WRITE, ptr, length)) return -EFAULT; -- 1.7.9.5 -- Kees Cook Chrome OS Security _______________________________________________ dri-devel mailing list dri-devel@xxxxxxxxxxxxxxxxxxxxx http://lists.freedesktop.org/mailman/listinfo/dri-devel
