Am Donnerstag, den 22.10.2015, 09:12 +0200 schrieb Daniel Vetter: [...] > > > - all the array allocations aren't checked for integer overflows in > > > gem_submit. Just use kmalloc_array or similar to get this right. That > > > means you need to allocations in submit_create, but imo better safe than > > > security-buggy. Similar problem in submit_reloc, but there > > > copy_from_user will protect you since you only copy individual structs. > > > Still a bit fragile. > > > > I'm not sure kmalloc_array() is the right answer there, but I'll look > > into it - I'd really like to avoid doing lots of small kmalloc()s all > > over the place as each one has a non-zero cost. The more we can lump > > together, the better - but it has to be done safely. > > That was just my preference since I have a hard time reasonining about > overflow checks so like to avoid them. > We might just get some reasonable limits on the number of allowed objects per submit in place, like 64k buffers and relocs should be enough for everyone. *famous last words* Regards, Lucas -- Pengutronix e.K. | Lucas Stach | Industrial Linux Solutions | http://www.pengutronix.de/ | _______________________________________________ dri-devel mailing list dri-devel@xxxxxxxxxxxxxxxxxxxxx http://lists.freedesktop.org/mailman/listinfo/dri-devel
