On Wed, Jun 04, 2003 at 05:17:52PM -0500, Hollis Blanchard wrote:This is what the Stanford checker turned up recently when analyzing the[...]
copy_to/from_user calls in the Linux kernel:
This is all because the DRM_COPY_FROM_USER_UNCHECKED is being called in
radeon_cp_dispatch_indices. If the copy_from_user is needed, the whole
sarea_priv structure must be in user space, in which case all the other
direct sarea references are in error. The other possibility is that
copy_from_user isn't needed here at all. Can anyone comment?
The SAREA, and hence drm_radeon_sarea_t and 'boxes', lives on a shared memory
segment accessible by all intervenients (kernel, X server, client). So
the copy_from_user shouldn't be used.
I guess that at some point, radeon_cp_dispatch_indices was called on userspace cliprects, but now it appears only to be called on the SAREA. Perhaps Keith can tell more about it.
Any further comments here? I didn't quite follow the explanation of where SAREA lives, but I guess copy_from_user should be replaced? Anyone have a patch?
-- Hollis Blanchard IBM Linux Technology Center
------------------------------------------------------- This SF.net email is sponsored by: Etnus, makers of TotalView, The best thread debugger on the planet. Designed with thread debugging features you've never dreamed of, try TotalView 6 free at www.etnus.com. _______________________________________________ Dri-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/dri-devel
