From: Sebastian Brzezinka <sebastian.brzezinka@intel.com>
To: Kamil Konieczny <kamil.konieczny@linux.intel.com>
Cc: <igt-dev@lists.freedesktop.org>, <andi.shyti@linux.intel.com>,
<krzysztof.niemiec@intel.com>, <krzysztof.karas@intel.com>
Subject: Re: [PATCH i-g-t] lib/i915: Avoid non-canonical address dereference in gem_has_relocations()
Date: Mon, 23 Jun 2025 14:33:36 +0000 [thread overview]
Message-ID: <DATZJ7EAK3JI.3SI7CWXG1RMJ2@intel.com> (raw)
In-Reply-To: <20250618151030.awt3aao74pslavlg@kamilkon-DESK.igk.intel.com>
Hi Kamil,
On Wed Jun 18, 2025 at 3:10 PM UTC, Kamil Konieczny wrote:
> Hi Sebastian,
> On 2025-06-16 at 14:26:15 +0000, Sebastian Brzezinka wrote:
>> Fix a general protection fault in igt@gem_exec_big@single caused by
>> passing a non-canonical address via relocs_ptr. The test previously
>> used a stack-allocated relocation entry, which resulted in an invalid
>> pointer being passed to the kernel, triggering a crash.
>>
>> This patch replaces the stack-allocated `reloc` with a NULL pointer,
>> ensuring the kernel correctly interprets the absence of relocations and
>> avoids undefined behavior.
>>
>> A corresponding kernel patch to sanitize user input for relocs_ptr has
>> been submitted to the i915 mailing list to further harden the interface.
>>
>> Closes: https://gitlab.freedesktop.org/drm/i915/kernel/-/issues/11713
>>
>
> Do we miss some igt test for this? imho kernel should not
> make any oops when it is given invalid pointer to relocs
> nor invalid values in relocs.
> What about writing gem_bad_reloc@invalid test for it?
Absolutely. Once I identify a proper way to sanitize this on the kernel
side, I’ll add a corresponding test to validate the behavior.
--
Best regards,
Sebastian
prev parent reply other threads:[~2025-06-23 14:33 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-06-16 14:26 [PATCH i-g-t] lib/i915: Avoid non-canonical address dereference in gem_has_relocations() Sebastian Brzezinka
2025-06-16 23:26 ` ✓ Xe.CI.BAT: success for " Patchwork
2025-06-17 7:24 ` ✓ Xe.CI.Full: " Patchwork
2025-06-17 13:37 ` ✗ i915.CI.BAT: failure " Patchwork
2025-06-18 11:39 ` [PATCH i-g-t] " Krzysztof Karas
2025-06-18 11:51 ` Sebastian Brzezinka
2025-06-23 17:43 ` Kamil Konieczny
2025-06-18 15:10 ` Kamil Konieczny
2025-06-23 14:33 ` Sebastian Brzezinka [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=DATZJ7EAK3JI.3SI7CWXG1RMJ2@intel.com \
--to=sebastian.brzezinka@intel.com \
--cc=andi.shyti@linux.intel.com \
--cc=igt-dev@lists.freedesktop.org \
--cc=kamil.konieczny@linux.intel.com \
--cc=krzysztof.karas@intel.com \
--cc=krzysztof.niemiec@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox