From: Matthew Brost <matthew.brost@intel.com>
To: Nirmoy Das <nirmoy.das@intel.com>
Cc: <intel-xe@lists.freedesktop.org>,
Francois Dugast <francois.dugast@intel.com>,
Maarten Lankhorst <maarten.lankhorst@linux.intel.com>,
Matthew Auld <matthew.auld@intel.com>
Subject: Re: [PATCH v2 1/2] drm/xe/ufence: Prefetch ufence addr to catch bogus address
Date: Fri, 18 Oct 2024 02:51:04 +0000 [thread overview]
Message-ID: <ZxHNGEnSLoZGsUm1@DUT025-TGLU.fm.intel.com> (raw)
In-Reply-To: <20241016082304.66009-2-nirmoy.das@intel.com>
On Wed, Oct 16, 2024 at 10:23:03AM +0200, Nirmoy Das wrote:
> access_ok() only checks for addr overflow so also try to read the addr
> to catch invalid addr sent from userspace.
>
> Link: https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/1630
> Cc: Francois Dugast <francois.dugast@intel.com>
> Cc: Maarten Lankhorst <maarten.lankhorst@linux.intel.com>
> Cc: Matthew Auld <matthew.auld@intel.com>
> Cc: Matthew Brost <matthew.brost@intel.com>
> Cc: Matthew Brost <matthew.brost@intel.com>
Reviewed-by: Matthew Brost <matthew.brost@intel.com>
> Signed-off-by: Nirmoy Das <nirmoy.das@intel.com>
> ---
> drivers/gpu/drm/xe/xe_sync.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/gpu/drm/xe/xe_sync.c b/drivers/gpu/drm/xe/xe_sync.c
> index c6cf227ead40..2e72c06fd40d 100644
> --- a/drivers/gpu/drm/xe/xe_sync.c
> +++ b/drivers/gpu/drm/xe/xe_sync.c
> @@ -54,8 +54,9 @@ static struct xe_user_fence *user_fence_create(struct xe_device *xe, u64 addr,
> {
> struct xe_user_fence *ufence;
> u64 __user *ptr = u64_to_user_ptr(addr);
> + u64 __maybe_unused prefetch_val;
>
> - if (!access_ok(ptr, sizeof(*ptr)))
> + if (get_user(prefetch_val, ptr))
> return ERR_PTR(-EFAULT);
>
> ufence = kzalloc(sizeof(*ufence), GFP_KERNEL);
> --
> 2.46.0
>
next prev parent reply other threads:[~2024-10-18 2:52 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-10-16 8:23 [PATCH v2 0/2] Improve ufence addr validation and error handling Nirmoy Das
2024-10-16 8:23 ` [PATCH v2 1/2] drm/xe/ufence: Prefetch ufence addr to catch bogus address Nirmoy Das
2024-10-18 2:51 ` Matthew Brost [this message]
2024-10-16 8:23 ` [PATCH v2 2/2] drm/xe/ufence: Warn if mmget_not_zero() fails Nirmoy Das
2024-10-18 13:41 ` Nirmoy Das
2024-10-18 13:53 ` Francois Dugast
2024-10-18 13:54 ` Nirmoy Das
2024-10-16 12:04 ` ✓ CI.Patch_applied: success for Improve ufence addr validation and error handling (rev3) Patchwork
2024-10-16 12:04 ` ✓ CI.checkpatch: " Patchwork
2024-10-16 12:05 ` ✓ CI.KUnit: " Patchwork
2024-10-16 12:17 ` ✓ CI.Build: " Patchwork
2024-10-16 12:19 ` ✓ CI.Hooks: " Patchwork
2024-10-16 12:21 ` ✓ CI.checksparse: " Patchwork
2024-10-16 12:38 ` ✓ CI.BAT: " Patchwork
2024-10-17 2:54 ` ✗ CI.FULL: failure " Patchwork
2024-10-18 15:40 ` Nirmoy Das
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZxHNGEnSLoZGsUm1@DUT025-TGLU.fm.intel.com \
--to=matthew.brost@intel.com \
--cc=francois.dugast@intel.com \
--cc=intel-xe@lists.freedesktop.org \
--cc=maarten.lankhorst@linux.intel.com \
--cc=matthew.auld@intel.com \
--cc=nirmoy.das@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox