From: Greg KH <gregkh@linuxfoundation.org>
To: Oded Gabbay <oded.gabbay@gmail.com>
Cc: linux-kernel@vger.kernel.org, olof@lixom.net, rppt@linux.ibm.com,
ogabbay@habana.ai, arnd@arndb.de, joe@perches.com
Subject: Re: [PATCH v3 05/15] habanalabs: add command buffer module
Date: Fri, 8 Feb 2019 13:06:39 +0100 [thread overview]
Message-ID: <20190208120639.GA23483@kroah.com> (raw)
In-Reply-To: <20190204203254.4026-6-oded.gabbay@gmail.com>
On Mon, Feb 04, 2019 at 10:32:44PM +0200, Oded Gabbay wrote:
> +int hl_cb_ioctl(struct hl_fpriv *hpriv, void *data)
> +{
> + union hl_cb_args *args = data;
> + struct hl_device *hdev = hpriv->hdev;
> + u64 handle;
> + int rc;
> +
> + switch (args->in.op) {
> + case HL_CB_OP_CREATE:
> + rc = hl_cb_create(hdev, &hpriv->cb_mgr, args->in.cb_size,
> + &handle, hpriv->ctx->asid);
so cb_size comes from userspace, ok, you check for the value to be too
small, but not too big. That means someone can try to allocate too much
memory, possibly crashing things, not good :(
> + memset(args, 0, sizeof(*args));
> + args->out.cb_handle = handle;
> + break;
> + case HL_CB_OP_DESTROY:
> + rc = hl_cb_destroy(hdev, &hpriv->cb_mgr,
> + args->in.cb_handle);
> + memset(args, 0, sizeof(*args));
Why zero this if it's not copied back to userspace?
> + break;
> + default:
> + rc = -EINVAL;
-ENOTTY is normally the "invalid ioctl value", right?
> + break;
> + }
> +
> + return rc;
> +}
thanks,
greg k-h
next prev parent reply other threads:[~2019-02-08 12:06 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-02-04 20:32 [PATCH v3 00/15] Habana Labs kernel driver Oded Gabbay
2019-02-04 20:32 ` [PATCH v3 01/15] habanalabs: add skeleton driver Oded Gabbay
2019-02-04 20:32 ` [PATCH v3 03/15] habanalabs: add basic Goya support Oded Gabbay
2019-02-04 20:32 ` [PATCH v3 04/15] habanalabs: add context and ASID modules Oded Gabbay
2019-02-04 20:32 ` [PATCH v3 05/15] habanalabs: add command buffer module Oded Gabbay
2019-02-08 12:06 ` Greg KH [this message]
2019-02-08 19:53 ` Oded Gabbay
2019-02-09 9:09 ` Greg KH
2019-02-04 20:32 ` [PATCH v3 06/15] habanalabs: add basic Goya h/w initialization Oded Gabbay
2019-02-04 20:32 ` [PATCH v3 07/15] habanalabs: add h/w queues module Oded Gabbay
2019-02-04 20:32 ` [PATCH v3 08/15] habanalabs: add event queue and interrupts Oded Gabbay
2019-02-04 20:32 ` [PATCH v3 09/15] habanalabs: add sysfs and hwmon support Oded Gabbay
2019-02-08 12:14 ` Greg KH
2019-02-08 21:18 ` Oded Gabbay
2019-02-04 20:32 ` [PATCH v3 10/15] habanalabs: add device reset support Oded Gabbay
2019-02-04 20:32 ` [PATCH v3 11/15] habanalabs: add command submission module Oded Gabbay
2019-02-04 20:32 ` [PATCH v3 12/15] habanalabs: add virtual memory and MMU modules Oded Gabbay
2019-02-06 15:14 ` Mike Rapoport
2019-02-07 13:15 ` Oded Gabbay
2019-02-04 20:32 ` [PATCH v3 13/15] habanalabs: implement INFO IOCTL Oded Gabbay
2019-02-04 20:32 ` [PATCH v3 14/15] habanalabs: add debugfs support Oded Gabbay
2019-02-06 15:16 ` Mike Rapoport
2019-02-08 12:16 ` Greg KH
2019-02-08 21:24 ` Oded Gabbay
2019-02-04 20:32 ` [PATCH v3 15/15] Update MAINTAINERS and CREDITS with habanalabs info Oded Gabbay
2019-02-06 11:52 ` [PATCH v3 00/15] Habana Labs kernel driver Mike Rapoport
2019-02-08 21:33 ` Oded Gabbay
2019-02-08 21:43 ` Joe Perches
2019-02-08 21:44 ` Oded Gabbay
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190208120639.GA23483@kroah.com \
--to=gregkh@linuxfoundation.org \
--cc=arnd@arndb.de \
--cc=joe@perches.com \
--cc=linux-kernel@vger.kernel.org \
--cc=oded.gabbay@gmail.com \
--cc=ogabbay@habana.ai \
--cc=olof@lixom.net \
--cc=rppt@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox