All of lore.kernel.org
 help / color / mirror / Atom feed
From: Chris Wilson <chris@chris-wilson.co.uk>
To: Michal Srb <msrb@suse.com>, dri-devel@lists.freedesktop.org
Subject: Re: [PATCH v2 2/2] drm/i915/cmdparser: Do not check past the cmd length.
Date: Mon, 05 Feb 2018 16:04:25 +0000	[thread overview]
Message-ID: <151784666538.15322.9046409184863390939@mail.alporthouse.com> (raw)
In-Reply-To: <20180205151745.29292-1-msrb@suse.com>

Quoting Michal Srb (2018-02-05 15:17:45)
> The command MEDIA_VFE_STATE checks bits at offset +2 dwords. However, it is
> possible to have MEDIA_VFE_STATE command with length = 0 + LENGTH_BIAS = 2.
> In that case check_cmd will read bits from the following command, or even past
> the end of the buffer.
> 
> If the offset ends up outside of the command length, reject the command.
> 
> Signed-off-by: Michal Srb <msrb@suse.com>

Looks good, both
Reviewed-by: Chris Wilson <chris@chris-wilson.co.uk>

I'll resend them to intel-gfx@ so CI picks them up for the checklist.
-Chris
_______________________________________________
dri-devel mailing list
dri-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/dri-devel

  reply	other threads:[~2018-02-05 16:04 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-02-05 14:29 [PATCH 0/2] Fixes in drm/i915/cmdparser Michal Srb
2018-02-05 14:29 ` [PATCH 1/2] drm/i915/cmdparser: Check reg_table_count before derefencing Michal Srb
2018-02-05 14:29 ` [PATCH 2/2] drm/i915/cmdparser: Do not check past the cmd length Michal Srb
2018-02-05 14:48   ` Chris Wilson
2018-02-05 15:17     ` [PATCH v2 " Michal Srb
2018-02-05 16:04       ` Chris Wilson [this message]
2018-02-05 20:50         ` Chris Wilson

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=151784666538.15322.9046409184863390939@mail.alporthouse.com \
    --to=chris@chris-wilson.co.uk \
    --cc=dri-devel@lists.freedesktop.org \
    --cc=msrb@suse.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.