Re: Suggest make 'user_access_begin()' do 'access_ok()' to stable kernel

On Thu, 2020-06-11 at 13:15 +0200, Greg KH wrote:

On Thu, Jun 11, 2020 at 09:37:42AM +0800, Miles Chen wrote:

...

@@ -2601,7 +2603,17 @@ i915_gem_execbuffer2_ioctl(struct drm_device *dev, void *data, unsigned int i; /* Copy the new buffer offsets back to the user's exec list. */

• user_access_begin();
  

• /*
  

•  * Note: count * sizeof(*user_exec_list) does not overflow,
  

•  * because we checked 'count' in check_buffer_count().
  

•  *
  

•  * And this range already got effectively checked earlier
  

•  * when we did the "copy_from_user()" above.
  

•  */
  

• if (!user_access_begin(VERIFY_WRITE, user_exec_list,
  

• 		       count * sizeof(*user_exec_list)))
  

• 	goto end_user;
  

• for (i = 0; i < args->buffer_count; i++) { if (!(exec2_list[i].offset & UPDATE)) continue;

No one seems to have test-built this code, it fails here on the 4.14.y kernel :(

I'll go fix it up, but please, always at the very least, test build your patches before sending them out...

thanks,

Sorry for the breakage. It won't happen next time.

cheers, Miles

greg k-h