From: Keith W. <ke...@tu...> - 2003-06-04 23:35:21
|
José Fonseca wrote: > Hollis, > > On Wed, Jun 04, 2003 at 05:17:52PM -0500, Hollis Blanchard wrote: > >>This is what the Stanford checker turned up recently when analyzing the >>copy_to/from_user calls in the Linux kernel: >> > > [...] > >>This is all because the DRM_COPY_FROM_USER_UNCHECKED is being called in >>radeon_cp_dispatch_indices. If the copy_from_user is needed, the whole >>sarea_priv structure must be in user space, in which case all the other >>direct sarea references are in error. The other possibility is that >>copy_from_user isn't needed here at all. Can anyone comment? > > > The SAREA, and hence drm_radeon_sarea_t and 'boxes', lives on a shared memory > segment accessible by all intervenients (kernel, X server, client). So > the copy_from_user shouldn't be used. > > I guess that at some point, radeon_cp_dispatch_indices was called on > userspace cliprects, but now it appears only to be called on the SAREA. > Perhaps Keith can tell more about it. Yes, there's no need to be calling COPY_FROM_USER on these cliprects - just referencing them directly would be fine. Keith |