Re: PATCH: unichrome: Command buffer over PCI ioctl.

[Thomas Hellström]

Alan Cox wrote: On Iau, 2004-09-02 at 15:04, Thomas HellstrÃm wrote: Could this be acceptable security-wise? I'd add an upper limit to the kmalloc buffer size of say 32K (realistically thats as big as will be reliable anyway). OK, then we might perhaps skip the kmalloc thing totally, since the preallocated buffer is 32K. Then the caller would have to split certain command sequences into multiple buffers, which would target mostly mpeg1 slice data if AGP DMA is not working for some reason, but hardly 2d engine commands. Otherwise looks ok. It does do the offset maths twice once without need and loads value without need in the first loop Might be better to do offset > (0x7FFU >> 2) Thanks. I'll take a look at that. The value thing was a leftover from a removed check that the user didn't do "system memory" blitting with the 2d engine. >From what I can figure, that should be harmless, though, so I removed the test. since the maths that end can be done by the compiler. I assume the caller checks we hold the DRM lock ? It's done in the IOCTL main. /Thomas.