Alan Cox wrote:
OK, then we might perhaps skip the kmalloc thing totally, sinceOn Iau, 2004-09-02 at 15:04, Thomas HellstrÃm wrote:Could this be acceptable security-wise?I'd add an upper limit to the kmalloc buffer size of say 32K (realistically thats as big as will be reliable anyway). the preallocated buffer is 32K. Then the caller would have to split certain command sequences into multiple buffers, which would target mostly mpeg1 slice data if AGP DMA is not working for some reason, but hardly 2d engine commands. Thanks. I'll take a look at that. The value thing was a leftover from a removedOtherwise looks ok. It does do the offset maths twice once without need and loads value without need in the first loopMight be better to do offset > (0x7FFU >> 2) check that the user didn't do "system memory" blitting with the 2d engine. >From what I can figure, that should be harmless, though, so I removed the test. It's done in the IOCTL main.since the maths that end can be done by the compiler. I assume the caller checks we hold the DRM lock ? /Thomas. |
- PATCH: unichrome: Command buffer over PCI ioctl. Thomas Hellström
- Re: PATCH: unichrome: Command buffer over PCI i... Alan Cox
- Thomas Hellström