Hello,
I am going to file a security bug.
VULNERABILITY DETAILS
ioctl$AMDGPU_CS will call amdgpu_cs_ioctl which will call
amdgpu_cs_parser_init. The type of size is unsigned(4 bytes)[1]. And size
is assigned from p->chunks[i].length_dw[2] which is assigned from
user_chunk.length_dw[3], which typ
Sorry, I found that the latest code function has become amdgpu_cs_pass1,
and radeon_cs_parser_init has the same problem.And i will send the patch.
whitehat002 whitehat002 于2023年4月18日周二 11:39写道:
> Hello,
>
> I am going to file a security bug.
>
> VULNERABILITY DETAILS
>
> ioctl$AMDGPU_CS will cal
