[PATCH i-g-t] lib/i915: Avoid non-canonical address dereference in gem_has_relocations()
Sebastian Brzezinka
sebastian.brzezinka at intel.com
Wed Jun 18 11:51:18 UTC 2025
Hi Krzysztof,
On Wed Jun 18, 2025 at 11:39 AM UTC, Krzysztof Karas wrote:
> Hi Sebastian,
>
>> Fix a general protection fault in igt at gem_exec_big@single caused by
>> passing a non-canonical address via relocs_ptr. The test previously
>> used a stack-allocated relocation entry, which resulted in an invalid
>> pointer being passed to the kernel, triggering a crash.
> Did this happen as a result using freed heap allocated data?
The issue was triggered while attempting to access memory.
Just wrong pointer.
>
>>
>> This patch replaces the stack-allocated `reloc` with a NULL pointer,
>> ensuring the kernel correctly interprets the absence of relocations and
>> avoids undefined behavior.
>>
>> A corresponding kernel patch to sanitize user input for relocs_ptr has
>> been submitted to the i915 mailing list to further harden the interface.
> I noticed that the mentioned patch has been met with some
> pushback from the community. If you believe it is required on
> the i915 side and worth mentioning here, then please move this
> note into the section below "---". Otherwise, please remove
> that part.
a
Sure, gonna do this in v2.
--
Best regards,
Sebastian
More information about the igt-dev
mailing list