[PATCH i-g-t] lib/i915: Avoid non-canonical address dereference in gem_has_relocations()
Sebastian Brzezinka
sebastian.brzezinka at intel.com
Mon Jun 23 14:33:36 UTC 2025
Hi Kamil,
On Wed Jun 18, 2025 at 3:10 PM UTC, Kamil Konieczny wrote:
> Hi Sebastian,
> On 2025-06-16 at 14:26:15 +0000, Sebastian Brzezinka wrote:
>> Fix a general protection fault in igt at gem_exec_big@single caused by
>> passing a non-canonical address via relocs_ptr. The test previously
>> used a stack-allocated relocation entry, which resulted in an invalid
>> pointer being passed to the kernel, triggering a crash.
>>
>> This patch replaces the stack-allocated `reloc` with a NULL pointer,
>> ensuring the kernel correctly interprets the absence of relocations and
>> avoids undefined behavior.
>>
>> A corresponding kernel patch to sanitize user input for relocs_ptr has
>> been submitted to the i915 mailing list to further harden the interface.
>>
>> Closes: https://gitlab.freedesktop.org/drm/i915/kernel/-/issues/11713
>>
>
> Do we miss some igt test for this? imho kernel should not
> make any oops when it is given invalid pointer to relocs
> nor invalid values in relocs.
> What about writing gem_bad_reloc at invalid test for it?
Absolutely. Once I identify a proper way to sanitize this on the kernel
side, I’ll add a corresponding test to validate the behavior.
--
Best regards,
Sebastian
More information about the igt-dev
mailing list