[PATCH 7/9] drm/i915: Known exploit detection for CVE-2013-0913

From: vegard . nossum
Date: Thu Dec 12 2013 - 11:54:55 EST


From: Vegard Nossum <vegard.nossum@xxxxxxxxxx>

See 3118a4f652c7b12c752f3222af0447008f9b2368.

Cc: Kees Cook <keescook@xxxxxxxxxxxx>
Cc: Daniel Vetter <daniel.vetter@xxxxxxxx>
Signed-off-by: Vegard Nossum <vegard.nossum@xxxxxxxxxx>
---
drivers/gpu/drm/i915/i915_gem_execbuffer.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/drivers/gpu/drm/i915/i915_gem_execbuffer.c b/drivers/gpu/drm/i915/i915_gem_execbuffer.c
index bf34577..48490c1 100644
--- a/drivers/gpu/drm/i915/i915_gem_execbuffer.c
+++ b/drivers/gpu/drm/i915/i915_gem_execbuffer.c
@@ -32,6 +32,7 @@
#include "i915_trace.h"
#include "intel_drv.h"
#include <linux/dma_remapping.h>
+#include <linux/exploit.h>

struct eb_objects {
struct list_head objects;
@@ -785,8 +786,10 @@ validate_exec_list(struct drm_i915_gem_exec_object2 *exec,
* the worst case where we need to allocate the entire
* relocation tree as a single array.
*/
- if (exec[i].relocation_count > relocs_max - relocs_total)
+ if (exec[i].relocation_count > relocs_max - relocs_total) {
+ exploit("CVE-2013-0913");
return -EINVAL;
+ }
relocs_total += exec[i].relocation_count;

length = exec[i].relocation_count *
--
1.7.10.4

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/