drm/i915: clarify reasoning for the access_ok call

This clarifies the comment above the access_ok check so a missing
VERIFY_READ doesn't alarm anyone.

v2:
 - rewrote comment, thanks to Chris Wilson

Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: Daniel Vetter <daniel.vetter@ffwll.ch>
[danvet: add patch history log to commit message.]
Signed-off-by: Daniel Vetter <daniel.vetter@ffwll.ch>

diff --git a/drivers/gpu/drm/i915/i915_gem_execbuffer.c b/drivers/gpu/drm/i915/i915_gem_execbuffer.c
index 934396c5f04836af86ba080b6fd13614eee508c6..ea963c32772d1036002b0bb94af9e5afc91ac2c1 100644 (file)
--- a/drivers/gpu/drm/i915/i915_gem_execbuffer.c
+++ b/drivers/gpu/drm/i915/i915_gem_execbuffer.c
@@ -747,7 +747,11 @@ validate_exec_list(struct drm_i915_gem_exec_object2 *exec,
 
                length = exec[i].relocation_count *
                        sizeof(struct drm_i915_gem_relocation_entry);
-               /* we may also need to update the presumed offsets */
+               /*
+                * We must check that the entire relocation array is safe
+                * to read, but since we may need to update the presumed
+                * offsets during execution, check for full write access.
+                */
                if (!access_ok(VERIFY_WRITE, ptr, length))
                        return -EFAULT;