davidlt/kernel-ark
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
12f735b79f
kernel-ark/drivers/gpu/drm/nouveau
History
Luca Barbieri 12f735b79f drm/nouveau: check pushbuffer bounds in ioctl 
Currently there is no check that the pushbuffer request bounds are inside
the TTM BO.

This allows to instruct the kernel to do relocations on user-selected
addresses, since the relocation bounds checking relies on the request
bounds.

This can oops the kernel accidentally and is easily exploitable.

This patch adds bound checking and alignment checking for ->offset and
->nr_dwords.

It also makes some variables unsigned, which should have no effect,
but prevents possible bounds checking problems.

Signed-off-by: Luca Barbieri <luca@luca-barbieri.com>
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2010-01-15 09:56:50 +10:00
..
Kconfig drm/i2c/ch7006: Drop build time dependency to nouveau. 2010-01-11 09:06:30 +10:00
Makefile drm/nv40: implement ctxprog/state generation 2009-12-16 17:05:39 +10:00
nouveau_acpi.c
nouveau_backlight.c
nouveau_bios.c drm/nouveau: Break some long lines. 2010-01-15 09:28:10 +10:00
nouveau_bios.h drm/nouveau: Kill global state in BIOS script interpreter 2009-12-16 17:05:02 +10:00
nouveau_bo.c drm/nouveau: wait on fence after bo move if validating for another channel 2010-01-14 18:48:38 +10:00
nouveau_calc.c
nouveau_channel.c drm/nouveau: initialise DMA tracking parameters earlier 2010-01-11 09:06:45 +10:00
nouveau_connector.c drm/nouveau: Unset the EDID connector property when the EDID block goes away. 2010-01-15 09:29:35 +10:00
nouveau_connector.h
nouveau_crtc.h
nouveau_debugfs.c
nouveau_display.c
nouveau_dma.c drm/nouveau: initialise DMA tracking parameters earlier 2010-01-11 09:06:45 +10:00
nouveau_dma.h drm/nouveau: Allocate a per-channel instance of NV_SW. 2010-01-11 09:06:37 +10:00
nouveau_dp.c drm/nouveau: use drm debug levels 2009-12-16 17:04:48 +10:00
nouveau_drv.c Merge remote branch 'nouveau/for-airlied' into drm-linus 2009-12-23 10:28:24 +10:00
nouveau_drv.h drm/nouveau: reserve VGA area for the moment 2010-01-15 09:29:38 +10:00
nouveau_encoder.h
nouveau_fb.h
nouveau_fbcon.c drm/nouveau: create function for "dealing" with gpu lockup 2010-01-11 09:06:40 +10:00
nouveau_fbcon.h drm/nouveau: create function for "dealing" with gpu lockup 2010-01-11 09:06:40 +10:00
nouveau_fence.c drm/nouveau: Use the software object for fencing. 2010-01-11 09:06:38 +10:00
nouveau_gem.c drm/nouveau: check pushbuffer bounds in ioctl 2010-01-15 09:56:50 +10:00
nouveau_grctx.c drm/nv50: fix suspend/resume delays without firmware present 2009-12-16 17:06:05 +10:00
nouveau_grctx.h drm/nv40: implement ctxprog/state generation 2009-12-16 17:05:39 +10:00
nouveau_hw.c
nouveau_hw.h
nouveau_i2c.c
nouveau_i2c.h
nouveau_ioc32.c drm: convert drm_ioctl to unlocked_ioctl 2009-12-18 11:22:31 +10:00
nouveau_irq.c drm/nv50: prevent a possible ctxprog hang 2010-01-11 09:06:42 +10:00
nouveau_mem.c drm/nouveau: reserve VGA area for the moment 2010-01-15 09:29:38 +10:00
nouveau_notifier.c
nouveau_object.c drm/nouveau: Allocate a per-channel instance of NV_SW. 2010-01-11 09:06:37 +10:00
nouveau_reg.h drm/nouveau: Pre-G80 tiling support. 2010-01-11 08:47:56 +10:00
nouveau_sgdma.c
nouveau_state.c drm/nv04: differentiate between nv04/nv05 2010-01-11 09:06:44 +10:00
nouveau_ttm.c drm/nouveau: have ttm's fault handler called directly 2010-01-11 09:06:42 +10:00
nv04_crtc.c drm/nouveau: use drm debug levels 2009-12-16 17:04:48 +10:00
nv04_cursor.c
nv04_dac.c drm/nouveau: Clean up the nv17-nv4x load detection code a bit. 2010-01-11 09:06:34 +10:00
nv04_dfp.c drm/nouveau: use drm debug levels 2009-12-16 17:04:48 +10:00
nv04_display.c drm/nouveau: use drm debug levels 2009-12-16 17:04:48 +10:00
nv04_fb.c
nv04_fbcon.c drm/nouveau: create function for "dealing" with gpu lockup 2010-01-11 09:06:40 +10:00
nv04_fifo.c drm/nouveau: Add cache_flush/pull fifo engine functions. 2010-01-11 08:47:48 +10:00
nv04_graph.c drm/nv04: Fix set_operation software method. 2010-01-11 09:06:53 +10:00
nv04_instmem.c
nv04_mc.c
nv04_timer.c
nv04_tv.c
nv10_fb.c drm/nouveau: Pre-G80 tiling support. 2010-01-11 08:47:56 +10:00
nv10_fifo.c
nv10_graph.c drm/nouveau: Pre-G80 tiling support. 2010-01-11 08:47:56 +10:00
nv17_gpio.c
nv17_tv_modes.c
nv17_tv.c drm/nouveau: Implement nv42-nv43 TV load detection. 2010-01-11 09:06:35 +10:00
nv17_tv.h
nv20_graph.c drm/nouveau: Pre-G80 tiling support. 2010-01-11 08:47:56 +10:00
nv40_fb.c drm/nouveau: Pre-G80 tiling support. 2010-01-11 08:47:56 +10:00
nv40_fifo.c
nv40_graph.c drm/nouveau: Pre-G80 tiling support. 2010-01-11 08:47:56 +10:00
nv40_grctx.c drm/nv40: implement ctxprog/state generation 2009-12-16 17:05:39 +10:00
nv40_mc.c
nv50_crtc.c drm/nouveau: use drm debug levels 2009-12-16 17:04:48 +10:00
nv50_cursor.c drm/nouveau: use drm debug levels 2009-12-16 17:04:48 +10:00
nv50_dac.c drm/nouveau: use drm debug levels 2009-12-16 17:04:48 +10:00
nv50_display.c drm/nv50: ignore vbios table's claim to the contrary if EDID says >8bpc 2010-01-11 09:06:32 +10:00
nv50_display.h
nv50_evo.h
nv50_fbcon.c drm/nouveau: create function for "dealing" with gpu lockup 2010-01-11 09:06:40 +10:00
nv50_fifo.c drm/nv50: restore correct cache1 get/put address on fifoctx load 2010-01-11 09:06:41 +10:00
nv50_graph.c drm/nv50: Fix typo in PGRAPH initialisation. 2010-01-14 18:49:05 +10:00
nv50_instmem.c
nv50_mc.c
nv50_sor.c drm/nouveau: use drm debug levels 2009-12-16 17:04:48 +10:00
nvreg.h