davidlt/kernel-ark
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
1b2f148963
kernel-ark/drivers
History
Dave Airlie 1b2f148963 drm: block userspace under allocating buffer and having drivers overwrite it (v2) 
With the current screwed but its ABI, ioctls for the drm, Linus pointed out that we could allow userspace to specify the allocation size, but we pass it to the driver which then uses it blindly to store a struct. Now if userspace specifies the allocation size as smaller than the driver needs, the driver can possibly overwrite memory.

This patch restructures the driver ioctls so we store the structure size we are expecting, and make sure we allocate at least that size. The copy from/to userspace are still restricted to the size the user specifies, this allows ioctl structs to grow on both sides of the equation.

Up until now we didn't really use the DRM_IOCTL defines in the kernel, so this cleans them up and adds them for nouveau.

v2:
fix nouveau pushbuf arg (thanks to Ben for pointing it out)

Reported-by: Linus Torvalds <torvalds@linuxfoundation.org>
Signed-off-by: Dave Airlie <airlied@redhat.com>
2010-08-17 14:52:25 +10:00
..
accessibility
acpi Merge branch 'bugzilla-16396' into release 2010-07-24 23:26:22 -04:00
amba
ata ata_generic: implement ATA_GEN_* flags and force enable DMA on MBP 7,1 2010-07-01 15:34:48 -04:00
atm
auxdisplay
base Driver-core: Always create class directories for classses that support namespaces. 2010-07-26 08:05:31 -07:00
block cciss: set SCSI max cmd len to 16, as default is wrong 2010-06-15 08:12:34 +02:00
bluetooth drivers: bluetooth: bluecard_cs.c: Fixed include error, changed to linux/io.h 2010-07-01 21:28:14 -07:00
cdrom
char agp: intel-agp: do not use PCI resources before pci_enable_device() 2010-08-05 12:28:25 +10:00
clocksource Andres has moved 2010-07-20 16:25:41 -07:00
connector
cpufreq [CPUFREQ] fix memory leak in cpufreq_add_dev 2010-07-26 15:25:33 -04:00
cpuidle sched: Cure nr_iowait_cpu() users 2010-07-01 09:39:48 +02:00
crypto crypto: talitos - fix bug in sg_copy_end_to_buffer 2010-07-19 14:11:24 +08:00
dca
dio
dma of/dma: fix build breakage in ppc4xx adma driver 2010-07-02 15:46:17 -06:00
edac edac: mpc85xx: fix coldplug/hotplug module autoloading 2010-07-27 14:32:06 -07:00
eisa
firewire firewire: core: check for 1394a compliant IRM, fix inaccessibility of Sony camcorder 2010-06-02 19:48:13 +02:00
firmware
gpio gpio: fix spurious printk when freeing a gpio 2010-07-27 14:32:07 -07:00
gpu drm: block userspace under allocating buffer and having drivers overwrite it (v2) 2010-08-17 14:52:25 +10:00
hid HID: Send Report ID when numbered reports are sent over the control endpoint. 2010-07-11 23:13:15 +02:00
hwmon hwmon: (coretemp) Properly label the sensors 2010-07-09 16:22:51 +02:00
i2c Merge branch 'hwmon-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jdelvare/staging 2010-07-11 13:35:34 -07:00
ide powerpc/macio: Fix probing of macio devices by using the right of match table 2010-06-02 17:50:38 +10:00
idle intel_idle: native hardware cpuidle driver for latest Intel processors 2010-05-28 14:26:20 -04:00
ieee1394 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394-2.6 2010-05-27 10:22:06 -07:00
ieee802154
infiniband IB/qib: Use request_firmware() to load SD7220 firmware 2010-07-08 13:27:05 -07:00
input Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input 2010-07-22 11:46:15 -07:00
isdn ISDN: hysdn, fix potential NULL dereference 2010-06-26 22:12:02 -07:00
leds i2c: Remove all i2c_set_clientdata(client, NULL) in drivers 2010-06-03 11:33:58 +02:00
lguest
macintosh Merge branch 'merge' of git://git.kernel.org/pub/scm/linux/kernel/git/benh/powerpc 2010-06-03 15:46:37 -07:00
mca
md md/raid5: don't include 'spare' drives when reshaping to fewer devices. 2010-06-24 13:36:04 +10:00
media V4L/DVB: v4l: mem2mem_testdev: fix g_fmt NULL pointer dereference 2010-07-08 16:50:24 -03:00
memstick
message drivers/message/i2o/i2o_config.c: use memdup_user 2010-05-27 09:12:41 -07:00
mfd i2c: Remove all i2c_set_clientdata(client, NULL) in drivers 2010-06-03 11:33:58 +02:00
misc Andres has moved 2010-07-20 16:25:41 -07:00
mmc ARM: Fix Versatile/Realview/VExpress MMC card detection sense 2010-07-30 23:16:32 +01:00
mtd Merge git://git.infradead.org/~dwmw2/mtd-2.6.35 2010-06-07 17:10:06 -07:00
net Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6 2010-07-27 09:21:00 -07:00
nubus
of
oprofile
parisc
parport m68k: amiga - Parallel port platform device conversion 2010-05-26 19:51:09 +02:00
pci PCI: fall back to original BIOS BAR addresses 2010-07-16 11:39:48 -07:00
pcmcia Merge master.kernel.org:/home/rmk/linux-2.6-arm 2010-07-26 08:20:38 -07:00
platform intel_scu_ipc: Oops/crash fixes 2010-07-19 13:17:37 -07:00
pnp
power Merge git://git.infradead.org/users/cbou/battery-2.6.35 2010-07-27 09:22:55 -07:00
pps
ps3
rapidio rapidio: fix new kernel-doc warnings 2010-05-30 09:02:47 -07:00
regulator regulator: tps6507x: allow driver to use DEFDCDC{2,3}_HIGH register 2010-07-28 15:09:26 +01:00
rtc drivers/rtc/rtc-rx8581.c: fix setdatetime 2010-07-27 14:32:06 -07:00
s390 Merge git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi-rc-fixes-2.6 2010-07-28 20:00:42 -07:00
sbus drivers/sbus: Remove unnecessary casts of private_data 2010-07-12 21:16:04 -07:00
scsi [SCSI] ibmvscsi: Fix oops when an interrupt is pending during probe 2010-07-27 11:53:23 -05:00
serial serial: fix rs485 for atmel_serial on avr32 2010-07-26 11:59:31 -07:00
sfi SFI: do not return freed pointer 2010-06-01 12:04:35 -04:00
sh sh: Make intc messages consistent via pr_fmt. 2010-06-02 18:10:00 +09:00
sn
spi powerpc/cpm: Reintroduce global spi_pram struct (fixes build issue) 2010-07-11 11:03:22 -05:00
ssb ssb: fix NULL ptr deref when pcihost_wrapper is used 2010-05-28 13:57:01 -04:00
staging Merge git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging-2.6 2010-06-30 15:45:59 -07:00
tc
telephony drivers/telephony/ixj.c: use memdup_user 2010-05-27 09:12:42 -07:00
thermal
uio
usb Merge git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb-2.6 2010-07-26 13:06:39 -07:00
uwb
vhost Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6 2010-07-20 16:26:42 -07:00
video Merge master.kernel.org:/home/rmk/linux-2.6-arm 2010-07-30 19:02:51 -07:00
virtio virtio: fix oops on OOM 2010-07-26 08:05:31 -07:00
vlynq
w1
watchdog watchdog: at32ap700x_wdt: register misc device last in probe() function 2010-06-17 09:56:57 +00:00
xen xen: avoid allocation causing potential swap activity on the resume path 2010-06-03 09:34:45 +01:00
zorro
Kconfig
Makefile intel_idle: native hardware cpuidle driver for latest Intel processors 2010-05-28 14:26:20 -04:00