drm: drm_ioctl() should zero-init extra data

Message ID	1316374695-6638-1-git-send-email-rob.clark@linaro.org
State	Accepted
Commit	dd2351da7c438eb3d5f64a161cf3483648725dcd
Headers	show Return-Path: <patch+caf_=linaro-patchwork=canonical.com@linaro.org> Received-SPF: pass (google.com: domain of robdclark@gmail.com designates 209.85.161.178 as permitted sender) client-ip=209.85.161.178; Sender: Rob Clark <robdclark@gmail.com> From: Rob Clark <rob.clark@linaro.org> To: dri-devel@lists.freedesktop.org Cc: patches@linaro.org, Rob Clark <rob@ti.com> Subject: [PATCH] drm: drm_ioctl() should zero-init extra data Date: Sun, 18 Sep 2011 14:38:15 -0500 Message-Id: <1316374695-6638-1-git-send-email-rob.clark@linaro.org>

Message ID

1316374695-6638-1-git-send-email-rob.clark@linaro.org

State

Accepted

Commit

dd2351da7c438eb3d5f64a161cf3483648725dcd

Headers

Received-SPF: pass (google.com: domain of robdclark@gmail.com designates
	209.85.161.178 as permitted sender) client-ip=209.85.161.178; 
Sender: Rob Clark <robdclark@gmail.com>
From: Rob Clark <rob.clark@linaro.org>
To: dri-devel@lists.freedesktop.org
Cc: patches@linaro.org,
	Rob Clark <rob@ti.com>
Subject: [PATCH] drm: drm_ioctl() should zero-init extra data
Date: Sun, 18 Sep 2011 14:38:15 -0500
Message-Id: <1316374695-6638-1-git-send-email-rob.clark@linaro.org>

Commit Message

Rob Clark Sept. 18, 2011, 7:38 p.m. UTC

From: Rob Clark <rob@ti.com>

If an older userspace passes in a smaller arg than the current kernel
ioctl arg struct, then extra fields should be initialized to zero
rather than passing random data to the DRM driver.

Signed-off-by: Rob Clark <rob@ti.com>
---
A potential issue that Daniel Vetter spotted.  It isn't currently an
issue, but I thought it would be better to fix now than forget about
it and have problems later.

 drivers/gpu/drm/drm_drv.c |    2 ++
 1 files changed, 2 insertions(+), 0 deletions(-)

diff --git a/drivers/gpu/drm/drm_drv.c b/drivers/gpu/drm/drm_drv.c
index 93a112d..7a87e08 100644
--- a/drivers/gpu/drm/drm_drv.c
+++ b/drivers/gpu/drm/drm_drv.c
@@ -438,6 +438,8 @@  long drm_ioctl(struct file *filp,
 					goto err_i1;
 				}
 			}
+			if (asize > usize)
+				memset(kdata + usize, 0, asize - usize);
 		}
 
 		if (cmd & IOC_IN) {

drm: drm_ioctl() should zero-init extra data

Commit Message

Patch