From patchwork Sun Sep 18 19:38:15 2011 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Rob Clark X-Patchwork-Id: 4164 Return-Path: X-Original-To: patchwork@peony.canonical.com Delivered-To: patchwork@peony.canonical.com Received: from fiordland.canonical.com (fiordland.canonical.com [91.189.94.145]) by peony.canonical.com (Postfix) with ESMTP id CF3C423EF5 for ; Sun, 18 Sep 2011 19:38:18 +0000 (UTC) Received: from mail-fx0-f52.google.com (mail-fx0-f52.google.com [209.85.161.52]) by fiordland.canonical.com (Postfix) with ESMTP id BE8E3A1815E for ; Sun, 18 Sep 2011 19:38:18 +0000 (UTC) Received: by fxe23 with SMTP id 23so4662763fxe.11 for ; Sun, 18 Sep 2011 12:38:18 -0700 (PDT) Received: by 10.223.94.134 with SMTP id z6mr3724160fam.8.1316374698579; Sun, 18 Sep 2011 12:38:18 -0700 (PDT) X-Forwarded-To: linaro-patchwork@canonical.com X-Forwarded-For: patch@linaro.org linaro-patchwork@canonical.com Delivered-To: patches@linaro.org Received: by 10.152.18.198 with SMTP id y6cs14569lad; Sun, 18 Sep 2011 12:38:18 -0700 (PDT) Received: by 10.101.27.34 with SMTP id e34mr1480966anj.162.1316374696727; Sun, 18 Sep 2011 12:38:16 -0700 (PDT) Received: from mail-gx0-f178.google.com (mail-gx0-f178.google.com [209.85.161.178]) by mx.google.com with ESMTPS id s3si9322111anh.62.2011.09.18.12.38.15 (version=TLSv1/SSLv3 cipher=OTHER); Sun, 18 Sep 2011 12:38:15 -0700 (PDT) Received-SPF: pass (google.com: domain of robdclark@gmail.com designates 209.85.161.178 as permitted sender) client-ip=209.85.161.178; Authentication-Results: mx.google.com; spf=pass (google.com: domain of robdclark@gmail.com designates 209.85.161.178 as permitted sender) smtp.mail=robdclark@gmail.com; dkim=pass (test mode) header.i=@gmail.com Received: by gxk21 with SMTP id 21so18975251gxk.37 for ; Sun, 18 Sep 2011 12:38:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=sender:from:to:cc:subject:date:message-id:x-mailer; bh=LI5owemSbpLOHf1dZz9ZzWe0UUL+cDhG+JxsyAc1Uqc=; b=T51Dk1qwbzZFmbOHSgXbsTV3rCqW2KqEBaBca6C26Itk4CTsFThHw3rUoAW1x8HNKA eFKDYS35Hf2MbffbMOjiw49/mj36Y2oQOvZo+UpGwbJQ7lXFzmlFHdmB/vGFrrVk4Okm u/Tn+Kp2aH77JUBYLAe8hnuPMs1VCgjG4FNv0= Received: by 10.236.165.99 with SMTP id d63mr9374875yhl.86.1316374694954; Sun, 18 Sep 2011 12:38:14 -0700 (PDT) Received: from localhost (ppp-70-129-136-59.dsl.rcsntx.swbell.net. [70.129.136.59]) by mx.google.com with ESMTPS id o23sm14732169yhk.3.2011.09.18.12.38.13 (version=TLSv1/SSLv3 cipher=OTHER); Sun, 18 Sep 2011 12:38:14 -0700 (PDT) Sender: Rob Clark From: Rob Clark To: dri-devel@lists.freedesktop.org Cc: patches@linaro.org, Rob Clark Subject: [PATCH] drm: drm_ioctl() should zero-init extra data Date: Sun, 18 Sep 2011 14:38:15 -0500 Message-Id: <1316374695-6638-1-git-send-email-rob.clark@linaro.org> X-Mailer: git-send-email 1.7.5.4 From: Rob Clark If an older userspace passes in a smaller arg than the current kernel ioctl arg struct, then extra fields should be initialized to zero rather than passing random data to the DRM driver. Signed-off-by: Rob Clark --- A potential issue that Daniel Vetter spotted. It isn't currently an issue, but I thought it would be better to fix now than forget about it and have problems later. drivers/gpu/drm/drm_drv.c | 2 ++ 1 files changed, 2 insertions(+), 0 deletions(-) diff --git a/drivers/gpu/drm/drm_drv.c b/drivers/gpu/drm/drm_drv.c index 93a112d..7a87e08 100644 --- a/drivers/gpu/drm/drm_drv.c +++ b/drivers/gpu/drm/drm_drv.c @@ -438,6 +438,8 @@ long drm_ioctl(struct file *filp, goto err_i1; } } + if (asize > usize) + memset(kdata + usize, 0, asize - usize); } if (cmd & IOC_IN) {