From: Javier Martinez Canillas <javierm@redhat.com>
To: linux-kernel@vger.kernel.org
Cc: Peter Robinson <pbrobinson@gmail.com>,
Javier Martinez Canillas <javierm@redhat.com>,
Daniel Vetter <daniel@ffwll.ch>, David Airlie <airlied@linux.ie>,
Maarten Lankhorst <maarten.lankhorst@linux.intel.com>,
Maxime Ripard <mripard@kernel.org>,
Thomas Zimmermann <tzimmermann@suse.de>,
dri-devel@lists.freedesktop.org
Subject: [PATCH 0/2] drm: A couple of fixes for drm_copy_field() helper function
Date: Fri, 1 Jul 2022 14:07:53 +0200 [thread overview]
Message-ID: <20220701120755.2135100-1-javierm@redhat.com> (raw)
Hello,
Peter Robinson reported me a kernel bug in one of his aarch64 test boards
and even though I was not able to reproduce it, I think that figured out
what the problem was. It seems the cause is that a DRM driver doesn't set
some of the struct drm fields copied to userspace via DRM_IOCTL_VERSION.
Even though this is a driver bug, we can make drm_copy_field() more robust
and warn about it instead of leading to an attempt to copy a NULL pointer.
While looking at this, I also found that a variable in drm_copy_field() is
not using the correct type. So I included that change in the patch-set too.
Best regards,
Javier
Javier Martinez Canillas (2):
drm: Use size_t type for len variable in drm_copy_field()
drm: Prevent drm_copy_field() to attempt copying a NULL pointer
drivers/gpu/drm/drm_ioctl.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
--
2.36.1
WARNING: multiple messages have this Message-ID (diff)
From: Javier Martinez Canillas <javierm@redhat.com>
To: linux-kernel@vger.kernel.org
Cc: Thomas Zimmermann <tzimmermann@suse.de>,
David Airlie <airlied@linux.ie>,
dri-devel@lists.freedesktop.org,
Javier Martinez Canillas <javierm@redhat.com>,
Peter Robinson <pbrobinson@gmail.com>
Subject: [PATCH 0/2] drm: A couple of fixes for drm_copy_field() helper function
Date: Fri, 1 Jul 2022 14:07:53 +0200 [thread overview]
Message-ID: <20220701120755.2135100-1-javierm@redhat.com> (raw)
Hello,
Peter Robinson reported me a kernel bug in one of his aarch64 test boards
and even though I was not able to reproduce it, I think that figured out
what the problem was. It seems the cause is that a DRM driver doesn't set
some of the struct drm fields copied to userspace via DRM_IOCTL_VERSION.
Even though this is a driver bug, we can make drm_copy_field() more robust
and warn about it instead of leading to an attempt to copy a NULL pointer.
While looking at this, I also found that a variable in drm_copy_field() is
not using the correct type. So I included that change in the patch-set too.
Best regards,
Javier
Javier Martinez Canillas (2):
drm: Use size_t type for len variable in drm_copy_field()
drm: Prevent drm_copy_field() to attempt copying a NULL pointer
drivers/gpu/drm/drm_ioctl.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
--
2.36.1
next reply other threads:[~2022-07-01 12:08 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-07-01 12:07 Javier Martinez Canillas [this message]
2022-07-01 12:07 ` [PATCH 0/2] drm: A couple of fixes for drm_copy_field() helper function Javier Martinez Canillas
2022-07-01 12:07 ` [PATCH 1/2] drm: Use size_t type for len variable in drm_copy_field() Javier Martinez Canillas
2022-07-01 12:07 ` Javier Martinez Canillas
2022-07-04 12:27 ` Thomas Zimmermann
2022-07-04 12:27 ` Thomas Zimmermann
2022-07-01 12:07 ` [PATCH 2/2] drm: Prevent drm_copy_field() to attempt copying a NULL pointer Javier Martinez Canillas
2022-07-01 12:07 ` Javier Martinez Canillas
2022-07-04 12:30 ` Thomas Zimmermann
2022-07-04 12:30 ` Thomas Zimmermann
2022-07-04 12:36 ` Javier Martinez Canillas
2022-07-04 12:36 ` Javier Martinez Canillas
2022-07-04 12:55 ` Javier Martinez Canillas
2022-07-04 12:55 ` Javier Martinez Canillas
2022-07-04 14:28 ` Thomas Zimmermann
2022-07-04 14:28 ` Thomas Zimmermann
2022-07-01 17:47 ` [PATCH 0/2] drm: A couple of fixes for drm_copy_field() helper function Peter Robinson
2022-07-01 17:47 ` Peter Robinson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220701120755.2135100-1-javierm@redhat.com \
--to=javierm@redhat.com \
--cc=airlied@linux.ie \
--cc=daniel@ffwll.ch \
--cc=dri-devel@lists.freedesktop.org \
--cc=linux-kernel@vger.kernel.org \
--cc=maarten.lankhorst@linux.intel.com \
--cc=mripard@kernel.org \
--cc=pbrobinson@gmail.com \
--cc=tzimmermann@suse.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.