ca5a71de48
Some drivers erroneously treat the .pitch and .size fields of struct drm_mode_create_dumb as inputs. While the include/uapi/drm/drm_mode.h header has a comment denoting them as outputs, that seemingly wasn't enough to make drivers use them properly. The result is that some userspace doesn't explicitly zero out those fields, assuming that the kernel won't use them. That causes problems since the data within the structure might be uninitialized, so bogus data may end up confusing drivers (ridiculously large values for the pitch, ...). This series attempts to improve the situation by fixing all drivers to not use the output fields. Furthermore to spare new drivers this bad surprise, the DRM core now zeros out these fields prior to handing the data structure to the driver. Lessons learned from this are that future IOCTLs should be properly documented (in the DRM DocBook for example) and should be rigorously defined. To prevent misuse like this, userspace should be required to zero out all output fields. The kernel should check for this and fail if that's not the case. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAABAgAGBQJUZKbcAAoJEN0jrNd/PrOh57QQAKdX7ASd4XVhMC6fuVGXHUXI HVZuJ3Own+e3aAJKhZ2DZ263+PtBLfe3+eEF1WRWqZcDu647Nj3wSV64celdZdIl WHU2RokxneHTPHlttZ+MLhVwtzSddO8712iLU/2B7Rg/MNlN9tv9tbRtGqPWwlzg IZNAdU5etnm+YDYil8/I8f84+5vT59Z/X2NHbq+jReD3V6I2WBAK6zlRIy4o54io fccK7M6+uGlbNmtPwoKXufeiqTxxdYYelZoQzO4NjWEhdU0LoUnTFdfqISSdt3HV 26NwTmqVTx38AD5bGwot2b1VFEkja5tkP7G+DeFkj0DRHbFfAQK/tNeqdf9xq4gQ UEVjljyEW6dauibtT6ASk2RoTmQmMVWw44aSulcaz6eVqa21zpEwOZVMX/VW3QM+ vKh4Vy6eVbCHmdOiXgtQSexQAN6uO1o9cHEGamJQpMshm+kax9T7hBdcHMH0ORtL uEYHXzqB/bbkhAodHTraoZ5aM8YFwS2TgGtCJoYw1GHehMhjpJG9HaDlL50lkObk LDUShta8AwN9iu3/qmkaYaxkbBPEnRtU9d9qO6S1NsZugBmmEUj6lNKFOK13U9Ho vjKWTpB4USgKdrTwJXEAXJTBmubwrPBnZb1vdCovCtC3JS7sXUH8AM/E6tp4Q0Go idGCjMglaSFO8EUeScFT =QZIW -----END PGP SIGNATURE----- Merge tag 'drm/gem-cma/for-3.19-rc1' of git://people.freedesktop.org/~tagr/linux into drm-next drm: Sanitize DRM_IOCTL_MODE_CREATE_DUMB input Some drivers erroneously treat the .pitch and .size fields of struct drm_mode_create_dumb as inputs. While the include/uapi/drm/drm_mode.h header has a comment denoting them as outputs, that seemingly wasn't enough to make drivers use them properly. The result is that some userspace doesn't explicitly zero out those fields, assuming that the kernel won't use them. That causes problems since the data within the structure might be uninitialized, so bogus data may end up confusing drivers (ridiculously large values for the pitch, ...). This series attempts to improve the situation by fixing all drivers to not use the output fields. Furthermore to spare new drivers this bad surprise, the DRM core now zeros out these fields prior to handing the data structure to the driver. Lessons learned from this are that future IOCTLs should be properly documented (in the DRM DocBook for example) and should be rigorously defined. To prevent misuse like this, userspace should be required to zero out all output fields. The kernel should check for this and fail if that's not the case. * tag 'drm/gem-cma/for-3.19-rc1' of git://people.freedesktop.org/~tagr/linux: drm/cma: Remove call to drm_gem_free_mmap_offset() drm: Sanitize DRM_IOCTL_MODE_CREATE_DUMB input drm/rcar: gem: dumb: pitch is an output drm/omap: gem: dumb: pitch is an output drm/cma: Introduce drm_gem_cma_dumb_create_internal() drm/doc: Add GEM/CMA helpers to kerneldoc drm/doc: mm: Fix indentation drm/gem: Fix a few kerneldoc typos