iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/drivers/gpu/drm
History
Li Qiang e7e11f9956 drm/vmwgfx: fix integer overflow in vmw_surface_define_ioctl() 
In vmw_surface_define_ioctl(), the 'num_sizes' is the sum of the
'req->mip_levels' array. This array can be assigned any value from
the user space. As both the 'num_sizes' and the array is uint32_t,
it is easy to make 'num_sizes' overflow. The later 'mip_levels' is
used as the loop count. This can lead an oob write. Add the check of
'req->mip_levels' to avoid this.

Cc: <stable@vger.kernel.org>
Signed-off-by: Li Qiang <liqiang6-s@360.cn>
Reviewed-by: Thomas Hellstrom <thellstrom@vmware.com>
2017-03-30 11:46:26 +02:00
..
amd
drm/amd/amdgpu: add POLARIS12 PCI ID
2017-03-17 14:44:34 -04:00
arc
drm: Rely on mode_config data for fb_helper initialization
2017-02-02 19:12:00 +01:00
arm
drm: mali-dp: Fix smart layer not going to composition
2017-03-10 14:31:16 +00:00
armada
mm, fs: reduce fault, page_mkwrite, and pfn_mkwrite to take only vmf
2017-02-24 17:46:54 -08:00
ast
drm/ast: Call open_key before enable_mmio in POST code
2017-02-28 13:25:32 +10:00
atmel-hlcdc
drm: Rely on mode_config data for fb_helper initialization
2017-02-02 19:12:00 +01:00
bochs
drm: Rely on mode_config data for fb_helper initialization
2017-02-02 19:12:00 +01:00
bridge
drm/bridge/sii8620: enable interlace modes
2017-02-02 15:15:31 +05:30
cirrus
drm: Rely on mode_config data for fb_helper initialization
2017-02-02 19:12:00 +01:00
etnaviv
sched/headers: Prepare to move the get_task_struct()/put_task_struct() and related APIs from <linux/sched.h> to <linux/sched/task.h>
2017-03-02 08:42:40 +01:00
exynos
drm/exynos/dsi: make te-gpios optional
2017-03-21 14:30:18 +09:00
fsl-dcu
drm/fsl-dcu: check for clk_prepare_enable() error
2017-02-07 20:28:04 -08:00
gma500
mm, fs: reduce fault, page_mkwrite, and pfn_mkwrite to take only vmf
2017-02-24 17:46:54 -08:00
hisilicon
drm: Rely on mode_config data for fb_helper initialization
2017-02-02 19:12:00 +01:00
i2c
drm/i2c: tda998x: fix spelling mistake
2016-11-18 00:00:40 +00:00
i810
drm/i810: drop device_is_agp callback
2017-01-26 10:44:43 +01:00
i915
drm/i915: make context status notifier head be per engine
2017-03-21 16:51:47 +02:00
imx
imx-drm: TVE regulator, fb size limit, and ipu-v3 module fixes
2017-02-23 12:10:42 +10:00
lib
drm: Add a simple generator of random permutations
2016-12-27 12:34:00 +01:00
mediatek
drm: mediatek: use crtc helper drm_crtc_from_index()
2017-01-18 09:21:06 -05:00
meson
drm: Rely on mode_config data for fb_helper initialization
2017-02-02 19:12:00 +01:00
mga
lib/vsprintf.c: remove %Z support
2017-02-27 18:43:47 -08:00
mgag200
drm: Rely on mode_config data for fb_helper initialization
2017-02-02 19:12:00 +01:00
msm
mm, fs: reduce fault, page_mkwrite, and pfn_mkwrite to take only vmf
2017-02-24 17:46:54 -08:00
mxsfb
drm: mxsfb: Implement drm_panel handling
2017-03-10 11:11:14 +10:00
nouveau
Less anger inducing pull request for 4.11
2017-02-23 18:58:18 -08:00
omapdrm
drm/omap: fix dmabuf mmap for dma_alloc'ed buffers
2017-03-13 12:53:27 +02:00
panel
drm/panel: simple: Specify bus width and flags for EDT displays
2017-01-26 10:57:18 +01:00
qxl
mm, fs: reduce fault, page_mkwrite, and pfn_mkwrite to take only vmf
2017-02-24 17:46:54 -08:00
r128
radeon
drm/radeon: reinstate oland workaround for sclk
2017-03-16 10:06:11 -04:00
rcar-du
media fixes for v4.11-rc2
2017-03-09 15:50:56 -08:00
rockchip
Merge tag 'drm-misc-next-fixes-2017-02-27' of git://anongit.freedesktop.org/git/drm-misc into drm-next
2017-02-28 12:28:00 +10:00
savage
drm: Change the return type of the unload hook to void
2017-01-09 11:25:22 +01:00
selftests
drm: kselftest for drm_mm and bottom-up allocation
2017-02-03 11:36:49 +01:00
shmobile
drm: Change the return type of the unload hook to void
2017-01-09 11:25:22 +01:00
sis
drm: Improve drm_mm search (and fix topdown allocation) with rbtrees
2017-02-03 11:10:32 +01:00
sti
drm/sti: fix build warnings in sti_drv.c and sti_vtg.c files
2017-02-23 12:54:54 +10:00
sun4i
drm: Rely on mode_config data for fb_helper initialization
2017-02-02 19:12:00 +01:00
tdfx
drm: define drm_compat_ioctl NULL on CONFIG_COMPAT=n and reduce #ifdefs
2016-11-02 11:33:47 -04:00
tegra
mm, fs: reduce fault, page_mkwrite, and pfn_mkwrite to take only vmf
2017-02-24 17:46:54 -08:00
tilcdc
drm/tilcdc: Set framebuffer DMA address to HW only if CRTC is enabled
2017-03-14 14:28:58 +02:00
tinydrm
Less anger inducing pull request for 4.11
2017-02-23 18:58:18 -08:00
ttm
drm/ttm: Avoid calling drm_ht_remove from atomic context
2017-03-30 11:43:40 +02:00
udl
mm, fs: reduce fault, page_mkwrite, and pfn_mkwrite to take only vmf
2017-02-24 17:46:54 -08:00
vc4
sched/headers: Prepare to move signal wakeup & sigpending methods from <linux/sched.h> into <linux/sched/signal.h>
2017-03-02 08:42:32 +01:00
vgem
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2017-03-02 15:20:00 -08:00
via
drm: Improve drm_mm search (and fix topdown allocation) with rbtrees
2017-02-03 11:10:32 +01:00
virtio
virtio, vhost: optimizations, fixes
2017-03-02 13:53:13 -08:00
vmwgfx
drm/vmwgfx: fix integer overflow in vmw_surface_define_ioctl()
2017-03-30 11:46:26 +02:00
zte
drm: zte: fix static checker warning on variable 'fmt'
2017-02-23 08:54:15 +08:00
ati_pcigart.c
drm_agpsupport.c
drm/i810: drop device_is_agp callback
2017-01-26 10:44:43 +01:00
drm_atomic_helper.c
drm/atomic: fix an error code in mode_fixup()
2017-02-08 16:15:42 +01:00
drm_atomic.c
Linux 4.10-rc8
2017-02-23 12:10:12 +10:00
drm_auth.c
drm/core: Use recommened kerneldoc for struct member refs
2017-01-25 16:22:42 +01:00
drm_blend.c
drm/kms-core: Use recommened kerneldoc for struct member refs
2017-01-25 16:30:34 +01:00
drm_bridge.c
drm/bridge: Use recommened kerneldoc for struct member refs
2017-01-02 09:17:26 +01:00
drm_bufs.c
drm_cache.c
drm: Update drm_cache.c to pull in the new drm_cache.h
2017-01-24 11:00:22 +01:00
drm_color_mgmt.c
drm/color: un-inline drm_color_lut_extract()
2017-01-31 15:31:58 +02:00
drm_connector.c
Linux 4.10-rc8
2017-02-23 12:10:12 +10:00
drm_context.c
drm_crtc_helper_internal.h
drm_crtc_helper.c
drm/kms-helpers: Use recommened kerneldoc for struct member refs
2017-01-25 16:18:57 +01:00
drm_crtc_internal.h
Revert "drm: Resurrect atomic rmfb code, v3"
2017-02-17 12:39:04 +10:00
drm_crtc.c
drm: s/drm_crtc_get_hv_timings/drm_mode_get_hv_timings/
2017-01-26 10:46:28 +01:00
drm_debugfs_crc.c
drm: crc: Call wake_up_interruptible() each time there is a new CRC entry
2017-01-06 15:23:19 +01:00
drm_debugfs.c
drm/atomic: Remove drm_atomic_debugfs_cleanup()
2017-01-27 09:02:03 +01:00
drm_dma.c
drm_dp_aux_dev.c
drm_dp_dual_mode_helper.c
drm_dp_helper.c
drm/kms-helpers: Use recommened kerneldoc for struct member refs
2017-01-25 16:18:57 +01:00
drm_dp_mst_topology.c
Less anger inducing pull request for 4.11
2017-02-23 18:58:18 -08:00
drm_drv.c
Linux 4.10-rc8
2017-02-23 12:10:12 +10:00
drm_dumb_buffers.c
drm/kms-core: Use recommened kerneldoc for struct member refs
2017-01-25 16:30:34 +01:00
drm_edid_load.c
drm_edid.c
drm/edid: Add EDID_QUIRK_FORCE_8BPC quirk for Rotel RSX-1058
2017-03-06 08:28:10 +01:00
drm_encoder_slave.c
drm/kms-core: Use recommened kerneldoc for struct member refs
2017-01-25 16:30:34 +01:00
drm_encoder.c
drm/kms-core: Use recommened kerneldoc for struct member refs
2017-01-25 16:30:34 +01:00
drm_fb_cma_helper.c
drm: Rely on mode_config data for fb_helper initialization
2017-02-02 19:12:00 +01:00
drm_fb_helper.c
drm/fb-helper: Allow var->x/yres(_virtual) < fb->width/height again
2017-03-23 15:12:07 +01:00
drm_flip_work.c
drm_fops.c
drm/core: Use recommened kerneldoc for struct member refs
2017-01-25 16:22:42 +01:00
drm_fourcc.c
drm: move allocation out of drm_get_format_name()
2016-11-12 14:19:38 +01:00
drm_framebuffer.c
Revert "drm: Resurrect atomic rmfb code, v3"
2017-02-17 12:39:04 +10:00
drm_gem_cma_helper.c
Less anger inducing pull request for 4.11
2017-02-23 18:58:18 -08:00
drm_gem.c
drm/gem|prime|mm: Use recommened kerneldoc for struct member refs
2017-01-25 16:20:21 +01:00
drm_global.c
drm: Update TTM initialization documentation
2016-12-30 12:52:10 +01:00
drm_hashtab.c
drm_info.c
locking/atomic, kref: Add kref_read()
2017-01-14 11:37:18 +01:00
drm_internal.h
drm: remove device_is_agp callback
2017-01-26 10:45:14 +01:00
drm_ioc32.c
drm_ioctl.c
drm: Export drm_ioctl_permit to kernel-doc
2016-12-30 12:40:48 +01:00
drm_irq.c
drm: Nuke ums vgaarb support
2017-01-26 10:45:31 +01:00
drm_kms_helper_common.c
drm_legacy.h
drm: compile drm_vm.c only when needed
2017-01-06 11:03:07 +01:00
drm_lock.c
sched/headers: Prepare for new header dependencies before moving code to <linux/sched/signal.h>
2017-03-02 08:42:29 +01:00
drm_memory.c
drm_mipi_dsi.c
drm_mm.c
drm: Improve drm_mm search (and fix topdown allocation) with rbtrees
2017-02-03 11:10:32 +01:00
drm_mode_config.c
drm: Show leaked connectors upon unload
2017-01-23 09:26:22 +01:00
drm_mode_object.c
Less anger inducing pull request for 4.11
2017-02-23 18:58:18 -08:00
drm_modes.c
drm: Clean up the 1366x768 fixup codes
2017-02-01 19:01:47 +02:00
drm_modeset_helper.c
drm: Convert all helpers to drm_connector_list_iter
2016-12-18 14:33:22 +01:00
drm_modeset_lock.c
drm/kms-core: Use recommened kerneldoc for struct member refs
2017-01-25 16:30:34 +01:00
drm_of.c
drm: Don't include <drm/drm_encoder.h> in <drm/drm_crtc.h>
2016-12-18 16:29:29 +05:30
drm_panel.c
drm/panel: Constify device node argument to of_drm_find_panel()
2017-01-04 08:30:37 +01:00
drm_pci.c
drm: remove device_is_agp callback
2017-01-26 10:45:14 +01:00
drm_plane_helper.c
drm/kms-helpers: Use recommened kerneldoc for struct member refs
2017-01-25 16:18:57 +01:00
drm_plane.c
drm/kms-core: Use recommened kerneldoc for struct member refs
2017-01-25 16:30:34 +01:00
drm_platform.c
drm/core: Use recommened kerneldoc for struct member refs
2017-01-25 16:22:42 +01:00
drm_prime.c
drm/prime: Clarify DMA-BUF/GEM Object lifetime
2017-01-27 15:00:26 +01:00
drm_print.c
drm/printer: add debug printer
2016-12-30 11:43:40 +01:00
drm_probe_helper.c
scripts/spelling.txt: add "againt" pattern and fix typo instances
2017-02-27 18:43:47 -08:00
drm_property.c
drm/kms-core: Use recommened kerneldoc for struct member refs
2017-01-25 16:30:34 +01:00
drm_rect.c
drm/rect: Fix formatting of example code
2016-12-30 13:35:54 +01:00
drm_scatter.c
drm_simple_kms_helper.c
drm/doc: use preferred struct reference in kernel-doc
2016-12-30 13:34:59 +01:00
drm_sysfs.c
drm/core: Use recommened kerneldoc for struct member refs
2017-01-25 16:22:42 +01:00
drm_trace_points.c
drm_trace.h
drm_vm.c
drm: remove unnecessary fault wrappers
2017-02-24 17:46:55 -08:00
drm_vma_manager.c
drm: Improve drm_mm search (and fix topdown allocation) with rbtrees
2017-02-03 11:10:32 +01:00
Kconfig
drm: Add DRM support for tiny LCD displays
2017-02-18 18:04:58 +01:00
Makefile
drm: Add DRM support for tiny LCD displays
2017-02-18 18:04:58 +01:00