Re: [PATCH] drm/compat: Clear bounce structures

25 Feb 2021


      On Mon, Feb 22, 2021 at 11:06:43AM +0100, Daniel Vetter wrote:
...
Some of them have gaps, or fields we don't clear. Native ioctl code
does full copies plus zero-extends on size mismatch, so nothing can
leak. But compat is more hand-rolled so need to be careful.
None of these matter for performance, so just memset.
Also I didn't fix up the CONFIG_DRM_LEGACY or CONFIG_DRM_AGP ioctl, those
are security holes anyway.
Reported-by: syzbot+620cf21140fc7e772a5d@syzkaller.appspotmail.com # vblank ioctl
Cc: syzbot+620cf21140fc7e772a5d@syzkaller.appspotmail.com
Cc: stable@vger.kernel.org
Signed-off-by: Daniel Vetter daniel.vetter@intel.com
Acked-by: Maxime Ripard mripard@kernel.org
Maxime

2025

2024

2023

2022

2021

2020

2019

2018

2017

Re: [PATCH] drm/compat: Clear bounce structures