[PATCH 13/16] drm: more elaborate check for num_crtc/encoder/connector
Ilija Hadzic
ihadzic at research.bell-labs.com
Thu Mar 29 09:41:35 PDT 2012
User space can send us all kinds of nonsense for num_crtc, num_encoder
and num_connector. So far, we have been checking only for presence
of at least one CRTC/encoder/connector (barring the trivial case
of a render node with no display resources, i.e., GPGPU node).
This patch makes the ioctl fail if user space requests more resources
than the physical GPU has. This is primarily to protect the kmalloc
in drm_mode_group_init from hogging a big chunk of memory if some
bozo sends us a request for some huge number of CRTCs, encoders,
or connectors.
Signed-off-by: Ilija Hadzic <ihadzic at research.bell-labs.com>
---
drivers/gpu/drm/drm_stub.c | 8 +++++---
1 files changed, 5 insertions(+), 3 deletions(-)
diff --git a/drivers/gpu/drm/drm_stub.c b/drivers/gpu/drm/drm_stub.c
index b59203b..196892c 100644
--- a/drivers/gpu/drm/drm_stub.c
+++ b/drivers/gpu/drm/drm_stub.c
@@ -575,9 +575,11 @@ int drm_render_node_create_ioctl(struct drm_device *dev, void *data,
return ret;
}
- /* if we have display resources, then we need at least
- * one CRTC, one encoder and one connector */
- if (args->num_crtc == 0 ||
+ /* sanity check for requested num_crtc/num_encoder/num_connector */
+ if (args->num_crtc > dev->mode_config.num_crtc ||
+ args->num_encoder > dev->mode_config.num_encoder ||
+ args->num_encoder > dev->mode_config.num_connector ||
+ args->num_crtc == 0 ||
args->num_encoder == 0 ||
args->num_connector == 0)
return -EINVAL;
--
1.7.8.5
More information about the dri-devel
mailing list