[PATCH] drm/compat: Clear bounce structures
Maxime Ripard
maxime at cerno.tech
Thu Feb 25 16:49:11 UTC 2021
On Mon, Feb 22, 2021 at 11:06:43AM +0100, Daniel Vetter wrote:
> Some of them have gaps, or fields we don't clear. Native ioctl code
> does full copies plus zero-extends on size mismatch, so nothing can
> leak. But compat is more hand-rolled so need to be careful.
>
> None of these matter for performance, so just memset.
>
> Also I didn't fix up the CONFIG_DRM_LEGACY or CONFIG_DRM_AGP ioctl, those
> are security holes anyway.
>
> Reported-by: syzbot+620cf21140fc7e772a5d at syzkaller.appspotmail.com # vblank ioctl
> Cc: syzbot+620cf21140fc7e772a5d at syzkaller.appspotmail.com
> Cc: stable at vger.kernel.org
> Signed-off-by: Daniel Vetter <daniel.vetter at intel.com>
Acked-by: Maxime Ripard <mripard at kernel.org>
Maxime
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <https://lists.freedesktop.org/archives/dri-devel/attachments/20210225/5f032fb4/attachment.sig>
More information about the dri-devel
mailing list