[Mesa-dev] [PATCH] dri/kms: Always zero out struct drm_mode_create_dumb

[Emil Velikov]

On 13/11/14 18:05, Thierry Reding wrote:
> From: Thierry Reding <treding at nvidia.com>
> 
> The DRM_IOCTL_MODE_CREATE_DUMB (and others) IOCTL isn't very rigorously
> specified, which has the effect that some kernel drivers do not consider
> the .pitch and .size fields of struct drm_mode_create_dumb outputs only.
> Instead they will use these as lower bounds and overwrite them only if
> the values that they compute are larger than what userspace provided.
> 
> This works if and only if userspace initializes the fields explicitly to
> either 0 or some meaningful value. However, if userspace just leaves the
> values uninitialized and the struct drm_mode_create_dumb is allocated on
> the stack for example, the driver may try to overallocate buffers.
> 
> Fortunately most userspace does zero out the structure before passing it
> to the IOCTL, but there are rare exceptions. Mesa is one of them. In an
> attempt to rectify this situation, kernel drivers are being updated to
> not use the .pitch and .size fields as inputs. However in order to fix
> the issue with older kernels, make sure that Mesa always zeros out the
> structure as well.
> 
> Future IOCTLs should be more rigorously defined so that structures can
> be validated and IOCTLs rejected if output fields aren't set to zero.
> 
Thanks Thierry.

I'm pretty sure the intent here was not to misuse the API, yet again
zeroing the struct sounds like a good idea. I've added Daniel's r-b and
pushed this to master.

Do you think it's of any use if we push this for the stable branches ?
I've not checked your drm changes, this I don't know if we actually
check/validate pitch & size. Is the ioctl going to carry on, throw a
warning or just error out ?

Cheers,
Emil