1
linux/drivers/gpu/drm
Dave Airlie 1b2f148963 drm: block userspace under allocating buffer and having drivers overwrite it (v2)
With the current screwed but its ABI, ioctls for the drm, Linus pointed out that we could allow userspace to specify the allocation size, but we pass it to the driver which then uses it blindly to store a struct. Now if userspace specifies the allocation size as smaller than the driver needs, the driver can possibly overwrite memory.

This patch restructures the driver ioctls so we store the structure size we are expecting, and make sure we allocate at least that size. The copy from/to userspace are still restricted to the size the user specifies, this allows ioctl structs to grow on both sides of the equation.

Up until now we didn't really use the DRM_IOCTL defines in the kernel, so this cleans them up and adds them for nouveau.

v2:
fix nouveau pushbuf arg (thanks to Ben for pointing it out)

Reported-by: Linus Torvalds <torvalds@linuxfoundation.org>
Signed-off-by: Dave Airlie <airlied@redhat.com>
2010-08-17 14:52:25 +10:00
..
i2c drm/i2c/ch7006: Don't use POWER_LEVEL_FULL_POWER_OFF on early chip versions. 2010-08-09 15:16:23 +10:00
i810 drm: block userspace under allocating buffer and having drivers overwrite it (v2) 2010-08-17 14:52:25 +10:00
i830 drm: block userspace under allocating buffer and having drivers overwrite it (v2) 2010-08-17 14:52:25 +10:00
i915 drm: block userspace under allocating buffer and having drivers overwrite it (v2) 2010-08-17 14:52:25 +10:00
mga drm: block userspace under allocating buffer and having drivers overwrite it (v2) 2010-08-17 14:52:25 +10:00
nouveau drm: block userspace under allocating buffer and having drivers overwrite it (v2) 2010-08-17 14:52:25 +10:00
r128 drm: block userspace under allocating buffer and having drivers overwrite it (v2) 2010-08-17 14:52:25 +10:00
radeon drm: block userspace under allocating buffer and having drivers overwrite it (v2) 2010-08-17 14:52:25 +10:00
savage drm: block userspace under allocating buffer and having drivers overwrite it (v2) 2010-08-17 14:52:25 +10:00
sis drm: block userspace under allocating buffer and having drivers overwrite it (v2) 2010-08-17 14:52:25 +10:00
tdfx
ttm drm: move ttm global code to core drm 2010-08-04 09:46:06 +10:00
via drm: block userspace under allocating buffer and having drivers overwrite it (v2) 2010-08-17 14:52:25 +10:00
vmwgfx drm: block userspace under allocating buffer and having drivers overwrite it (v2) 2010-08-17 14:52:25 +10:00
ati_pcigart.c drm/radeon: Fix pci_map_page() error checking 2010-08-12 09:38:29 +10:00
drm_agpsupport.c
drm_auth.c drivers/gpu/drm: Use kzalloc 2010-05-18 15:57:05 +10:00
drm_buffer.c
drm_bufs.c DRM: Replace kmalloc/memset combos with kzalloc 2010-08-12 09:12:30 +10:00
drm_cache.c
drm_context.c
drm_crtc_helper.c drm: Only set DPMS once on the CRTC not after every encoder. 2010-08-10 10:46:53 +10:00
drm_crtc.c drm: expand gamma_set 2010-08-10 10:47:00 +10:00
drm_debugfs.c
drm_dma.c drivers/gpu/drm: Use kzalloc 2010-05-18 15:57:05 +10:00
drm_dp_i2c_helper.c
drm_drawable.c
drm_drv.c drm: block userspace under allocating buffer and having drivers overwrite it (v2) 2010-08-17 14:52:25 +10:00
drm_edid_modes.h drm/edid: Split mode lists out to their own header for readability 2010-08-10 10:47:00 +10:00
drm_edid.c drm/edid: Split mode lists out to their own header for readability 2010-08-10 10:47:00 +10:00
drm_encoder_slave.c drm/kms: Simplify setup of the initial I2C encoder config. 2010-08-05 09:37:45 +10:00
drm_fb_helper.c drm: correctly update connector DPMS status in drm_fb_helper 2010-07-07 14:21:39 +10:00
drm_fops.c drm: Remove count_lock for calling lastclose() after 58474713 (v2) 2010-08-12 09:22:19 +10:00
drm_gem.c drm: Use ENOENT consistently for the error return for an unmatched handle. 2010-08-10 10:46:55 +10:00
drm_global.c drm: move ttm global code to core drm 2010-08-04 09:46:06 +10:00
drm_hashtab.c
drm_info.c drm: Add support for platform devices to register as DRM devices 2010-06-01 10:07:39 +10:00
drm_ioc32.c
drm_ioctl.c drm: Fix support for PCI domains 2010-08-10 08:20:20 +10:00
drm_irq.c Merge branch 'drm-tracepoints' into drm-testing 2010-07-07 18:38:44 +10:00
drm_lock.c
drm_memory.c
drm_mm.c drm: implement helper functions for scanning lru list 2010-07-07 12:29:51 +10:00
drm_modes.c
drm_pci.c drm: Add support for platform devices to register as DRM devices 2010-06-01 10:07:39 +10:00
drm_platform.c drm: Add support for platform devices to register as DRM devices 2010-06-01 10:07:39 +10:00
drm_proc.c
drm_scatter.c
drm_sman.c
drm_stub.c drm: Free devname along with master->unique 2010-08-02 10:14:30 +10:00
drm_sysfs.c Merge branch 'drm-platform' into drm-testing 2010-07-07 18:37:35 +10:00
drm_trace_points.c drm: add vblank event trace point 2010-07-02 14:02:44 +10:00
drm_trace.h drm: add per-event vblank event trace points 2010-07-02 14:03:24 +10:00
drm_vm.c drm: Add __arm defines to DRM 2010-06-01 10:07:56 +10:00
Kconfig drm/radeon/kms: add support for internal thermal sensors (v3) 2010-08-02 10:00:00 +10:00
Makefile drm: move ttm global code to core drm 2010-08-04 09:46:06 +10:00
README.drm

************************************************************
* For the very latest on DRI development, please see:      *
*     http://dri.freedesktop.org/                          *
************************************************************

The Direct Rendering Manager (drm) is a device-independent kernel-level
device driver that provides support for the XFree86 Direct Rendering
Infrastructure (DRI).

The DRM supports the Direct Rendering Infrastructure (DRI) in four major
ways:

    1. The DRM provides synchronized access to the graphics hardware via
       the use of an optimized two-tiered lock.

    2. The DRM enforces the DRI security policy for access to the graphics
       hardware by only allowing authenticated X11 clients access to
       restricted regions of memory.

    3. The DRM provides a generic DMA engine, complete with multiple
       queues and the ability to detect the need for an OpenGL context
       switch.

    4. The DRM is extensible via the use of small device-specific modules
       that rely extensively on the API exported by the DRM module.


Documentation on the DRI is available from:
    http://dri.freedesktop.org/wiki/Documentation
    http://sourceforge.net/project/showfiles.php?group_id=387
    http://dri.sourceforge.net/doc/

For specific information about kernel-level support, see:

    The Direct Rendering Manager, Kernel Support for the Direct Rendering
    Infrastructure
    http://dri.sourceforge.net/doc/drm_low_level.html

    Hardware Locking for the Direct Rendering Infrastructure
    http://dri.sourceforge.net/doc/hardware_locking_low_level.html

    A Security Analysis of the Direct Rendering Infrastructure
    http://dri.sourceforge.net/doc/security_low_level.html