WSL2-Linux-Kernel/Documentation/DocBook
Dave Airlie ca5a71de48 drm: Sanitize DRM_IOCTL_MODE_CREATE_DUMB input
Some drivers erroneously treat the .pitch and .size fields of struct
 drm_mode_create_dumb as inputs. While the include/uapi/drm/drm_mode.h
 header has a comment denoting them as outputs, that seemingly wasn't
 enough to make drivers use them properly.
 
 The result is that some userspace doesn't explicitly zero out those
 fields, assuming that the kernel won't use them. That causes problems
 since the data within the structure might be uninitialized, so bogus
 data may end up confusing drivers (ridiculously large values for the
 pitch, ...).
 
 This series attempts to improve the situation by fixing all drivers to
 not use the output fields. Furthermore to spare new drivers this bad
 surprise, the DRM core now zeros out these fields prior to handing the
 data structure to the driver.
 
 Lessons learned from this are that future IOCTLs should be properly
 documented (in the DRM DocBook for example) and should be rigorously
 defined. To prevent misuse like this, userspace should be required to
 zero out all output fields. The kernel should check for this and fail
 if that's not the case.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2
 
 iQIcBAABAgAGBQJUZKbcAAoJEN0jrNd/PrOh57QQAKdX7ASd4XVhMC6fuVGXHUXI
 HVZuJ3Own+e3aAJKhZ2DZ263+PtBLfe3+eEF1WRWqZcDu647Nj3wSV64celdZdIl
 WHU2RokxneHTPHlttZ+MLhVwtzSddO8712iLU/2B7Rg/MNlN9tv9tbRtGqPWwlzg
 IZNAdU5etnm+YDYil8/I8f84+5vT59Z/X2NHbq+jReD3V6I2WBAK6zlRIy4o54io
 fccK7M6+uGlbNmtPwoKXufeiqTxxdYYelZoQzO4NjWEhdU0LoUnTFdfqISSdt3HV
 26NwTmqVTx38AD5bGwot2b1VFEkja5tkP7G+DeFkj0DRHbFfAQK/tNeqdf9xq4gQ
 UEVjljyEW6dauibtT6ASk2RoTmQmMVWw44aSulcaz6eVqa21zpEwOZVMX/VW3QM+
 vKh4Vy6eVbCHmdOiXgtQSexQAN6uO1o9cHEGamJQpMshm+kax9T7hBdcHMH0ORtL
 uEYHXzqB/bbkhAodHTraoZ5aM8YFwS2TgGtCJoYw1GHehMhjpJG9HaDlL50lkObk
 LDUShta8AwN9iu3/qmkaYaxkbBPEnRtU9d9qO6S1NsZugBmmEUj6lNKFOK13U9Ho
 vjKWTpB4USgKdrTwJXEAXJTBmubwrPBnZb1vdCovCtC3JS7sXUH8AM/E6tp4Q0Go
 idGCjMglaSFO8EUeScFT
 =QZIW
 -----END PGP SIGNATURE-----

Merge tag 'drm/gem-cma/for-3.19-rc1' of git://people.freedesktop.org/~tagr/linux into drm-next

drm: Sanitize DRM_IOCTL_MODE_CREATE_DUMB input

Some drivers erroneously treat the .pitch and .size fields of struct
drm_mode_create_dumb as inputs. While the include/uapi/drm/drm_mode.h
header has a comment denoting them as outputs, that seemingly wasn't
enough to make drivers use them properly.

The result is that some userspace doesn't explicitly zero out those
fields, assuming that the kernel won't use them. That causes problems
since the data within the structure might be uninitialized, so bogus
data may end up confusing drivers (ridiculously large values for the
pitch, ...).

This series attempts to improve the situation by fixing all drivers to
not use the output fields. Furthermore to spare new drivers this bad
surprise, the DRM core now zeros out these fields prior to handing the
data structure to the driver.

Lessons learned from this are that future IOCTLs should be properly
documented (in the DRM DocBook for example) and should be rigorously
defined. To prevent misuse like this, userspace should be required to
zero out all output fields. The kernel should check for this and fail
if that's not the case.

* tag 'drm/gem-cma/for-3.19-rc1' of git://people.freedesktop.org/~tagr/linux:
  drm/cma: Remove call to drm_gem_free_mmap_offset()
  drm: Sanitize DRM_IOCTL_MODE_CREATE_DUMB input
  drm/rcar: gem: dumb: pitch is an output
  drm/omap: gem: dumb: pitch is an output
  drm/cma: Introduce drm_gem_cma_dumb_create_internal()
  drm/doc: Add GEM/CMA helpers to kerneldoc
  drm/doc: mm: Fix indentation
  drm/gem: Fix a few kerneldoc typos
2014-11-15 09:50:21 +10:00
..
media Merge tag 'docs-for-linus' of git://git.lwn.net/linux-2.6 2014-10-31 11:55:40 -07:00
.gitignore doc: Add "*.svg" to DocBook/.gitignore 2013-12-02 14:49:19 +01:00
80211.tmpl cfg80211: refactor cfg80211_can_use_iftype_chan() 2014-04-09 10:55:39 +02:00
Makefile documentation: docbook: document process of writing an musb glue layer 2014-05-12 12:34:47 -05:00
alsa-driver-api.tmpl
debugobjects.tmpl debugobjects: Extend to assert that an object is initialized 2011-11-23 18:49:22 +01:00
device-drivers.tmpl Merge branch 'timers-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2014-08-05 17:46:42 -07:00
deviceiobook.tmpl docbook: change iomap source filename in deviceiobook 2012-01-23 08:44:54 -08:00
drm.tmpl drm: Sanitize DRM_IOCTL_MODE_CREATE_DUMB input 2014-11-15 09:50:21 +10:00
filesystems.tmpl htmldocs: fix bio.c location 2014-05-20 08:17:35 -06:00
gadget.tmpl usb: patches for v3.17 merge window 2014-07-21 11:33:41 -07:00
genericirq.tmpl DocBook: fix various typos 2014-07-12 11:30:36 -07:00
kernel-api.tmpl DocBook: include !Emm/util.c in kernel-api to include, kzfree and more 2013-12-02 14:42:57 +01:00
kernel-hacking.tmpl Merge branch 'akpm' (incoming from Andrew) 2014-04-07 16:38:06 -07:00
kernel-locking.tmpl locking/Documentation: Move locking related docs into Documentation/locking/ 2014-08-13 10:32:03 +02:00
kgdb.tmpl Documentation: remove depends on CONFIG_EXPERIMENTAL 2013-01-11 11:38:03 -08:00
libata.tmpl DocBook: fix various typos 2014-07-12 11:30:36 -07:00
librs.tmpl
lsm.tmpl
media_api.tmpl DocBook: fix various typos 2014-07-12 11:30:36 -07:00
mtdnand.tmpl DocBook: fix mtdnand typos 2014-07-12 11:30:36 -07:00
networking.tmpl docbook: networking: fix file paths for uapi headers 2012-10-15 08:04:41 -07:00
rapidio.tmpl
regulator.tmpl DocBook: fix various typos 2014-07-12 11:30:36 -07:00
s390-drivers.tmpl
scsi.tmpl
sh.tmpl
stylesheet.xsl
tracepoint.tmpl
uio-howto.tmpl DocBook: fix various typos 2014-07-12 11:30:36 -07:00
usb.tmpl usb: hub: rename khubd to hub_wq in documentation and comments 2014-09-23 22:33:19 -07:00
w1.tmpl w1: format for DocBook and fixes 2014-02-07 15:40:18 -08:00
writing-an-alsa-driver.tmpl ALSA: Update document about PCM nonatomic ops 2014-09-15 15:52:41 +02:00
writing_musb_glue_layer.tmpl documentation: docbook: document process of writing an musb glue layer 2014-05-12 12:34:47 -05:00
writing_usb_driver.tmpl doc: fix misspellings with 'codespell' tool 2013-05-28 12:02:12 +02:00
z8530book.tmpl