MIRRORS/linux-imx
1
0
Fork 0
mirror of https://github.com/nxp-imx/linux-imx.git synced 2026-04-20 04:30:21 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity
git.kernel.org/linux-stable/linux-3.12.y
linux-imx/drivers/gpu/drm
History
Li Qiang e7fea2a4fa drm/vmwgfx: fix integer overflow in vmw_surface_define_ioctl() 
commit e7e11f9956 upstream.

In vmw_surface_define_ioctl(), the 'num_sizes' is the sum of the
'req->mip_levels' array. This array can be assigned any value from
the user space. As both the 'num_sizes' and the array is uint32_t,
it is easy to make 'num_sizes' overflow. The later 'mip_levels' is
used as the loop count. This can lead an oob write. Add the check of
'req->mip_levels' to avoid this.

Signed-off-by: Li Qiang <liqiang6-s@360.cn>
Reviewed-by: Thomas Hellstrom <thellstrom@vmware.com>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
2017-04-26 20:05:00 +02:00
..
ast drm/ast: Fix test for VGA enabled 2017-03-13 21:40:50 +01:00
cirrus drm/cirrus: bind also to qemu-xen-traditional 2014-11-13 19:02:20 +01:00
exynos drm/exynos: fix error handling in exynos_drm_subdrv_open 2016-11-24 16:23:34 +01:00
gma500 drm/gma500: Add compat ioctl 2017-01-26 17:39:02 +01:00
i2c drm/i2c: tda998x: fix audio muting 2013-09-24 09:41:18 -07:00
i810 drm: rip out drm_core_has_MTRR checks 2013-08-19 14:11:44 +10:00
i915 drm/i915: fix use-after-free in page_flip_completed() 2017-02-16 11:44:46 +01:00
mga drm: rip out drm_core_has_MTRR checks 2013-08-19 14:11:44 +10:00
mgag200 drm/mgag200: Reject non-character-cell-aligned mode widths 2015-06-23 15:15:06 +02:00
msm drm/msm: fix use of copy_from_user() while holding spinlock 2016-09-29 11:14:13 +02:00
nouveau drm/nv50/disp: min/max are reversed in nv50_crtc_gamma_set() 2017-03-03 11:31:15 +01:00
omapdrm drm: omapdrm: fix compiler errors 2014-09-03 21:31:19 +02:00
qxl qxl: check for kmap failures 2016-10-06 08:21:58 +02:00
r128 drm: rip out drm_core_has_MTRR checks 2013-08-19 14:11:44 +10:00
radeon drm/radeon: drop verde dpm quirks 2017-01-26 17:40:44 +01:00
rcar-du drm/rcar-du: Update plane pitch in .mode_set_base() operation 2014-02-13 13:50:23 -08:00
savage drm: rip out drm_core_has_MTRR checks 2013-08-19 14:11:44 +10:00
shmobile drm: shmobile: Add dependency on BACKLIGHT_CLASS_DEVICE 2013-11-29 11:27:54 -08:00
sis drm: rip out drm_core_has_MTRR checks 2013-08-19 14:11:44 +10:00
tdfx drm: rip out drm_core_has_MTRR checks 2013-08-19 14:11:44 +10:00
tilcdc drm/tilcdc: Fix the error path in tilcdc_load() 2014-10-31 15:11:32 +01:00
ttm drm/ttm: Make sure BOs being swapped out are cacheable 2017-03-13 21:40:51 +01:00
udl udl: fix issue with imported prime buffers 2013-12-20 07:48:49 -08:00
via drm: rip out drm_core_has_MTRR checks 2013-08-19 14:11:44 +10:00
vmwgfx drm/vmwgfx: fix integer overflow in vmw_surface_define_ioctl() 2017-04-26 20:05:00 +02:00
ati_pcigart.c
drm_agpsupport.c drm/agp: move AGP cleanup paths to drm_agpsupport.c 2013-08-07 10:14:24 +10:00
drm_auth.c
drm_buffer.c
drm_bufs.c drm: remove the dma_ioctl special-case 2013-08-19 14:15:50 +10:00
drm_cache.c
drm_context.c Revert "drm: mark context support as a legacy subsystem" 2013-09-20 08:32:59 +10:00
drm_crtc_helper.c drm: Add drm_bridge 2013-09-02 10:23:26 +10:00
drm_crtc.c drm: Reject page_flip for !DRIVER_MODESET 2016-09-29 11:14:12 +02:00
drm_debugfs.c
drm_dma.c drm: mark dma setup/teardown as legacy systems 2013-08-19 10:04:21 +10:00
drm_dp_helper.c
drm_drv.c drm: allow DRM_IOCTL_VERSION on render-nodes 2013-10-30 14:41:56 +10:00
drm_edid_load.c drm: avoid warning in drm_load_edid_firmware() 2013-07-10 14:21:46 -07:00
drm_edid.c drm: add drm_set_preferred_mode 2014-04-18 11:05:05 +02:00
drm_encoder_slave.c
drm_fb_cma_helper.c drm: Make drm_fb_cma_describe() static 2013-08-21 12:47:41 +10:00
drm_fb_helper.c drm/fb_helper: Fix references to dev->mode_config.num_connector 2016-06-15 09:32:15 +02:00
drm_flip_work.c drm: add flip-work helper 2013-08-19 10:32:26 +10:00
drm_fops.c Revert "drm: mark context support as a legacy subsystem" 2013-09-20 08:32:59 +10:00
drm_gem_cma_helper.c Merge branch 'drm-next' of git://people.freedesktop.org/~airlied/linux 2013-09-05 10:17:26 -07:00
drm_gem.c drm/gem: Always initialize the gem object in object_init 2014-02-13 13:50:23 -08:00
drm_global.c
drm_hashtab.c
drm_info.c drm/gem: switch dev->object_name_lock to a mutex 2013-08-21 12:58:01 +10:00
drm_ioc32.c
drm_ioctl.c drm: Advertise async page flip ability through GETCAP ioctl 2013-08-30 09:25:13 +10:00
drm_irq.c drm: Don't pass negative delta to ktime_sub_ns() 2013-08-08 09:50:25 +10:00
drm_lock.c drm: Reject DRI1 hw lock ioctl functions for kms drivers 2015-10-28 16:37:54 +01:00
drm_memory.c drm/memory: don't export agp helpers 2013-08-19 10:05:53 +10:00
drm_mm.c Merge tag 'drm-intel-next-2013-08-23' of git://people.freedesktop.org/~danvet/drm-intel into drm-next 2013-08-30 09:47:41 +10:00
drm_modes.c drm: Remove drm_mode_list_concat() 2013-08-21 12:47:24 +10:00
drm_pci.c drm: implement experimental render nodes 2013-08-30 08:43:57 +10:00
drm_platform.c drm: implement experimental render nodes 2013-08-30 08:43:57 +10:00
drm_prime.c drm/prime: double lock typo 2013-08-30 08:58:32 +10:00
drm_rect.c
drm_scatter.c drm: disallow legacy sg ioctls for modesetting drivers 2013-08-19 10:04:06 +10:00
drm_stub.c Revert "drm: mark context support as a legacy subsystem" 2013-09-20 08:32:59 +10:00
drm_sysfs.c drm: Convert drm class driver from legacy pm ops to dev_pm_ops 2013-07-04 10:50:26 +10:00
drm_trace_points.c
drm_trace.h drm: fix print format of sequence in trace point 2013-07-04 10:55:27 +10:00
drm_usb.c drm: implement experimental render nodes 2013-08-30 08:43:57 +10:00
drm_vm.c drm: rip out drm_core_has_MTRR checks 2013-08-19 14:11:44 +10:00
drm_vma_manager.c drm/vma: add access management helpers 2013-08-27 11:54:54 +10:00
Kconfig Merge tag 'drm-intel-next-2013-08-23' of git://people.freedesktop.org/~danvet/drm-intel into drm-next 2013-08-30 09:47:41 +10:00
Makefile drm/msm: basic KMS driver for snapdragon 2013-08-24 14:57:07 -04:00
README.drm

README.drm 

************************************************************
* For the very latest on DRI development, please see:      *
*     http://dri.freedesktop.org/                          *
************************************************************

The Direct Rendering Manager (drm) is a device-independent kernel-level
device driver that provides support for the XFree86 Direct Rendering
Infrastructure (DRI).

The DRM supports the Direct Rendering Infrastructure (DRI) in four major
ways:

    1. The DRM provides synchronized access to the graphics hardware via
       the use of an optimized two-tiered lock.

    2. The DRM enforces the DRI security policy for access to the graphics
       hardware by only allowing authenticated X11 clients access to
       restricted regions of memory.

    3. The DRM provides a generic DMA engine, complete with multiple
       queues and the ability to detect the need for an OpenGL context
       switch.

    4. The DRM is extensible via the use of small device-specific modules
       that rely extensively on the API exported by the DRM module.


Documentation on the DRI is available from:
    http://dri.freedesktop.org/wiki/Documentation
    http://sourceforge.net/project/showfiles.php?group_id=387
    http://dri.sourceforge.net/doc/

For specific information about kernel-level support, see:

    The Direct Rendering Manager, Kernel Support for the Direct Rendering
    Infrastructure
    http://dri.sourceforge.net/doc/drm_low_level.html

    Hardware Locking for the Direct Rendering Infrastructure
    http://dri.sourceforge.net/doc/hardware_locking_low_level.html

    A Security Analysis of the Direct Rendering Infrastructure
    http://dri.sourceforge.net/doc/security_low_level.html