linux/Documentation
Dave Airlie ca5a71de48 drm: Sanitize DRM_IOCTL_MODE_CREATE_DUMB input
Some drivers erroneously treat the .pitch and .size fields of struct
 drm_mode_create_dumb as inputs. While the include/uapi/drm/drm_mode.h
 header has a comment denoting them as outputs, that seemingly wasn't
 enough to make drivers use them properly.
 
 The result is that some userspace doesn't explicitly zero out those
 fields, assuming that the kernel won't use them. That causes problems
 since the data within the structure might be uninitialized, so bogus
 data may end up confusing drivers (ridiculously large values for the
 pitch, ...).
 
 This series attempts to improve the situation by fixing all drivers to
 not use the output fields. Furthermore to spare new drivers this bad
 surprise, the DRM core now zeros out these fields prior to handing the
 data structure to the driver.
 
 Lessons learned from this are that future IOCTLs should be properly
 documented (in the DRM DocBook for example) and should be rigorously
 defined. To prevent misuse like this, userspace should be required to
 zero out all output fields. The kernel should check for this and fail
 if that's not the case.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2
 
 iQIcBAABAgAGBQJUZKbcAAoJEN0jrNd/PrOh57QQAKdX7ASd4XVhMC6fuVGXHUXI
 HVZuJ3Own+e3aAJKhZ2DZ263+PtBLfe3+eEF1WRWqZcDu647Nj3wSV64celdZdIl
 WHU2RokxneHTPHlttZ+MLhVwtzSddO8712iLU/2B7Rg/MNlN9tv9tbRtGqPWwlzg
 IZNAdU5etnm+YDYil8/I8f84+5vT59Z/X2NHbq+jReD3V6I2WBAK6zlRIy4o54io
 fccK7M6+uGlbNmtPwoKXufeiqTxxdYYelZoQzO4NjWEhdU0LoUnTFdfqISSdt3HV
 26NwTmqVTx38AD5bGwot2b1VFEkja5tkP7G+DeFkj0DRHbFfAQK/tNeqdf9xq4gQ
 UEVjljyEW6dauibtT6ASk2RoTmQmMVWw44aSulcaz6eVqa21zpEwOZVMX/VW3QM+
 vKh4Vy6eVbCHmdOiXgtQSexQAN6uO1o9cHEGamJQpMshm+kax9T7hBdcHMH0ORtL
 uEYHXzqB/bbkhAodHTraoZ5aM8YFwS2TgGtCJoYw1GHehMhjpJG9HaDlL50lkObk
 LDUShta8AwN9iu3/qmkaYaxkbBPEnRtU9d9qO6S1NsZugBmmEUj6lNKFOK13U9Ho
 vjKWTpB4USgKdrTwJXEAXJTBmubwrPBnZb1vdCovCtC3JS7sXUH8AM/E6tp4Q0Go
 idGCjMglaSFO8EUeScFT
 =QZIW
 -----END PGP SIGNATURE-----

Merge tag 'drm/gem-cma/for-3.19-rc1' of git://people.freedesktop.org/~tagr/linux into drm-next

drm: Sanitize DRM_IOCTL_MODE_CREATE_DUMB input

Some drivers erroneously treat the .pitch and .size fields of struct
drm_mode_create_dumb as inputs. While the include/uapi/drm/drm_mode.h
header has a comment denoting them as outputs, that seemingly wasn't
enough to make drivers use them properly.

The result is that some userspace doesn't explicitly zero out those
fields, assuming that the kernel won't use them. That causes problems
since the data within the structure might be uninitialized, so bogus
data may end up confusing drivers (ridiculously large values for the
pitch, ...).

This series attempts to improve the situation by fixing all drivers to
not use the output fields. Furthermore to spare new drivers this bad
surprise, the DRM core now zeros out these fields prior to handing the
data structure to the driver.

Lessons learned from this are that future IOCTLs should be properly
documented (in the DRM DocBook for example) and should be rigorously
defined. To prevent misuse like this, userspace should be required to
zero out all output fields. The kernel should check for this and fail
if that's not the case.

* tag 'drm/gem-cma/for-3.19-rc1' of git://people.freedesktop.org/~tagr/linux:
  drm/cma: Remove call to drm_gem_free_mmap_offset()
  drm: Sanitize DRM_IOCTL_MODE_CREATE_DUMB input
  drm/rcar: gem: dumb: pitch is an output
  drm/omap: gem: dumb: pitch is an output
  drm/cma: Introduce drm_gem_cma_dumb_create_internal()
  drm/doc: Add GEM/CMA helpers to kerneldoc
  drm/doc: mm: Fix indentation
  drm/gem: Fix a few kerneldoc typos
2014-11-15 09:50:21 +10:00
..
ABI Documentation/ABI/testing/sysfs-ibft: fix a typo 2014-10-21 10:31:26 -04:00
accounting Documentation: use subdir-y to avoid unnecessary built-in.o files 2014-09-26 11:02:55 +02:00
acpi mfd: Add ACPI support 2014-09-26 08:24:05 +01:00
aoe
arm ARM: SoC DT updates for 3.18 2014-10-08 17:22:23 -04:00
arm64 Documentation/arm64/memory.txt: fix typo 2014-10-20 17:55:38 +01:00
auxdisplay Documentation: use subdir-y to avoid unnecessary built-in.o files 2014-09-26 11:02:55 +02:00
backlight
blackfin Documentation: add makefiles for more targets 2014-09-26 11:02:56 +02:00
block Merge branch 'for-3.18/core' of git://git.kernel.dk/linux-block 2014-10-18 11:53:51 -07:00
blockdev zram: report maximum used memory 2014-10-09 22:26:02 -04:00
bus-devices
cdrom
cgroups cpuset: PF_SPREAD_PAGE and PF_SPREAD_SLAB should be atomic flags 2014-09-24 22:16:06 -04:00
connector w1: optional bundling of netlink kernel replies 2014-05-27 13:56:21 -07:00
console
cpu-freq intel_pstate: Update documentation of {max,min}_perf_pct sysfs files 2014-07-07 01:22:19 +02:00
cpuidle
cris
crypto
development-process Documentation: remove outdated references to the linux-next wiki 2014-10-28 09:06:11 -04:00
device-mapper dm switch: efficiently support repetitive patterns 2014-08-01 12:30:37 -04:00
devicetree drm/tegra: Changes for v3.19-rc1 2014-11-15 09:38:55 +10:00
DocBook drm: Sanitize DRM_IOCTL_MODE_CREATE_DUMB input 2014-11-15 09:50:21 +10:00
driver-model PCI changes for the v3.18 merge window: 2014-10-09 15:03:49 -04:00
dvb [media] get_dvb_firmware: Update firmware of ITEtech IT9135 2014-09-21 17:03:04 -03:00
early-userspace
EDID drm: Add 800x600 (SVGA) screen resolution to the built-in EDIDs 2014-05-26 12:53:40 +10:00
extcon extcon: fix switch class porting guide (Documentation) 2014-01-07 11:54:28 +09:00
fault-injection
fb doc: spelling error changes 2014-05-05 15:32:05 +02:00
filesystems overlay: overlay filesystem documentation 2014-10-24 00:14:39 +02:00
firmware_class doc: fix minor typos in firmware_class README 2014-07-17 18:43:40 -07:00
fmc FMC: make eeprom attribute writable 2014-02-28 15:12:08 -08:00
frv
gpio This is the bulk of GPIO changes for the v3.18 development 2014-10-09 14:58:15 -04:00
hid HID: uhid: update documentation 2014-08-25 03:28:09 -05:00
hwmon Immutable branch between MFD, HWMON, LEDs and Watchdog for v3.18 2014-09-24 09:25:06 -07:00
i2c i2c: i801: Add Device IDs for Intel Sunrise Point PCH 2014-10-16 09:16:22 +02:00
i2o
ia64 Documentation: use subdir-y to avoid unnecessary built-in.o files 2014-09-26 11:02:55 +02:00
ide Documentation/: update 00-INDEX files 2014-02-10 16:01:40 -08:00
infiniband IB/mad: add new ioctl to ABI to support new registration options 2014-08-10 20:36:00 -07:00
input Merge branch 'next' into for-linus 2014-08-06 23:36:12 -07:00
ioctl cxl: Add documentation for userspace APIs 2014-10-08 20:16:19 +11:00
isdn
ja_JP Documentation: Update stable address in Chinese and Japanese translations 2014-04-16 14:13:27 -07:00
kbuild Documentation: kbuild: Improve grammar 2014-08-19 10:02:56 +02:00
kdump Documentation/kdump/kdump.txt: add ARM description 2014-08-29 16:28:17 -07:00
ko_KR Documentation: HOWTO: Updates on subsystem trees, patchwork, -next (vs. -mm) in ko_KR 2014-01-08 15:32:51 -08:00
laptops Documentation: update .gitignore files 2014-09-26 11:02:59 +02:00
leds Documentation/: update 00-INDEX files 2014-02-10 16:01:40 -08:00
locking Merge branch 'locking-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2014-10-13 15:51:40 +02:00
m68k Documentation/: update 00-INDEX files 2014-02-10 16:01:40 -08:00
memory-devices
metag
mic Documentation: update include path for mpssd 2014-10-03 15:48:20 +02:00
mips Documentation: au1xxx-ide.c has moved 2014-08-26 09:35:53 +02:00
misc-devices Documentation: use subdir-y to avoid unnecessary built-in.o files 2014-09-26 11:02:55 +02:00
mmc
mn10300
mtd MTD updates for 3.16: 2014-06-11 08:35:34 -07:00
namespaces
netlabel
networking Documentation: replace __sk_run_filter with __bpf_prog_run 2014-10-10 15:10:50 -04:00
nfc
parisc
PCI doc: replace "practise" with "practice" in Documentation 2014-06-19 15:28:56 +02:00
pcmcia Documentation: use subdir-y to avoid unnecessary built-in.o files 2014-09-26 11:02:55 +02:00
phy phy: Add new Exynos USB 2.0 PHY driver 2014-03-08 12:39:44 +05:30
platform Documentation: Add list of laptop models supported by the Compal driver 2014-06-10 19:11:06 -04:00
power Merge branch 'pm-qos' 2014-10-23 23:02:36 +02:00
powerpc cxl: Add documentation for userspace APIs 2014-10-08 20:16:19 +11:00
pps
prctl Documentation: Restrict TSC test code to x86 2014-10-28 08:46:27 -04:00
pti
ptp ptp: restore the makefile for building the test program. 2014-10-24 16:07:10 -04:00
rapidio rapidio/tsi721_dma: rework scatter-gather list handling 2014-08-08 15:57:24 -07:00
RCU documentation: Add verbiage on RCU-tasks stall warning messages 2014-09-07 16:27:28 -07:00
s390 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial into next 2014-06-04 08:50:34 -07:00
scheduler Documentation/scheduler/sched-deadline.txt: Add minimal main() appendix 2014-09-16 10:23:45 +02:00
scsi Merge branch 'for-linus' of git://git.open-osd.org/linux-open-osd 2014-10-21 12:53:45 -07:00
security Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 2014-10-12 10:13:55 -04:00
serial TTY/Serial driver patches for 3.18-rc1 2014-10-08 06:52:11 -04:00
sh
sound ALSA: virtuoso: add Xonar Essence STX II support 2014-08-04 15:20:48 +02:00
spi Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/doc 2014-10-07 21:14:57 -04:00
sysctl coredump: add %i/%I in core_pattern to report the tid of the crashed thread 2014-10-14 02:18:21 +02:00
target target: Add documentation on the target userspace pass-through driver 2014-10-02 21:35:54 -07:00
thermal drm/nouveau/doc: update the thermal documentation 2014-06-17 14:50:17 +10:00
timers Documentation: update .gitignore files 2014-09-26 11:02:59 +02:00
tpm
trace mm: trace-vmscan-postprocess.pl: report the number of file/anon pages respectively 2014-08-06 18:01:20 -07:00
usb usb: hub: rename khubd to hub_wq in documentation and comments 2014-09-23 22:33:19 -07:00
vDSO vdso: don't require 64-bit math in standalone test 2014-10-25 10:53:44 -04:00
video4linux [media] vivid: default to single planar device instances 2014-11-03 14:43:26 -02:00
virtual Changes for KVM for arm/arm64 for 3.18 2014-09-27 11:03:33 +02:00
vm Docs: Document that the sticky bit is understood by hugetlbfs 2014-10-22 14:26:04 -04:00
w1 w1: new w1_ds2406 driver 2014-06-19 17:45:14 -07:00
watchdog Documentation: use subdir-y to avoid unnecessary built-in.o files 2014-09-26 11:02:55 +02:00
wimax
x86 x86/mm: Update memory map description to list hypervisor-reserved area 2014-09-19 12:48:02 +02:00
xtensa xtensa: remap io area defined in device tree 2014-01-15 00:25:14 +04:00
zh_CN Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2014-08-06 21:03:53 -07:00
00-INDEX locking/Documentation: Move locking related docs into Documentation/locking/ 2014-08-13 10:32:03 +02:00
applying-patches.txt Documentation: change "&" to "and" in Documentation/applying-patches.txt 2014-09-26 11:10:11 +02:00
assoc_array.txt
atomic_ops.txt arch,doc: Convert smp_mb__*() 2014-04-18 14:20:48 +02:00
bad_memory.txt
basic_profiling.txt
bcache.txt
binfmt_misc.txt binfmt_misc: touch up documentation a bit 2014-10-14 02:18:16 +02:00
braille-console.txt
bt8xxgpio.txt
btmrvl.txt
BUG-HUNTING
bus-virt-phys-mapping.txt
cachetlb.txt
Changes Documentation: remove obsolete pcmcia-cs from Changes 2014-09-09 10:35:58 +02:00
circular-buffers.txt
clk.txt clk: Improve clk_ops documentation 2014-05-12 17:08:33 -07:00
coccinelle.txt
CodingStyle CodingStyle: fix a minor typo 2014-08-26 09:35:54 +02:00
cpu-hotplug.txt Doc/cpu-hotplug: Specify race-free way to register CPU hotplug callbacks 2014-03-20 13:43:40 +01:00
cpu-load.txt
cputopology.txt
crc32.txt
dcdbas.txt
debugging-modules.txt
debugging-via-ohci1394.txt firewire: revert to 4 GB RDMA, fix protocols using Memory Space 2014-05-29 15:50:30 +02:00
dell_rbu.txt
devices.txt Merge branch 'v4l_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media 2014-04-04 09:50:07 -07:00
digsig.txt
DMA-API-HOWTO.txt Documentation: correct parameter error for dma_mapping_error 2014-09-26 11:22:29 +02:00
DMA-API.txt DMA-API: Capitalize "CPU" consistently 2014-05-26 17:28:27 -06:00
DMA-attributes.txt doc: spelling error changes 2014-05-05 15:32:05 +02:00
dma-buf-sharing.txt Documentation/dma-buf-sharing.txt: update API descriptions 2014-08-28 11:57:24 +05:30
DMA-ISA-LPC.txt DMA-API: Clarify physical/bus address distinction 2014-05-20 16:54:21 -06:00
dmaengine.txt dmaengine: Update documentation for inline wrapper 2014-08-28 12:37:55 +05:30
dmatest.txt
dontdiff Documentation: LLVMLinux: Update Documentation/dontdiff 2014-04-09 13:44:34 -07:00
dynamic-debug-howto.txt doc: spelling error changes 2014-05-05 15:32:05 +02:00
edac.txt Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial into next 2014-06-04 08:50:34 -07:00
efi-stub.txt doc: arm64: add description of EFI stub support 2014-04-30 19:57:05 +01:00
eisa.txt
email-clients.txt Documentation: add section about git to email-clients.txt 2014-06-29 13:38:33 -07:00
flexible-arrays.txt
futex-requeue-pi.txt doc: fix double words 2014-03-21 13:16:58 +01:00
gcov.txt
highuid.txt
HOWTO Documentation: remove outdated references to the linux-next wiki 2014-10-28 09:06:11 -04:00
hsi.txt Documentation: HSI: Add some general description for the HSI subsystem 2014-05-04 09:49:46 +02:00
hw_random.txt
hwspinlock.txt
init.txt
initrd.txt
intel_txt.txt
Intel-IOMMU.txt
io_ordering.txt
io-mapping.txt
iostats.txt
IPMI.txt
IRQ-affinity.txt
IRQ-domain.txt genirq: Improve documentation to match current implementation 2014-05-27 10:16:44 +02:00
IRQ.txt
irqflags-tracing.txt asm/system.h: clean asm/system.h from docs 2014-04-07 16:36:11 -07:00
isapnp.txt
java.txt Documentation: update java sample wrapper for java 7 2014-05-25 12:39:00 -07:00
kernel-doc-nano-HOWTO.txt
kernel-docs.txt
kernel-parameters.txt USB: Update default usb-storage delay_use value in kernel-parameters.txt 2014-11-07 08:54:53 -08:00
kernel-per-CPU-kthreads.txt Documentation/kernel-per-CPU-kthreads.txt: Workqueue affinity 2014-02-17 14:56:08 -08:00
kmemcheck.txt doc: fix double words 2014-03-21 13:16:58 +01:00
kmemleak.txt Documentation: Add CONFIG_DEBUG_KMEMLEAK_DEFAULT_OFF case 2014-10-24 13:59:03 -04:00
kobject.txt kobject: remove kset from sysfs immediately in kset_unregister() 2013-12-07 21:20:11 -08:00
kprobes.txt Documentation/kprobes: add s390 to list of supported architectures 2014-09-09 08:53:27 +02:00
kref.txt
ldm.txt
local_ops.txt
lockup-watchdogs.txt lockup-watchdogs: Fix a typo 2014-08-26 09:35:52 +02:00
logo.gif
logo.txt
lzo.txt Documentation: lzo: document part of the encoding 2014-09-28 11:08:00 +02:00
magic-number.txt Documentation/serial: Delete obsolete driver documentation 2014-04-16 14:20:34 -07:00
mailbox.txt doc: add documentation for mailbox framework 2014-10-08 10:39:41 +05:30
Makefile Documentation: add makefiles for more targets 2014-09-26 11:02:56 +02:00
ManagementStyle
md.txt
media-framework.txt
memory-barriers.txt memory-barriers: Fix description of 2-legged-if-based control dependencies 2014-09-07 16:15:53 -07:00
memory-hotplug.txt memory-hotplug: add sysfs valid_zones attribute 2014-10-09 22:25:52 -04:00
module-signing.txt Nothing major: the stricter permissions checking for sysfs broke 2014-04-06 09:38:07 -07:00
mono.txt
nommu-mmap.txt
numastat.txt
oops-tracing.txt panic: add TAINT_SOFTLOCKUP 2014-08-08 15:57:24 -07:00
padata.txt
parport-lowlevel.txt
parport.txt
percpu-rw-semaphore.txt
phy.txt phy: core: Let node ptr of PHY point to PHY and not of PHY provider 2014-07-22 12:46:11 +05:30
pi-futex.txt
pinctrl.txt pinctrl: clean up after enable refactoring 2014-09-04 10:05:07 +02:00
pnp.txt
preempt-locking.txt
printk-formats.txt lib/vsprintf: add %*pE[achnops] format specifier 2014-10-14 02:18:26 +02:00
pwm.txt pwm: modify PWM_LOOKUP to initialize all struct pwm_lookup members 2014-05-21 11:19:36 +02:00
ramoops.txt
rbtree.txt doc: spelling error changes 2014-05-05 15:32:05 +02:00
remoteproc.txt
rfkill.txt doc: spelling error changes 2014-05-05 15:32:05 +02:00
robust-futex-ABI.txt
robust-futexes.txt doc: spelling error changes 2014-05-05 15:32:05 +02:00
rpmsg.txt
rtc.txt
SAK.txt
SecurityBugs
serial-console.txt
sgi-ioc4.txt
SM501.txt
smsc_ece1099.txt
sparse.txt
stable_api_nonsense.txt
stable_kernel_rules.txt stable_kernel_rules: Add pointer to netdev-FAQ for network patches 2014-07-09 15:54:27 -07:00
static-keys.txt
SubmitChecklist
SubmittingDrivers doc: SubmittingPatches: remove dead link, kerneltrap.org no longer works 2014-06-19 15:15:27 +02:00
SubmittingPatches Documentation/SubmittingPatches: Reported-by tags and permission 2014-10-29 08:56:46 -04:00
svga.txt
sysfs-rules.txt Documentation/sysfs-rules.txt: Add device attribute error code documentation 2014-09-19 14:44:51 -07:00
sysrq.txt
this_cpu_ops.txt Docs: this_cpu_ops: remove redundant add forms 2014-09-26 11:03:00 +02:00
unaligned-memory-access.txt ether_addr_equal: Optimize implementation, remove unused compare_ether_addr 2013-12-06 16:37:43 -05:00
unicode.txt
unshare.txt
vfio.txt drivers/vfio: EEH support for VFIO PCI device 2014-08-05 15:28:48 +10:00
VGA-softcursor.txt
vgaarbiter.txt
video-output.txt
vme_api.txt
volatile-considered-harmful.txt
workqueue.txt
xillybus.txt xillybus: Move out of staging 2014-09-23 23:44:16 -07:00
xz.txt
zorro.txt