On Sat, Jan 12, 2019 at 10:17:47AM +0100, Hans Verkuil wrote: > On 1/11/19 10:10 PM, Sakari Ailus wrote: > > Hi Hans, > > > > On Fri, Jan 11, 2019 at 09:31:25AM +0100, Hans Verkuil wrote: > >> Three fixes for a bug introduced in 5.0. > >> > >> The last patch (Validate num_planes for debug messages) is also backported > >> to kernels >= 4.12 (the oldest kernel for which it applies cleanly). > > > > The surrounding lines of code have changed slightly over the years. The > > older kernels still suffer from the same problem as far as I see, so the > > backport is relevant down to 3.16 at least (but older kernels aren't > > supported anyway so I didn't check further). The problem was likely > > introduced by the big IOCTL handling patches long, long time ago. Huh. > > > > I didn't plan on backporting this to older kernels. You have to be root > to enable this debugging, so it is not security bug. It is a security problem, even if root would have to enable the feature. In practice it is not that severe as few would end up doing that. But we don't know. I think it'd be easier to fix it than informing potential users about its dangers. I can submit a patch for the older kernels, too. -- Sakari Ailus sakari.ailus@xxxxxxxxxxxxxxx
