Re: [PATCH] drm/compat: Clear bounce structures

Maxime Ripard <maxime@xxxxxxxxxx> · Thu, 25 Feb 2021 17:49:11 +0100



On Mon, Feb 22, 2021 at 11:06:43AM +0100, Daniel Vetter wrote:
> Some of them have gaps, or fields we don't clear. Native ioctl code
> does full copies plus zero-extends on size mismatch, so nothing can
> leak. But compat is more hand-rolled so need to be careful.
> 
> None of these matter for performance, so just memset.
> 
> Also I didn't fix up the CONFIG_DRM_LEGACY or CONFIG_DRM_AGP ioctl, those
> are security holes anyway.
> 
> Reported-by: syzbot+620cf21140fc7e772a5d@xxxxxxxxxxxxxxxxxxxxxxxxx # vblank ioctl
> Cc: syzbot+620cf21140fc7e772a5d@xxxxxxxxxxxxxxxxxxxxxxxxx
> Cc: stable@xxxxxxxxxxxxxxx
> Signed-off-by: Daniel Vetter <daniel.vetter@xxxxxxxxx>

Acked-by: Maxime Ripard <mripard@xxxxxxxxxx>

Maxime
Attachment:
signature.asc

Description: PGP signature