linux/drivers/gpu/drm
Xi Wang 44afb3a043 drm/i915: fix integer overflow in i915_gem_do_execbuffer()
On 32-bit systems, a large args->num_cliprects from userspace via ioctl
may overflow the allocation size, leading to out-of-bounds access.

This vulnerability was introduced in commit 432e58ed ("drm/i915: Avoid
allocation for execbuffer object list").

Signed-off-by: Xi Wang <xi.wang@gmail.com>
Reviewed-by: Chris Wilson <chris@chris-wilson.co.uk>
Cc: stable@vger.kernel.org
Signed-off-by: Daniel Vetter <daniel.vetter@ffwll.ch>
2012-04-23 22:32:15 +02:00
..
exynos VM: add "vm_mmap()" helper function 2012-04-20 17:29:13 -07:00
gma500 drivers: gpu: drm: gma500: mdfld_dsi_output.h: Remove not unneeded include of version.h 2012-04-19 14:38:02 +01:00
i2c drm: add convenience function to create an range property 2012-02-09 10:15:25 +00:00
i810 kill mm argument of vm_munmap() 2012-04-21 01:58:20 -04:00
i915 drm/i915: fix integer overflow in i915_gem_do_execbuffer() 2012-04-23 22:32:15 +02:00
mga drm: move pci bus master enable into driver. 2012-02-16 18:31:07 +00:00
nouveau nouveau: Set special lane map for the right chipset 2012-04-19 16:37:53 +01:00
r128 drm: move pci bus master enable into driver. 2012-02-16 18:31:07 +00:00
radeon drm/radeon: fix load detect on rn50 with hardcoded EDIDs. 2012-04-19 16:02:18 +01:00
savage drm/savage: fix integer overflows in savage_bci_cmdbuf() 2012-04-10 10:22:51 +01:00
sis drm: move pci bus master enable into driver. 2012-02-16 18:31:07 +00:00
tdfx drm: Make the per-driver file_operations struct const 2011-11-11 11:14:47 +00:00
ttm Merge branch 'drm-next' of git://people.freedesktop.org/~airlied/linux 2012-03-22 13:08:22 -07:00
udl mm, drm/udl: fixup vma flags on mmap 2012-04-02 11:08:17 +01:00
via drm: move pci bus master enable into driver. 2012-02-16 18:31:07 +00:00
vmwgfx Merge branch 'drm-next' of git://people.freedesktop.org/~airlied/linux 2012-03-22 13:08:22 -07:00
ati_pcigart.c
drm_agpsupport.c
drm_auth.c drm: Fix authentication kernel crash 2012-01-25 09:27:45 +00:00
drm_buffer.c
drm_bufs.c VM: add "vm_mmap()" helper function 2012-04-20 17:29:13 -07:00
drm_cache.c drm: remove the second argument of k[un]map_atomic() 2012-03-20 21:48:17 +08:00
drm_context.c drm: make DRM_UNLOCKED ioctls with their own mutex 2012-01-05 14:43:02 +00:00
drm_crtc_helper.c drm: allow loading an EDID as firmware to override broken monitor 2012-03-20 10:09:28 +00:00
drm_crtc.c drm: fix page_flip error handling 2012-04-19 14:36:51 +01:00
drm_debugfs.c
drm_dma.c
drm_dp_i2c_helper.c
drm_drv.c drm: base prime/dma-buf support (v5) 2012-03-30 11:52:44 +01:00
drm_edid_load.c drm: allow loading an EDID as firmware to override broken monitor 2012-03-20 10:09:28 +00:00
drm_edid_modes.h drm/edid: support CEA video modes. 2011-12-19 14:53:16 +00:00
drm_edid.c drm: remove unneeded redefinition of DDC_ADDR 2012-03-21 10:19:53 +00:00
drm_encoder_slave.c
drm_fb_helper.c drm: Validate requested virtual size against allocated fb size 2012-04-03 11:18:46 +01:00
drm_fops.c drm: Releasing FBs before releasing GEM objects during drm_release 2012-04-19 14:40:41 +01:00
drm_gem.c drm: base prime/dma-buf support (v5) 2012-03-30 11:52:44 +01:00
drm_global.c
drm_hashtab.c
drm_info.c
drm_ioc32.c drivers/gpu/drm/drm_ioc32.c: initialize all fields 2012-02-03 09:47:32 +00:00
drm_ioctl.c drm: add some caps for userspace to discover more info for dumb KMS driver (v2) 2012-02-16 18:35:11 +00:00
drm_irq.c drm: remove unused code 2012-02-29 10:18:29 +00:00
drm_lock.c drm: add missing exports for i810 driver. 2011-12-22 19:09:01 +00:00
drm_memory.c drm: remove unused code 2012-02-29 10:18:29 +00:00
drm_mm.c
drm_modes.c drm: Add drm_mode_copy() 2012-03-15 09:52:51 +00:00
drm_pci.c drm: move pci bus master enable into driver. 2012-02-16 18:31:07 +00:00
drm_platform.c drm: cope with platformdev->id == -1 2012-03-07 14:03:40 +00:00
drm_prime.c drm: base prime/dma-buf support (v5) 2012-03-30 11:52:44 +01:00
drm_proc.c
drm_scatter.c
drm_stub.c drm/usb: move usb support into a separate module 2012-03-20 06:59:29 +00:00
drm_sysfs.c drm/sysfs: protect sysfs removal code against being run twice. 2012-03-15 13:35:31 +00:00
drm_trace_points.c
drm_trace.h
drm_usb.c drm/usb: fix module license on drm/usb layer. 2012-04-19 09:33:32 +01:00
drm_vm.c drm: add core support for unplugging a device (v2) 2012-03-15 13:35:33 +00:00
Kconfig drm: base prime/dma-buf support (v5) 2012-03-30 11:52:44 +01:00
Makefile drm: base prime/dma-buf support (v5) 2012-03-30 11:52:44 +01:00
README.drm

************************************************************
* For the very latest on DRI development, please see:      *
*     http://dri.freedesktop.org/                          *
************************************************************

The Direct Rendering Manager (drm) is a device-independent kernel-level
device driver that provides support for the XFree86 Direct Rendering
Infrastructure (DRI).

The DRM supports the Direct Rendering Infrastructure (DRI) in four major
ways:

    1. The DRM provides synchronized access to the graphics hardware via
       the use of an optimized two-tiered lock.

    2. The DRM enforces the DRI security policy for access to the graphics
       hardware by only allowing authenticated X11 clients access to
       restricted regions of memory.

    3. The DRM provides a generic DMA engine, complete with multiple
       queues and the ability to detect the need for an OpenGL context
       switch.

    4. The DRM is extensible via the use of small device-specific modules
       that rely extensively on the API exported by the DRM module.


Documentation on the DRI is available from:
    http://dri.freedesktop.org/wiki/Documentation
    http://sourceforge.net/project/showfiles.php?group_id=387
    http://dri.sourceforge.net/doc/

For specific information about kernel-level support, see:

    The Direct Rendering Manager, Kernel Support for the Direct Rendering
    Infrastructure
    http://dri.sourceforge.net/doc/drm_low_level.html

    Hardware Locking for the Direct Rendering Infrastructure
    http://dri.sourceforge.net/doc/hardware_locking_low_level.html

    A Security Analysis of the Direct Rendering Infrastructure
    http://dri.sourceforge.net/doc/security_low_level.html