From: Ville Syrjälä <[email protected]> Currently we allow any garbage in drm_mode_create_dumb::flags. Reject the ioctl if flags has anything in it since we currently have no defined flags.
The uapi documentation already says that the flags must be zero. I checked that at least these current users all zero the struct fully before issuing the ioctl: gbm: https://gitlab.freedesktop.org/mesa/mesa/-/blob/main/src/gbm/backends/dri/gbm_dri.c?ref_type=heads#L852 modesetting: https://gitlab.freedesktop.org/xorg/xserver/-/blob/master/hw/xfree86/drivers/modesetting/dumb_bo.c#L52 plymouth: https://gitlab.freedesktop.org/plymouth/plymouth/-/blob/main/src/plugins/renderers/drm/plugin.c?ref_type=heads#L235 Mesa also has other users besides gbm, but all of those appear to be using designated initializers and do not assign anything into 'flags'. If someone can think of other important users that might be feeding stack garbage into the flags currently, let me know. Cc: Daniel Stone <[email protected]> Signed-off-by: Ville Syrjälä <[email protected]> --- drivers/gpu/drm/drm_dumb_buffers.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/gpu/drm/drm_dumb_buffers.c b/drivers/gpu/drm/drm_dumb_buffers.c index e9eed9a5b760..fdc249198022 100644 --- a/drivers/gpu/drm/drm_dumb_buffers.c +++ b/drivers/gpu/drm/drm_dumb_buffers.c @@ -197,6 +197,8 @@ int drm_mode_create_dumb(struct drm_device *dev, return -ENOSYS; if (!args->width || !args->height || !args->bpp) return -EINVAL; + if (args->flags) + return -EINVAL; /* overflow checks for 32bit size calculations */ if (args->bpp > U32_MAX - 8) -- 2.49.1
