[PATCH][SRU][TRUSTY] Fix drm oops with an unimplemented ioctl
Colin King
colin.king at canonical.com
Wed Nov 7 15:18:10 UTC 2018
From: Colin Ian King <colin.king at canonical.com>
BugLink: https://bugs.launchpad.net/bugs/1797546
SRU Request [Trusty]
== Justification ==
It is possible to cause an oops in drm with an unimplemented ioctl call
with the following reproducer run as root:
#include <sys/ioctl.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
int main(void)
{
int ptnum, fd;
fd = open("/dev/dri/card0", O_RDWR);
return ioctl(fd, TIOCGPTN, &ptnum);
}
== Fix ==
A backport (minor wiggle) of upstream commit 1539fb9bd405
("drm: fix NULL pointer access by wrong ioctl").
== Testing ==
Run the reproducer above as root, it will trip the oops. With the fix
this oops won't occur.
== Regression Potential ==
Minimal, this is an upstream fix to this exact issue and has been in
the kernel since 3.16. This only touches the drm ioctl interface.
Colin Ian King (1):
drm: fix NULL pointer access by wrong ioctl
drivers/gpu/drm/drm_drv.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--
1.9.1
More information about the kernel-team
mailing list