linux/drivers/gpu/drm/nouveau
Dave Airlie 1b2f148963 drm: block userspace under allocating buffer and having drivers overwrite it (v2)
With the current screwed but its ABI, ioctls for the drm, Linus pointed out that we could allow userspace to specify the allocation size, but we pass it to the driver which then uses it blindly to store a struct. Now if userspace specifies the allocation size as smaller than the driver needs, the driver can possibly overwrite memory.

This patch restructures the driver ioctls so we store the structure size we are expecting, and make sure we allocate at least that size. The copy from/to userspace are still restricted to the size the user specifies, this allows ioctl structs to grow on both sides of the equation.

Up until now we didn't really use the DRM_IOCTL defines in the kernel, so this cleans them up and adds them for nouveau.

v2:
fix nouveau pushbuf arg (thanks to Ben for pointing it out)

Reported-by: Linus Torvalds <torvalds@linuxfoundation.org>
Signed-off-by: Dave Airlie <airlied@redhat.com>
2010-08-17 14:52:25 +10:00
..
Kconfig drm: Import driver for the sil164 I2C TMDS transmitter. 2010-08-02 10:21:13 +10:00
Makefile drm/nvc0: starting point for GF100 support, everything stubbed 2010-08-06 08:35:17 +10:00
nouveau_acpi.c drm/nouveau: support fetching LVDS EDID from ACPI 2010-07-26 11:41:45 +10:00
nouveau_backlight.c backlight: Allow properties to be passed at registration 2010-03-16 19:47:54 +00:00
nouveau_bios.c drm/nouveau: Fix DCB TMDS config parsing. 2010-08-09 15:17:02 +10:00
nouveau_bios.h drm/nv17-nv4x: Attempt to init some external TMDS transmitters. 2010-08-06 08:34:59 +10:00
nouveau_bo.c drm/nouveau: remove unused ttm bo list 2010-08-06 08:33:41 +10:00
nouveau_calc.c drm/nouveau: Add some PFB register defines. 2010-07-26 11:42:13 +10:00
nouveau_channel.c drm: block userspace under allocating buffer and having drivers overwrite it (v2) 2010-08-17 14:52:25 +10:00
nouveau_connector.c drm/nv17-nv4x: Attempt to init some external TMDS transmitters. 2010-08-06 08:34:59 +10:00
nouveau_connector.h drm/nv04-nv40: Disable connector polling when there're no spare CRTCs left. 2010-07-13 10:13:21 +10:00
nouveau_crtc.h drm/nouveau: allow cursor image and position to survive suspend 2010-05-28 16:06:17 +10:00
nouveau_debugfs.c Merge branch 'drm-ttm-pool' into drm-core-next 2010-04-20 13:12:28 +10:00
nouveau_display.c drm: Propagate error code from fb_create() 2010-08-10 10:46:51 +10:00
nouveau_dma.c drm/nouveau: remove left-over !DRIVER_MODESET paths 2010-07-13 10:12:58 +10:00
nouveau_dma.h drm/nouveau: new gem pushbuf interface, bump to 0.0.16 2010-02-25 15:08:44 +10:00
nouveau_dp.c drm/nv50: use custom i2c algo for dp auxch 2010-08-06 08:33:40 +10:00
nouveau_drv.c drm/nouveau: Move display init to a new nouveau_engine. 2010-07-26 11:43:36 +10:00
nouveau_drv.h drm/nvc0: starting point for GF100 support, everything stubbed 2010-08-06 08:35:17 +10:00
nouveau_encoder.h drm/nv17-nv4x: Attempt to init some external TMDS transmitters. 2010-08-06 08:34:59 +10:00
nouveau_fb.h drm/fb: fix fbdev object model + cleanup properly. 2010-04-07 10:21:03 +10:00
nouveau_fbcon.c drm/nvc0: starting point for GF100 support, everything stubbed 2010-08-06 08:35:17 +10:00
nouveau_fbcon.h drm/fbdev: rework output polling to be back in the core. (v4) 2010-05-18 17:40:11 +10:00
nouveau_fence.c drm/nouveau: set TASK_(UN)INTERRUPTIBLE before schedule_timeout() 2010-08-02 10:12:26 +10:00
nouveau_gem.c drm: Use ENOENT consistently for the error return for an unmatched handle. 2010-08-10 10:46:55 +10:00
nouveau_grctx.h drm/nv40: implement ctxprog/state generation 2009-12-16 17:05:39 +10:00
nouveau_hw.c drm/nv17-nv4x: Attempt to init some external TMDS transmitters. 2010-08-06 08:34:59 +10:00
nouveau_hw.h
nouveau_i2c.c drm/nvc0: starting point for GF100 support, everything stubbed 2010-08-06 08:35:17 +10:00
nouveau_i2c.h drm/nv50: use custom i2c algo for dp auxch 2010-08-06 08:33:40 +10:00
nouveau_ioc32.c drm: convert drm_ioctl to unlocked_ioctl 2009-12-18 11:22:31 +10:00
nouveau_irq.c drm/nvc0: starting point for GF100 support, everything stubbed 2010-08-06 08:35:17 +10:00
nouveau_mem.c drm/nvc0: implement memory detection 2010-08-06 08:35:24 +10:00
nouveau_notifier.c drm/nouveau: remove dev_priv->init_state and friends 2010-07-13 10:13:37 +10:00
nouveau_object.c drm/nouveau: allocate fixed amount of PRAMIN per channel on all chipsets 2010-07-13 10:13:44 +10:00
nouveau_reg.h drm/nv10: Fix up switching of NV10TCL_DMA_VTXBUF. 2010-08-06 08:34:51 +10:00
nouveau_sgdma.c drm/nv50: move tlb flushing to a helper function 2010-07-13 10:13:41 +10:00
nouveau_state.c drm/nvc0: starting point for GF100 support, everything stubbed 2010-08-06 08:35:17 +10:00
nouveau_ttm.c drm: move ttm global code to core drm 2010-08-04 09:46:06 +10:00
nv04_crtc.c drm: expand gamma_set 2010-08-10 10:47:00 +10:00
nv04_cursor.c drm/nouveau: allow cursor image and position to survive suspend 2010-05-28 16:06:17 +10:00
nv04_dac.c drm/nouveau: introduce gpio engine 2010-07-26 11:43:57 +10:00
nv04_dfp.c drm/nv30: Workaround dual TMDS brain damage. 2010-08-06 08:35:11 +10:00
nv04_display.c drm/nouveau: Fix TV-out detection on unposted cards lacking a usable DCB table. 2010-07-26 11:43:48 +10:00
nv04_fb.c
nv04_fbcon.c drm/nouveau: Use 0x5f instead of 0x9f as imageblit on original NV10. 2010-05-19 13:15:14 +10:00
nv04_fifo.c drm/nv04: Enable context switching on PFIFO init. 2010-07-13 10:14:00 +10:00
nv04_graph.c drm/nouveau: reduce usage of fence spinlock to when absolutely necessary 2010-07-13 10:14:04 +10:00
nv04_instmem.c drm/nouveau: add instmem flush() hook 2010-07-13 10:13:40 +10:00
nv04_mc.c drm/nouveau: Disable PROM access on init. 2010-07-13 10:13:58 +10:00
nv04_timer.c
nv04_tv.c drm/nouveau: No need to set slave TV encoder configs explicitly. 2010-08-06 08:35:06 +10:00
nv10_fb.c drm/nouveau: Pre-G80 tiling support. 2010-01-11 08:47:56 +10:00
nv10_fifo.c drm/nouveau: add instmem flush() hook 2010-07-13 10:13:40 +10:00
nv10_gpio.c drm/nouveau: introduce gpio engine 2010-07-26 11:43:57 +10:00
nv10_graph.c drm/nv10: Fix up switching of NV10TCL_DMA_VTXBUF. 2010-08-06 08:34:51 +10:00
nv17_tv_modes.c
nv17_tv.c drm/nouveau: introduce gpio engine 2010-07-26 11:43:57 +10:00
nv17_tv.h
nv20_graph.c drm/nv20-nv30: move context table object out of dev_priv 2010-07-13 10:13:50 +10:00
nv30_fb.c drm/nv30: Fix PFB init for nv31. 2010-08-09 15:16:37 +10:00
nv40_fb.c drm/nouveau: Pre-G80 tiling support. 2010-01-11 08:47:56 +10:00
nv40_fifo.c drm/nouveau: add instmem flush() hook 2010-07-13 10:13:40 +10:00
nv40_graph.c drm/nouveau: remove ability to use external firmware 2010-07-13 10:13:43 +10:00
nv40_grctx.c drm/nv40: remove some completed ctxprog TODOs 2010-05-19 13:15:14 +10:00
nv40_mc.c drm/nouveau: Add some PFB register defines. 2010-07-26 11:42:13 +10:00
nv50_calc.c drm/nv50: support fractional feedback divider on newer chips 2010-05-19 16:21:59 +10:00
nv50_crtc.c drm: expand gamma_set 2010-08-10 10:47:00 +10:00
nv50_cursor.c drm/nouveau: allow cursor image and position to survive suspend 2010-05-28 16:06:17 +10:00
nv50_dac.c drm/nv50: implement DAC disconnect fix missed in earlier commit 2010-07-13 10:13:38 +10:00
nv50_display.c drm/nvc0: fix evo dma object so we display something 2010-08-06 08:35:35 +10:00
nv50_display.h drm/nouveau: Move display init to a new nouveau_engine. 2010-07-26 11:43:36 +10:00
nv50_evo.h
nv50_fb.c drm/nv50: fix iommu errors caused by device reading from address 0 2010-06-08 11:03:45 +10:00
nv50_fbcon.c Merge branch 'drm-fbdev-cleanup' into drm-core-next 2010-04-20 13:16:04 +10:00
nv50_fifo.c drm/nv50: fix RAMHT size 2010-07-13 10:14:02 +10:00
nv50_gpio.c drm/nouveau: introduce gpio engine 2010-07-26 11:43:57 +10:00
nv50_graph.c drm/nv50: cleanup nv50_fifo.c 2010-07-13 10:13:49 +10:00
nv50_grctx.c drm/nv50: Add NVA3 support in ctxprog/ctxvals generator. 2010-04-09 10:15:42 +10:00
nv50_instmem.c drm/nv50: correct wait condition for instmem flush 2010-07-26 11:43:52 +10:00
nv50_mc.c drm/nouveau: introduce gpio engine 2010-07-26 11:43:57 +10:00
nv50_sor.c drm/nv50: set DP display power state during DPMS 2010-07-13 10:13:34 +10:00
nvc0_fb.c drm/nvc0: starting point for GF100 support, everything stubbed 2010-08-06 08:35:17 +10:00
nvc0_fifo.c drm/nvc0: starting point for GF100 support, everything stubbed 2010-08-06 08:35:17 +10:00
nvc0_graph.c drm/nvc0: starting point for GF100 support, everything stubbed 2010-08-06 08:35:17 +10:00
nvc0_instmem.c drm/nvc0: fix typo in PRAMIN flush 2010-08-09 15:18:44 +10:00
nvreg.h drm/nouveau: Add some PFB register defines. 2010-07-26 11:42:13 +10:00