| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 4 Feb 2019 22:49:01 +0100
From: Daniel Vetter <daniel.vetter@...ll.ch>
To: Sam Ravnborg <sam@...nborg.org>
Cc: DRI Development <dri-devel@...ts.freedesktop.org>,
LKML <linux-kernel@...r.kernel.org>,
Hans de Goede <hdegoede@...hat.com>,
Nicholas Mc Guire <der.herr@...r.at>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Daniel Vetter <daniel.vetter@...el.com>,
Fabio Rafael da Rosa <fdr@...42.net>,
Emil Velikov <emil.velikov@...labora.com>
Subject: Re: [PATCH 1/2] staging/vboxvideo: don't set dev_priv_size = 0
On Mon, Feb 4, 2019 at 7:49 PM Sam Ravnborg <sam@...nborg.org> wrote:
>
> Hi Daniel
>
> On Mon, Feb 04, 2019 at 11:31:13AM +0100, Daniel Vetter wrote:
> > The compiler already clears this for us.
> >
> > More important, someone might look what this is actually used for,
> > and freak out about the dragon staring back at them.
> >
> > Signed-off-by: Daniel Vetter <daniel.vetter@...el.com>
> > Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
> > Cc: Hans de Goede <hdegoede@...hat.com>
> > Cc: Daniel Vetter <daniel.vetter@...ll.ch>
> > Cc: Nicholas Mc Guire <der.herr@...r.at>
> > Cc: Emil Velikov <emil.velikov@...labora.com>
> > Cc: Fabio Rafael da Rosa <fdr@...42.net>
> > ---
> > drivers/staging/vboxvideo/vbox_drv.c | 1 -
> > 1 file changed, 1 deletion(-)
> >
> > diff --git a/drivers/staging/vboxvideo/vbox_drv.c b/drivers/staging/vboxvideo/vbox_drv.c
> > index b0d73d5fba5d..43c3d0a4fa1a 100644
> > --- a/drivers/staging/vboxvideo/vbox_drv.c
> > +++ b/drivers/staging/vboxvideo/vbox_drv.c
> > @@ -222,7 +222,6 @@ static void vbox_master_drop(struct drm_device *dev, struct drm_file *file_priv)
> > static struct drm_driver driver = {
> > .driver_features =
> > DRIVER_MODESET | DRIVER_GEM | DRIVER_PRIME | DRIVER_ATOMIC,
> > - .dev_priv_size = 0,
> >
> > .lastclose = drm_fb_helper_lastclose,
> > .master_set = vbox_master_set,
>
> I have stared at the file for a long time and so far no dragon
> was staring back at me. There was a few "#ifdef" that screamed
> at me, and a drm_fb_helper_fbdev_setup() that looked
> suspicious alas no dragon :-(
dev_priv_size is used by drm_bufs.c aka "you want a root-hole? have
it!" code from dri1 days. It's not running on any modern driver, at
least trinity/syzcaller stopped complaining (and I reviewed all the
entry points and made sure they go nowhere else than an immediate
return -errno). Except nouveau, for reasons (we accidentally made it
uapi there, but it's fixed, just need to wait for all those installs
to die so we can nuke it for good). The dragon was right there
breathing down your neck, and wouldn't have seen it coming if it
decided to have a snack :-)
btw if you're bored, we should probably have a
CONFIG_FEWER_EXPLOITS_IN_DRM_NOUVEAU or so, default n, for the next
unaware traveller wandering into this dragon den.
-Daniel
> As for the change above, dragon or no dragon:
> Reviewed-by: Sam Ravnborg <sam@...nborg.org>
>
> Sam
--
Daniel Vetter
Software Engineer, Intel Corporation
+41 (0) 79 365 57 48 - http://blog.ffwll.ch
Powered by blists - more mailing lists