https://bugs.freedesktop.org/show_bug.cgi?id=29340
Summary: missing copy_from_user? radeon_info_ioctl Product: DRI Version: unspecified Platform: Other OS/Version: Linux (All) Status: NEW Severity: normal Priority: medium Component: DRM/Radeon AssignedTo: dri-devel@lists.freedesktop.org ReportedBy: freedesktop@treblig.org
2.6.35 kernel as of git/ubuntu 2.6.35-13.18
In radeon_kms.c there is :
int radeon_info_ioctl(struct drm_device *dev, void *data, struct drm_file *filp) { struct radeon_device *rdev = dev->dev_private; struct drm_radeon_info *info; struct radeon_mode_info *minfo = &rdev->mode_info; uint32_t *value_ptr; uint32_t value; struct drm_crtc *crtc; int i, found;
info = data; value_ptr = (uint32_t *)((unsigned long)info->value); value = *value_ptr;
I think that *value_ptr should be done with a DRM_COPY_FROM_USER since I'm managing to trigger an oops from it. (see ubuntu bug 606081)
Dave
https://bugs.freedesktop.org/show_bug.cgi?id=29340
--- Comment #1 from Dave Gilbert freedesktop@treblig.org 2010-08-01 08:28:45 PDT --- Created an attachment (id=37502) View: https://bugs.freedesktop.org/attachment.cgi?id=37502 Review: https://bugs.freedesktop.org/review?bug=29340&attachment=37502
Kernel patch to add copy from user
Seems to make Google Earth 5.1.3535.3218 work for me.
https://bugs.freedesktop.org/show_bug.cgi?id=29340
--- Comment #2 from Dave Airlie airlied@freedesktop.org 2010-08-01 16:47:16 PDT --- I've queued this fix to Linus, thanks for figuring what was broken.
https://bugs.freedesktop.org/show_bug.cgi?id=29340
Alex Deucher agd5f@yahoo.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |FIXED
--- Comment #3 from Alex Deucher agd5f@yahoo.com 2010-11-18 10:15:33 PST --- upsteam now.
dri-devel@lists.freedesktop.org
-
bugzilla-daemon@freedesktop.org