On Wed, Mar 03, 2021 at 08:42:31AM +0100, Christian König wrote:

Am 03.03.21 um 01:27 schrieb Colin King:

...

From: Colin Ian King colin.king@canonical.com

Currently the ioctl command RADEON_INFO_SI_BACKEND_ENABLED_MASK can copy back uninitialised data in value_tmp that pointer *value points to. This can occur when rdev->family is less than CHIP_BONAIRE and less than CHIP_TAHITI. Fix this by adding in a missing -EINVAL so that no invalid value is copied back to userspace.

Addresses-Coverity: ("Uninitialized scalar variable) Cc: stable@vger.kernel.org # 3.13+ Fixes: 439a1cfffe2c ("drm/radeon: expose render backend mask to the userspace") Signed-off-by: Colin Ian King colin.king@canonical.com

Reviewed-by: Christian König christian.koenig@amd.com

Let's hope that this doesn't break UAPI.

If it does I think the only difference would be errno userspace sees (aside from the stack garbage, which we could also emulate). Switching to return 0; is easy. So no worries this would be a problem :-) -Daniel

Christian.

...

---

drivers/gpu/drm/radeon/radeon_kms.c | 1 + 1 file changed, 1 insertion(+)

diff --git a/drivers/gpu/drm/radeon/radeon_kms.c b/drivers/gpu/drm/radeon/radeon_kms.c index 2479d6ab7a36..58876bb4ef2a 100644 --- a/drivers/gpu/drm/radeon/radeon_kms.c +++ b/drivers/gpu/drm/radeon/radeon_kms.c @@ -518,6 +518,7 @@ int radeon_info_ioctl(struct drm_device *dev, void *data, struct drm_file *filp) *value = rdev->config.si.backend_enable_mask; } else { DRM_DEBUG_KMS("BACKEND_ENABLED_MASK is si+ only!\n");

• 	return -EINVAL;
  

  } break; case RADEON_INFO_MAX_SCLK: