From: Rob Clark rob@ti.com

If an older userspace passes in a smaller arg than the current kernel ioctl arg struct, then extra fields should be initialized to zero rather than passing random data to the DRM driver.

Signed-off-by: Rob Clark rob@ti.com --- A potential issue that Daniel Vetter spotted. It isn't currently an issue, but I thought it would be better to fix now than forget about it and have problems later.

drivers/gpu/drm/drm_drv.c | 2 ++ 1 files changed, 2 insertions(+), 0 deletions(-)

diff --git a/drivers/gpu/drm/drm_drv.c b/drivers/gpu/drm/drm_drv.c index 93a112d..7a87e08 100644 --- a/drivers/gpu/drm/drm_drv.c +++ b/drivers/gpu/drm/drm_drv.c @@ -438,6 +438,8 @@ long drm_ioctl(struct file *filp, goto err_i1; } } + if (asize > usize) + memset(kdata + usize, 0, asize - usize); }

if (cmd & IOC_IN) {