https://bugs.freedesktop.org/show_bug.cgi?id=29340
Summary: missing copy_from_user? radeon_info_ioctl
Product: DRI
Version: unspecified
Platform: Other
OS/Version: Linux (All)
Status: NEW
Severity: normal
Priority: medium
Component: DRM/Radeon
AssignedTo: dri-devel at lists.freedesktop.org
ReportedBy: freedesktop at treblig.org
2.6.35 kernel as of git/ubuntu 2.6.35-13.18
In radeon_kms.c there is :
int radeon_info_ioctl(struct drm_device *dev, void *data, struct drm_file
*filp)
{
struct radeon_device *rdev = dev->dev_private;
struct drm_radeon_info *info;
struct radeon_mode_info *minfo = &rdev->mode_info;
uint32_t *value_ptr;
uint32_t value;
struct drm_crtc *crtc;
int i, found;
info = data;
value_ptr = (uint32_t *)((unsigned long)info->value);
value = *value_ptr;
I think that *value_ptr should be done with a DRM_COPY_FROM_USER since I'm
managing to trigger an oops from it.
(see ubuntu bug 606081)
Dave
--
Configure bugmail: https://bugs.freedesktop.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
