[PATCH][SRU][TRUSTY] Fix drm oops with an unimplemented ioctl

Colin King colin.king at canonical.com
Wed Nov 7 15:18:10 UTC 2018


From: Colin Ian King <colin.king at canonical.com>

BugLink: https://bugs.launchpad.net/bugs/1797546

SRU Request [Trusty]

== Justification ==

It is possible to cause an oops in drm with an unimplemented ioctl call
with the following reproducer run as root:

#include <sys/ioctl.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>

int main(void)
{
	int ptnum, fd;

	fd = open("/dev/dri/card0", O_RDWR);
	return ioctl(fd, TIOCGPTN, &ptnum);
}

== Fix ==

A backport (minor wiggle) of upstream commit 1539fb9bd405
("drm: fix NULL pointer access by wrong ioctl").

== Testing ==

Run the reproducer above as root, it will trip the oops. With the fix
this oops won't occur.

== Regression Potential ==

Minimal, this is an upstream fix to this exact issue and has been in
the kernel since 3.16. This only touches the drm ioctl interface.

Colin Ian King (1):
  drm: fix NULL pointer access by wrong ioctl

 drivers/gpu/drm/drm_drv.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

-- 
1.9.1




More information about the kernel-team mailing list