From a01c47737a9ca118ab75c6fd6e75739b824de830 Mon Sep 17 00:00:00 2001 From: Ville Syrjälä Date: Wed, 21 Mar 2018 23:12:46 +0200 Subject: drm: Fix uabi regression by allowing garbage mode->type from userspace MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Apparently xf86-video-vmware leaves the mode->type uninitialized when feeding the mode to the kernel. Thus we have no choice but to accept the garbage in. We'll just ignore any of the bits we don't want. The mode type is just a hint anyway, and more useful for the kernel->userspace direction. Reported-by: Thomas Hellstrom CC: Thomas Hellstrom Cc: Adam Jackson Cc: Alex Deucher Fixes: c6ed6dad5cfb ("drm/uapi: Validate the mode flags/type") References: https://lists.freedesktop.org/archives/dri-devel/2018-March/170213.html Signed-off-by: Ville Syrjälä Link: https://patchwork.freedesktop.org/patch/msgid/20180321211246.10152-1-ville.syrjala@linux.intel.com Tested-by: Thomas Hellstrom Reviewed-by: Maarten Lankhorst Reviewed-by: Daniel Stone --- drivers/gpu/drm/drm_modes.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) (limited to 'drivers/gpu/drm/drm_modes.c') diff --git a/drivers/gpu/drm/drm_modes.c b/drivers/gpu/drm/drm_modes.c index f6b7c0e36a1a..e82b61e08f8c 100644 --- a/drivers/gpu/drm/drm_modes.c +++ b/drivers/gpu/drm/drm_modes.c @@ -1611,7 +1611,13 @@ int drm_mode_convert_umode(struct drm_device *dev, out->vscan = in->vscan; out->vrefresh = in->vrefresh; out->flags = in->flags; - out->type = in->type; + /* + * Old xf86-video-vmware (possibly others too) used to + * leave 'type' unititialized. Just ignore any bits we + * don't like. It's a just hint after all, and more + * useful for the kernel->userspace direction anyway. + */ + out->type = in->type & DRM_MODE_TYPE_ALL; strncpy(out->name, in->name, DRM_DISPLAY_MODE_LEN); out->name[DRM_DISPLAY_MODE_LEN-1] = 0; -- cgit v1.2.3