summaryrefslogtreecommitdiff
path: root/drivers/gpu/drm/drm_modes.c
diff options
context:
space:
mode:
authorVille Syrjälä <ville.syrjala@linux.intel.com>2018-03-22 00:12:46 +0300
committerVille Syrjälä <ville.syrjala@linux.intel.com>2018-03-23 14:51:12 +0300
commita01c47737a9ca118ab75c6fd6e75739b824de830 (patch)
treee3dd9e41cc47c273391c020620d5274af8f8de4c /drivers/gpu/drm/drm_modes.c
parent1c7095d2836baafd84e596dd34ba1a1293a4faa9 (diff)
downloadlinux-a01c47737a9ca118ab75c6fd6e75739b824de830.tar.xz
drm: Fix uabi regression by allowing garbage mode->type from userspace
Apparently xf86-video-vmware leaves the mode->type uninitialized when feeding the mode to the kernel. Thus we have no choice but to accept the garbage in. We'll just ignore any of the bits we don't want. The mode type is just a hint anyway, and more useful for the kernel->userspace direction. Reported-by: Thomas Hellstrom <thomas@shipmail.org> CC: Thomas Hellstrom <thomas@shipmail.org> Cc: Adam Jackson <ajax@redhat.com> Cc: Alex Deucher <alexander.deucher@amd.com> Fixes: c6ed6dad5cfb ("drm/uapi: Validate the mode flags/type") References: https://lists.freedesktop.org/archives/dri-devel/2018-March/170213.html Signed-off-by: Ville Syrjälä <ville.syrjala@linux.intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20180321211246.10152-1-ville.syrjala@linux.intel.com Tested-by: Thomas Hellstrom <thellstrom@vmware.com> Reviewed-by: Maarten Lankhorst <maarten.lankhorst@linux.intel.com> Reviewed-by: Daniel Stone <daniels@collabora.com>
Diffstat (limited to 'drivers/gpu/drm/drm_modes.c')
-rw-r--r--drivers/gpu/drm/drm_modes.c8
1 files changed, 7 insertions, 1 deletions
diff --git a/drivers/gpu/drm/drm_modes.c b/drivers/gpu/drm/drm_modes.c
index f6b7c0e36a1a..e82b61e08f8c 100644
--- a/drivers/gpu/drm/drm_modes.c
+++ b/drivers/gpu/drm/drm_modes.c
@@ -1611,7 +1611,13 @@ int drm_mode_convert_umode(struct drm_device *dev,
out->vscan = in->vscan;
out->vrefresh = in->vrefresh;
out->flags = in->flags;
- out->type = in->type;
+ /*
+ * Old xf86-video-vmware (possibly others too) used to
+ * leave 'type' unititialized. Just ignore any bits we
+ * don't like. It's a just hint after all, and more
+ * useful for the kernel->userspace direction anyway.
+ */
+ out->type = in->type & DRM_MODE_TYPE_ALL;
strncpy(out->name, in->name, DRM_DISPLAY_MODE_LEN);
out->name[DRM_DISPLAY_MODE_LEN-1] = 0;