From: Johannes Weiner Date: Fri, 13 Jun 2008 05:04:40 +0000 (+1000) Subject: drm: use drms ioctl cmd not what we get passed from userspace. X-Git-Tag: firefly_0821_release~19905^2~20 X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=41ee2ff404ec76194315aeed57ac973b010abe1d;p=firefly-linux-kernel-4.4.55.git drm: use drms ioctl cmd not what we get passed from userspace. This enforces us to use the drm ioctl types so read/write works correctly and not believe what userspace tells us. It does this hopefully without breaking the drm api. Fixes bug from thread: BUG: unable to handle kernel NULL pointer dereference (drm_getunique) Signed-off-by: Dave Airlie --- diff --git a/drivers/char/drm/drm_drv.c b/drivers/char/drm/drm_drv.c index fc54140551a7..22957ac15df4 100644 --- a/drivers/char/drm/drm_drv.c +++ b/drivers/char/drm/drm_drv.c @@ -475,6 +475,8 @@ int drm_ioctl(struct inode *inode, struct file *filp, else goto err_i1; + /* Do not trust userspace, use our own definition */ + cmd = ioctl->cmd; func = ioctl->func; /* is there a local override? */ if ((nr == DRM_IOCTL_NR(DRM_IOCTL_DMA)) && dev->driver->dma_ioctl)