Displaying 4 results from an estimated 4 matches for "drm_ioctl_nouveau_channel_alloc".
2020 Aug 28
4
[PATCH] drm/nouveau: bail out of nouveau_channel_new if channel init fails
Unprivileged user can crash kernel by using DRM_IOCTL_NOUVEAU_CHANNEL_ALLOC
ioctl. This was reported by trinity[1] fuzzer.
[ 71.073906] nouveau 0000:01:00.0: crashme[1329]: channel failed to initialise, -17
[ 71.081730] BUG: kernel NULL pointer dereference, address: 00000000000000a0
[ 71.088928] #PF: supervisor read access in kernel mode
[ 71.094059] #PF: error_co...
2020 Nov 15
1
[PATCH] drm/nouveau: bail out of nouveau_channel_new if channel init fails
On Sun, Nov 15, 2020 at 6:43 PM Salvatore Bonaccorso <carnil at debian.org> wrote:
>
> Hi,
>
> On Fri, Aug 28, 2020 at 11:28:46AM +0200, Frantisek Hrbata wrote:
> > Unprivileged user can crash kernel by using DRM_IOCTL_NOUVEAU_CHANNEL_ALLOC
> > ioctl. This was reported by trinity[1] fuzzer.
> >
> > [ 71.073906] nouveau 0000:01:00.0: crashme[1329]: channel failed to initialise, -17
> > [ 71.081730] BUG: kernel NULL pointer dereference, address: 00000000000000a0
> > [ 71.088928] #PF: supervisor read a...
2023 Jul 31
3
[PATCH] drm/nouveau: fixup the uapi header file.
...uint64_t param;
uint64_t value;
};
-#define DRM_IOCTL_NOUVEAU_GETPARAM DRM_IOWR(DRM_COMMAND_BASE + DRM_NOUVEAU_GETPARAM, struct drm_nouveau_getparam)
#define DRM_IOCTL_NOUVEAU_SETPARAM DRM_IOWR(DRM_COMMAND_BASE + DRM_NOUVEAU_SETPARAM, struct drm_nouveau_setparam)
-#define DRM_IOCTL_NOUVEAU_CHANNEL_ALLOC DRM_IOWR(DRM_COMMAND_BASE + DRM_NOUVEAU_CHANNEL_ALLOC, struct drm_nouveau_channel_alloc)
-#define DRM_IOCTL_NOUVEAU_CHANNEL_FREE DRM_IOW (DRM_COMMAND_BASE + DRM_NOUVEAU_CHANNEL_FREE, struct drm_nouveau_channel_free)
#define DRM_IOCTL_NOUVEAU_GROBJ_ALLOC DRM_IOW (DRM_COMMAND_BASE...
2020 Nov 15
0
[PATCH] drm/nouveau: bail out of nouveau_channel_new if channel init fails
Hi,
On Fri, Aug 28, 2020 at 11:28:46AM +0200, Frantisek Hrbata wrote:
> Unprivileged user can crash kernel by using DRM_IOCTL_NOUVEAU_CHANNEL_ALLOC
> ioctl. This was reported by trinity[1] fuzzer.
>
> [ 71.073906] nouveau 0000:01:00.0: crashme[1329]: channel failed to initialise, -17
> [ 71.081730] BUG: kernel NULL pointer dereference, address: 00000000000000a0
> [ 71.088928] #PF: supervisor read access in kernel mode
>...