superrob1500
/
mirror-linux
mirror of https://github.com/torvalds/linux
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
mirror-linux/drivers/gpu/drm
History
Ian Forbes 32b415a9dc drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE 
This data originates from userspace and is used in buffer offset
calculations which could potentially overflow causing an out-of-bounds
access.

Fixes: 8ce75f8ab9 ("drm/vmwgfx: Update device includes for DX device functionality")
Reported-by: Rohit Keshri <rkeshri@redhat.com>
Signed-off-by: Ian Forbes <ian.forbes@broadcom.com>
Reviewed-by: Maaz Mombasawala <maaz.mombasawala@broadcom.com>
Signed-off-by: Zack Rusin <zack.rusin@broadcom.com>
Link: https://patch.msgid.link/20251021190128.13014-1-ian.forbes@broadcom.com
 		2025-11-06 23:59:40 -05:00
..
adp
amd drm/amd/display: Fix incorrect return of vblank enable on unconfigured crtc 2025-10-28 11:05:47 -04:00
arm
armada
aspeed
ast drm/ast: Clear preserved bits from register output value 2025-10-30 20:44:44 +01:00
atmel-hlcdc
bridge Merge drm/drm-fixes into drm-misc-fixes 2025-10-14 10:59:58 +02:00
ci drm/ci: disable broken MR check in sanity job 2025-10-16 07:49:06 -07:00
clients
display [GIT PULL for v6.18] media updates 2025-10-02 13:13:26 -07:00
etnaviv drm/etnaviv: fix flush sequence logic 2025-10-27 22:47:09 +01:00
exynos drm/exynos: dsi: add support for exynos7870 2025-09-15 20:19:23 +09:00
fsl-dcu
gma500 drm next for 6.18-rc1 2025-10-02 12:47:25 -07:00
gud
hisilicon
hyperv
i915 drm/i915/dmc: Clear HRR EVT_CTL/HTP to zero on ADL-S 2025-10-28 16:00:19 -04:00
imagination drm/imagination: Optionally depend on POWER_SEQUENCING 2025-11-03 13:26:44 +00:00
imx drm/imx: parallel-display: add the bridge before attaching it 2025-10-30 16:55:19 +01:00
ingenic
kmb
lib
lima
logicvc
loongson
mcde
mediatek drm/mediatek: Fix device use-after-free on unbind 2025-10-28 14:56:16 +00:00
meson
mgag200
msm Merge tag 'drm-msm-fixes-2025-10-29' of https://gitlab.freedesktop.org/drm/msm into drm-fixes 2025-10-31 19:07:39 +01:00
mxsfb
nouveau drm/nouveau: Advertise correct modifiers on GB20x 2025-11-06 11:02:08 +10:00
nova DRM Rust changes for v6.18 2025-09-17 16:13:49 +10:00
omapdrm
panel drm/panel: kingdisplay-kd097d04: Disable EoTp 2025-10-29 21:57:42 +01:00
panfrost
panthor drm/panthor: Fix kernel panic on partial unmap of a GPU VA region 2025-10-17 13:48:56 +01:00
pl111
qxl
radeon drm/radeon: Remove calls to drm_put_dev() 2025-10-28 11:00:08 -04:00
renesas drm/rcar-du: dsi: Implement DSI command support 2025-09-08 09:45:01 +03:00
rockchip drm/rockchip: dw_hdmi: use correct SCLIN mask for RK3228 2025-10-16 17:57:50 +02:00
scheduler drm/sched: Fix deadlock in drm_sched_entity_kill_jobs_cb 2025-11-05 12:29:52 +01:00
sitronix
solomon
sprd
sti
stm
sun4i
sysfb
tegra
tests Linux 6.17-rc6 2025-09-15 17:51:07 +10:00
tidss
tilcdc
tiny drm/tiny: pixpaper: add explicit dependency on MMU 2025-11-06 13:47:29 +01:00
ttm ttm/bo: add an API to populate a bo before exporting. 2025-09-11 10:01:38 +10:00
tve200
tyr rust: drm: Introduce the Tyr driver for Arm Mali GPUs 2025-09-11 12:20:03 +00:00
udl
v3d drm next fixes for 6.18-rc1 2025-10-10 14:02:14 -07:00
vboxvideo
vc4
vgem
virtio
vkms drm/vkms: Add P01* formats 2025-09-05 19:57:26 +02:00
vmwgfx drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE 2025-11-06 23:59:40 -05:00
xe drm/xe: Do not wake device during a GT reset 2025-10-29 11:43:30 -07:00
xen
xlnx
Kconfig hyperv-next for v6.18 2025-10-07 08:40:15 -07:00
Kconfig.debug
Makefile rust: drm: Introduce the Tyr driver for Arm Mali GPUs 2025-09-11 12:20:03 +00:00
drm_atomic.c
drm_atomic_helper.c
drm_atomic_state_helper.c
drm_atomic_uapi.c
drm_auth.c
drm_blend.c
drm_bridge.c
drm_bridge_helper.c
drm_buddy.c
drm_cache.c
drm_client.c
drm_client_event.c
drm_client_modeset.c
drm_color_mgmt.c
drm_connector.c
drm_crtc.c
drm_crtc_helper.c
drm_crtc_helper_internal.h
drm_crtc_internal.h
drm_damage_helper.c
drm_debugfs.c
drm_debugfs_crc.c
drm_displayid.c
drm_displayid_internal.h
drm_draw.c drm/draw: fix color truncation in drm_draw_fill24 2025-10-14 09:25:10 +02:00
drm_draw_internal.h drm/draw: fix color truncation in drm_draw_fill24 2025-10-14 09:25:10 +02:00
drm_drv.c Merge drm/drm-next into drm-intel-next 2025-09-10 08:01:42 -04:00
drm_dumb_buffers.c
drm_edid.c
drm_edid_load.c
drm_eld.c
drm_encoder.c
drm_exec.c
drm_fb_dma_helper.c
drm_fb_helper.c
drm_fbdev_dma.c
drm_fbdev_shmem.c
drm_fbdev_ttm.c
drm_file.c
drm_flip_work.c
drm_format_helper.c
drm_format_internal.h
drm_fourcc.c
drm_framebuffer.c
drm_gem.c Summary of significant series in this pull request: 2025-10-02 18:18:33 -07:00
drm_gem_atomic_helper.c drm/sysfb: Do not dereference NULL pointer in plane reset 2025-10-26 17:09:56 +01:00
drm_gem_dma_helper.c
drm_gem_framebuffer_helper.c
drm_gem_shmem_helper.c
drm_gem_ttm_helper.c
drm_gem_vram_helper.c
drm_gpusvm.c drm/gpusvm, drm/xe: Fix userptr to not allow device private pages 2025-10-02 21:57:52 -07:00
drm_gpuvm.c drm next for 6.18-rc1 2025-10-02 12:47:25 -07:00
drm_internal.h
drm_ioc32.c
drm_ioctl.c
drm_kms_helper_common.c
drm_lease.c
drm_managed.c
drm_mipi_dbi.c
drm_mipi_dsi.c
drm_mm.c
drm_mode_config.c
drm_mode_object.c
drm_modes.c
drm_modeset_helper.c
drm_modeset_lock.c
drm_of.c
drm_pagemap.c
drm_panel.c
drm_panel_backlight_quirks.c
drm_panel_orientation_quirks.c
drm_panic.c drm/panic: Fix 24bit pixel crossing page boundaries 2025-10-21 11:28:03 +02:00
drm_panic_qr.rs drm/panic: use `core::ffi::CStr` method names 2025-09-16 09:26:59 +02:00
drm_pci.c
drm_plane.c
drm_plane_helper.c
drm_prime.c
drm_print.c
drm_privacy_screen.c
drm_privacy_screen_x86.c
drm_probe_helper.c
drm_property.c
drm_rect.c
drm_self_refresh_helper.c
drm_simple_kms_helper.c
drm_suballoc.c
drm_syncobj.c
drm_sysfs.c DRM: Add a new 'boot_display' attribute 2025-09-10 09:35:33 -05:00
drm_trace.h
drm_trace_points.c
drm_vblank.c
drm_vblank_work.c
drm_vma_manager.c
drm_writeback.c