geemili
/
drm
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
drm/shared-core
History
Matthias Hopf 1d930fc75b drm/i915: fix ioremap of a user address for non-root (CVE-2008-3831) 
Olaf Kirch noticed that the i915_set_status_page() function of the i915
kernel driver calls ioremap with an address offset that is supplied by
userspace via ioctl. The function zeroes the mapped memory via memset
and tells the hardware about the address. Turns out that access to that
ioctl is not restricted to root so users could probably exploit that to
do nasty things. We haven't tried to write actual exploit code though.

It only affects the Intel G33 series and newer.
 		2008-10-25 12:15:50 -04:00
..
Makefile.am Move types shared with user mode to xgi_drm.h. 2007-07-09 16:33:14 -07:00
drm.h [FreeBSD] Replace typedefs on bsd. 2008-08-29 15:46:05 -04:00
drm_internal.h Add new shared header file drm_internal.h. 2007-11-14 14:28:34 -05:00
drm_pciids.txt radeon: fix bus master enabled bits on newer asics 2008-10-06 03:08:27 -04:00
drm_sarea.h drm: remove lots of spurious whitespace. 2007-11-05 12:42:22 +10:00
i915_dma.c drm/i915: fix ioremap of a user address for non-root (CVE-2008-3831) 2008-10-25 12:15:50 -04:00
i915_drm.h intel-gem: Replace version bump signalling GEM with I915_PARAM_HAS_GEM. 2008-07-30 14:10:36 -07:00
i915_drv.h i915: Fix i915 build on FreeBSD 2008-08-24 15:53:17 -04:00
i915_irq.c i915: Cleanup interrupt handling 2008-10-09 22:11:55 -04:00
i915_mem.c drm: cleanup DRM_DEBUG() parameters 2008-01-03 16:56:04 +10:00
i915_suspend.c i915: official name for GM45 chipset 2008-07-03 00:49:51 +08:00
imagine_drv.h Add skeletal imagine driver (but don't build it yet). 2005-03-29 01:47:38 +00:00
mach64_dma.c [FreeBSD] Ensure that drm_pci_alloc is never called while locks are held. 2008-09-06 18:37:06 -04:00
mach64_drm.h drm: detypedef drm.h and fixup all problems 2007-07-16 11:22:15 +10:00
mach64_drv.h Merge branch 'master' into vblank-rework, including mach64 support 2008-01-22 09:42:37 -08:00
mach64_irq.c mach64: fix after vblank-rework 2008-01-25 16:54:29 +02:00
mach64_state.c drm: cleanup DRM_DEBUG() parameters 2008-01-03 16:56:04 +10:00
mga_dma.c drm: cleanup DRM_DEBUG() parameters 2008-01-03 16:56:04 +10:00
mga_drm.h drm: remove lots of spurious whitespace. 2007-11-05 12:42:22 +10:00
mga_drv.h Merge branch 'master' into vblank-rework, including mach64 support 2008-01-22 09:42:37 -08:00
mga_irq.c Merge branch 'master' into vblank-rework, including mach64 support 2008-01-22 09:42:37 -08:00
mga_state.c drm: cleanup DRM_DEBUG() parameters 2008-01-03 16:56:04 +10:00
mga_ucode.h Lindent of core build. Drivers checked for no binary diffs. A few files 2004-09-30 21:12:10 +00:00
mga_warp.c Remove DRM_ERR OS macro. 2007-07-20 12:53:52 -07:00
nouveau_dma.c nouveau: A single define of dma skips is more than enough. 2008-02-22 19:28:54 +01:00
nouveau_dma.h nouveau: store user control reg offsets in channel struct 2007-11-14 04:09:53 +11:00
nouveau_drm.h nouveau: fifo and graphics engine suspend and resume for nv04-nv4x 2008-08-19 02:01:14 +01:00
nouveau_drv.h nouveau: fifo and graphics engine suspend and resume for nv04-nv4x 2008-08-19 02:01:14 +01:00
nouveau_fifo.c nouveau: fifo and graphics engine suspend and resume for nv04-nv4x 2008-08-19 02:01:14 +01:00
nouveau_irq.c nv50: enable 0x400500 bit 0 after PGRAPH exception also 2008-05-02 01:36:30 +10:00
nouveau_mem.c nouveau: interface changes for nv5x 3d 2008-07-08 12:35:50 +10:00
nouveau_notifier.c nouveau: allocate drm-use vram buffers from end of vram. 2008-06-23 01:00:42 +10:00
nouveau_object.c nv50: add support for chipset 0x92 2008-09-17 14:52:22 +10:00
nouveau_reg.h nv50: primitive i2c interrupt handler 2008-04-05 21:02:00 +02:00
nouveau_state.c nouveau: 8200 cards are 0xA0 family. 2008-09-05 00:17:52 +02:00
nouveau_swmthd.c drm: remove lots of spurious whitespace. 2007-11-05 12:42:22 +10:00
nouveau_swmthd.h drm: remove lots of spurious whitespace. 2007-11-05 12:42:22 +10:00
nv04_fb.c drm: remove lots of spurious whitespace. 2007-11-05 12:42:22 +10:00
nv04_fifo.c nouveau: fix nv04 fifo context save to save reg contents, not reg offset 2008-07-29 02:32:13 +01:00
nv04_graph.c nv05: enable ctx/op methods, and ignore patch valid failures. 2008-01-11 12:51:08 +11:00
nv04_instmem.c nouveau: funcs to determine active channel on PFIFO. 2007-11-14 03:27:37 +11:00
nv04_mc.c nouveau: move AGP reset to mem_init_agp 2008-03-11 16:45:35 +00:00
nv04_timer.c nouveau: nv20 bios does not initialise PTIMER 2008-03-25 18:32:26 +00:00
nv10_fb.c drm: remove lots of spurious whitespace. 2007-11-05 12:42:22 +10:00
nv10_fifo.c nouveau: funcs to determine active channel on PFIFO. 2007-11-14 03:27:37 +11:00
nv10_graph.c nouveau: funcs to determine active channel on PFIFO. 2007-11-14 03:27:37 +11:00
nv20_graph.c nouveau: fifo and graphics engine suspend and resume for nv04-nv4x 2008-08-19 02:01:14 +01:00
nv40_fb.c nouveau: NV40 can/should now be able to run after the blob. 2008-02-02 12:46:47 +01:00
nv40_fifo.c nouveau: funcs to determine active channel on PFIFO. 2007-11-14 03:27:37 +11:00
nv40_graph.c nouveau: wait for pgraph idle after loading or saving a context 2008-08-08 16:25:05 +01:00
nv40_mc.c drm: remove lots of spurious whitespace. 2007-11-05 12:42:22 +10:00
nv50_fifo.c nv50: when destroying a channel make sure it's not still current on PFIFO 2008-06-25 16:49:48 +10:00
nv50_graph.c nv50: add initial context for chipset 0xaa 2008-09-17 22:18:03 +10:00
nv50_instmem.c nv50: force channel vram access through vm 2008-03-13 00:23:52 +11:00
nv50_mc.c nouveau: enable/disable engine-specific interrupts in _init()/_takedown() 2007-08-08 10:49:05 +10:00
nv_drv.h Skeleton nv drm driver, to enable DMA in EXA. (Lars Knoll, minor updates by 2005-10-06 23:31:29 +00:00
r128_cce.c drm/pcigart: fix the pci gart to use the drm_pci wrapper. 2008-03-17 07:05:46 +10:00
r128_drm.h drm: remove XFREE86_VERSION macros 2007-08-28 15:17:36 +10:00
r128_drv.h Merge branch 'master' into vblank-rework, including mach64 support 2008-01-22 09:42:37 -08:00
r128_irq.c Merge branch 'master' into vblank-rework, fixup remaining drivers 2007-10-30 12:52:46 -07:00
r128_state.c drm: cleanup DRM_DEBUG() parameters 2008-01-03 16:56:04 +10:00
r300_cmdbuf.c r300: Fix cliprect emit 2008-07-29 19:59:08 +02:00
r300_reg.h radeon: r345xx fixe hard lockup 2008-06-13 09:54:05 +02:00
r600_microcode.h radeon: split microcode out into a separate header file. 2008-05-28 11:12:57 +10:00
radeon_cp.c radeon: PCIE cards don't appear to have explicit bus master 2008-10-07 04:47:54 +10:00
radeon_drm.h RADEON: add get_param for number of GB pipes 2008-05-27 18:34:33 -04:00
radeon_drv.h radeon: add comment to clarify bus mastering on PCIE chips 2008-10-06 12:12:49 -04:00
radeon_irq.c Remove accidental leftover tests. 2008-07-21 13:43:12 +02:00
radeon_mem.c drm/radeon: fixup 0 vs NULL 2008-07-18 14:32:46 +10:00
radeon_microcode.h radeon: split microcode out into a separate header file. 2008-05-28 11:12:57 +10:00
radeon_state.c radeon: remove microcode version 2008-07-18 14:36:47 +10:00
savage_bci.c drm: major whitespace/coding style realignment with kernel 2007-11-22 16:10:36 +10:00
savage_drm.h drm: detypedef drm.h and fixup all problems 2007-07-16 11:22:15 +10:00
savage_drv.h drm: remove lots of spurious whitespace. 2007-11-05 12:42:22 +10:00
savage_state.c drm: major whitespace/coding style realignment with kernel 2007-11-22 16:10:36 +10:00
sis_drm.h Assert an MIT copyright on sis_drm.h, since one was lacking and I created 2005-11-28 23:10:41 +00:00
sis_drv.h drm: major whitespace/coding style realignment with kernel 2007-11-22 16:10:36 +10:00
sis_ds.c complete fix for attribution 2006-01-02 03:30:57 +00:00
sis_ds.h some fixes from linux kernel 2006-01-02 03:44:23 +00:00
sis_mm.c Replace DRM_IOCTL_ARGS with (dev, data, file_priv) and remove DRM_DEVICE. 2007-07-20 18:16:42 -07:00
tdfx_drv.h Assert an MIT copyright on sis_drm.h, since one was lacking and I created 2005-11-28 23:10:41 +00:00
via_3d_reg.h drm: major whitespace/coding style realignment with kernel 2007-11-22 16:10:36 +10:00
via_dma.c Avoid unnecessary waits for command regulator pause. 2008-03-16 20:07:14 +01:00
via_drm.h drm: major whitespace/coding style realignment with kernel 2007-11-22 16:10:36 +10:00
via_drv.c Simplify the fencing code and differentiate between flushes and 2008-01-30 22:06:02 +01:00
via_drv.h Simplify the fencing code and differentiate between flushes and 2008-01-30 22:06:02 +01:00
via_ds.c Port the VIA DRM to FreeBSD. Original patch by Jake, with some cleanup by 2005-08-15 18:07:12 +00:00
via_ds.h VIA: Fix sparse warnings (Alexey Dobriyan) 2005-07-15 21:22:51 +00:00
via_irq.c [via] Fix driver after vblank-rework merge. 2008-03-16 11:45:57 +01:00
via_map.c Simplify the fencing code and differentiate between flushes and 2008-01-30 22:06:02 +01:00
via_mm.c Replace DRM_IOCTL_ARGS with (dev, data, file_priv) and remove DRM_DEVICE. 2007-07-20 18:16:42 -07:00
via_mm.h VIA: 2005-05-23 20:56:54 +00:00
via_verifier.c drm: major whitespace/coding style realignment with kernel 2007-11-22 16:10:36 +10:00
via_verifier.h drm: major whitespace/coding style realignment with kernel 2007-11-22 16:10:36 +10:00
via_video.c drm: cleanup DRM_DEBUG() parameters 2008-01-03 16:56:04 +10:00
xgi_drm.h xgixp: Remove dependency on TTM fences 2008-06-10 22:18:14 -07:00