How is info->cmap supposed to work?

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Petr Vandrovec <vandrove@vc.cvut.cz>
To: jsimmons@infradead.org
Cc: linux-kernel@vger.kernel.org, linux-fbdev-devel@lists.sourceforge.org
Subject: How is info->cmap supposed to work?
Date: Mon, 21 Jul 2003 17:26:46 +0200	[thread overview]
Message-ID: <20030721152646.GA14520@vana.vc.cvut.cz> (raw)

Hi James,
  I have few problems with understanding how
info->cmap is supposed to work:

(1) FBIOGETCMAP calls fb_copy_cmap(&info->cmap, &cmap, 0);
    Should not it use last argument of '2', as &cmap points
    to the userspace? It looks to me like that anybody can
    overwrite kernel currently... Only positive side is that
    there is no way to control info->cmap contents (see (2)),
    so you can only crash kernel with random code, you cannot 
    stuff some malicious code there.

(2) FBIOPUTCMAP calls fb_set_cmap, which in turn calls
    fb_setcolreg. FBIOGETCMAP copies cmap entries from
    info->cmap (after fixing (1)). Does it mean that
    fb_setcolreg has to fill info->cmap itself? Is not it
    a bit ugly? And fb_set_cmap documentation is incorrect:
    kspc == 0 means copy from userspace, while
    kspc != 0 means copy "local", inside kernel-space. Documentation
    says that 0 is local, while 1 is get_user.

(3) And who is supposed to initialize info->cmap, and to
    what value? It looks to me like that fbdev driver is
    supposed to do:

      memset(&info->cmap, 0, sizeof(info->cmap));
      fb_alloc_cmap(&info->cmap, 256, 1);

    Is it right? What about fb_init_cmap() then? And why
    fbdev has to play with info->cmap, cannot generic
    layer take a care of this, if all info->cmap accesses
    go through generic layer, and fbdev driver itself has
    no need for this field?

    				Thanks,
    					Petr Vandrovec
    					vandrove@vc.cvut.cz

next             reply	other threads:[~2003-07-21 15:11 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2003-07-21 15:26 Petr Vandrovec [this message]
2003-07-25  0:04 ` How is info->cmap supposed to work? James Simmons
  -- strict thread matches above, loose matches on Subject: below --
2003-07-25  0:09 Petr Vandrovec
2003-07-25  0:36 ` Geert Uytterhoeven
2003-07-25  0:36   ` Geert Uytterhoeven

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20030721152646.GA14520@vana.vc.cvut.cz \
    --to=vandrove@vc.cvut.cz \
    --cc=jsimmons@infradead.org \
    --cc=linux-fbdev-devel@lists.sourceforge.org \
    --cc=linux-kernel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.