From mboxrd@z Thu Jan  1 00:00:00 1970
From: Lucas Stach <l.stach@pengutronix.de>
Subject: [PATCH RFC 074/111] staging: etnaviv: validate user supplied command
 stream
Date: Thu,  2 Apr 2015 17:30:16 +0200
Message-ID: <1427988653-754-75-git-send-email-l.stach@pengutronix.de>
References: <1427988653-754-1-git-send-email-l.stach@pengutronix.de>
Mime-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Return-path: <dri-devel-bounces@lists.freedesktop.org>
Received: from metis.ext.pengutronix.de (metis.ext.pengutronix.de
 [92.198.50.35])
 by gabe.freedesktop.org (Postfix) with ESMTP id 590046EA66
 for <dri-devel@lists.freedesktop.org>; Thu,  2 Apr 2015 08:31:00 -0700 (PDT)
In-Reply-To: <1427988653-754-1-git-send-email-l.stach@pengutronix.de>
List-Unsubscribe: <http://lists.freedesktop.org/mailman/options/dri-devel>,
 <mailto:dri-devel-request@lists.freedesktop.org?subject=unsubscribe>
List-Archive: <http://lists.freedesktop.org/archives/dri-devel>
List-Post: <mailto:dri-devel@lists.freedesktop.org>
List-Help: <mailto:dri-devel-request@lists.freedesktop.org?subject=help>
List-Subscribe: <http://lists.freedesktop.org/mailman/listinfo/dri-devel>,
 <mailto:dri-devel-request@lists.freedesktop.org?subject=subscribe>
Errors-To: dri-devel-bounces@lists.freedesktop.org
Sender: "dri-devel" <dri-devel-bounces@lists.freedesktop.org>
To: dri-devel@lists.freedesktop.org
Cc: Russell King <linux@arm.linux.org.uk>, kernel@pengutronix.de
List-Id: dri-devel@lists.freedesktop.org

RnJvbTogUnVzc2VsbCBLaW5nIDxybWsra2VybmVsQGFybS5saW51eC5vcmcudWs+CgpQYXJzZSB0
aGUgc3VibWl0dGVkIGNvbW1hbmQgYnVmZmVyIGZvciBhbGxvd2FibGUgR1BVIGNvbW1hbmRzLCBh
bmQKdmFsaWRhdGUgdGhhdCBhbGwgY29tbWFuZHMgZml0IHdob2xlbHkgd2l0aGluIHRoZSBzdWJt
aXR0ZWQgYnVmZmVyLgpXZSBhbGxvdyB0aGUgZm9sbG93aW5nIGNvbW1hbmRzOgoKLSBsb2FkIHN0
YXRlCi0gYW55IG9mIHRoZSBkcmF3IGNvbW1hbmRzCi0gc3RhbGwKLSBub3AKCndoaWNoIGRlbmll
cyBhdHRlbXB0cyB0byBsaW5rLCBjYWxsLCByZXR1cm4sIGV0YyBmcm9tIHRoZSBzdXBwbGllZApj
b21tYW5kIHN0cmVhbS4gIFRoaXMsIGF0IGxlYXN0LCBlbnN1cmVzIHRoYXQgdGhlIEdQVSBzaG91
bGQgcmVhY2ggdGhlCmVuZCBvZiB0aGUgc3VibWl0dGVkIGNvbW1hbmQgc2V0IGFuZCByZXR1cm4g
dG8gb3VyIGJ1ZmZlci4KCkZ1dHVyZSB2YWxpZGF0aW9uIG9mIHRoZSBsb2FkIHN0YXRlIGNvbW1h
bmRzIHdpbGwgZW5zdXJlIHRoYXQgd2UgcHJldmVudAp1c2Vyc3BhY2UgcHJvdmlkaW5nIHBoeXNp
Y2FsIGFkZHJlc3NlcyB2aWEgdGhlIEdQVSBjb21tYW5kIHN0cmVhbSwgd2l0aAphIGZ1dHVyZSBw
b3NzaWJpbGl0eSBvZiBhbHNvIHZhbGlkYXRpbmcgdGhhdCB0aGUgYm91bmRhcmllcyBvZiB0aGUK
ZHJhd2luZyBjb21tYW5kcyBsaWUgd2hvbGVseSB3aXRoaW4gdGhlIHJlcXVlc3RlZCBidWZmZXJz
LiAgRm9yIHRoZQp0aW1lIGJlaW5nLCB0aGlzIGZ1bmN0aW9uYWxpdHkgaXMgZGlzYWJsZWQuCgpT
aWduZWQtb2ZmLWJ5OiBSdXNzZWxsIEtpbmcgPHJtaytrZXJuZWxAYXJtLmxpbnV4Lm9yZy51az4K
LS0tCiBkcml2ZXJzL3N0YWdpbmcvZXRuYXZpdi9NYWtlZmlsZSAgICAgICAgICAgICB8ICAgMSAr
CiBkcml2ZXJzL3N0YWdpbmcvZXRuYXZpdi9ldG5hdml2X2NtZF9wYXJzZXIuYyB8IDEwMyArKysr
KysrKysrKysrKysrKysrKysrKysrKysKIGRyaXZlcnMvc3RhZ2luZy9ldG5hdml2L2V0bmF2aXZf
ZHJ2LmggICAgICAgIHwgICAzICsKIGRyaXZlcnMvc3RhZ2luZy9ldG5hdml2L2V0bmF2aXZfZ2Vt
X3N1Ym1pdC5jIHwgICA3ICsrCiA0IGZpbGVzIGNoYW5nZWQsIDExNCBpbnNlcnRpb25zKCspCiBj
cmVhdGUgbW9kZSAxMDA2NDQgZHJpdmVycy9zdGFnaW5nL2V0bmF2aXYvZXRuYXZpdl9jbWRfcGFy
c2VyLmMKCmRpZmYgLS1naXQgYS9kcml2ZXJzL3N0YWdpbmcvZXRuYXZpdi9NYWtlZmlsZSBiL2Ry
aXZlcnMvc3RhZ2luZy9ldG5hdml2L01ha2VmaWxlCmluZGV4IGVmMGNmZmFiZGNjZS4uMmI3MWMz
MWI2NTAxIDEwMDY0NAotLS0gYS9kcml2ZXJzL3N0YWdpbmcvZXRuYXZpdi9NYWtlZmlsZQorKysg
Yi9kcml2ZXJzL3N0YWdpbmcvZXRuYXZpdi9NYWtlZmlsZQpAQCAtNCw2ICs0LDcgQEAgaWZlcSAo
LCAkKGZpbmRzdHJpbmcgLVcsJChFWFRSQV9DRkxBR1MpKSkKIGVuZGlmCiAKIGV0bmF2aXYteSA6
PSBcCisJZXRuYXZpdl9jbWRfcGFyc2VyLm8gXAogCWV0bmF2aXZfZHJ2Lm8gXAogCWV0bmF2aXZf
Z2VtLm8gXAogCWV0bmF2aXZfZ2VtX3ByaW1lLm8gXApkaWZmIC0tZ2l0IGEvZHJpdmVycy9zdGFn
aW5nL2V0bmF2aXYvZXRuYXZpdl9jbWRfcGFyc2VyLmMgYi9kcml2ZXJzL3N0YWdpbmcvZXRuYXZp
di9ldG5hdml2X2NtZF9wYXJzZXIuYwpuZXcgZmlsZSBtb2RlIDEwMDY0NAppbmRleCAwMDAwMDAw
MDAwMDAuLjRjYzY5NDRlNGE4ZgotLS0gL2Rldi9udWxsCisrKyBiL2RyaXZlcnMvc3RhZ2luZy9l
dG5hdml2L2V0bmF2aXZfY21kX3BhcnNlci5jCkBAIC0wLDAgKzEsMTAzIEBACisjaW5jbHVkZSA8
bGludXgva2VybmVsLmg+CisKKyNpbmNsdWRlICJldG5hdml2X2dlbS5oIgorI2luY2x1ZGUgImV0
bmF2aXZfZ3B1LmgiCisKKyNpbmNsdWRlICJjbWRzdHJlYW0ueG1sLmgiCisKKyNkZWZpbmUgRVhU
UkFDVCh2YWwsIGZpZWxkKSAoKCh2YWwpICYgZmllbGQjI19fTUFTSykgPj4gZmllbGQjI19fU0hJ
RlQpCisKK3N0YXRpYyBib29sIGV0bmF2aXZfdmFsaWRhdGVfbG9hZF9zdGF0ZShzdHJ1Y3QgZXRu
YXZpdl9ncHUgKmdwdSwgdTMyICpidWYsCisJdW5zaWduZWQgaW50IHN0YXRlLCB1bnNpZ25lZCBp
bnQgbnVtKQoreworCXJldHVybiB0cnVlOworCWlmICgweDEyMDAgLSBzdGF0ZSA8IG51bSAqIDQp
CisJCXJldHVybiBmYWxzZTsKKwlpZiAoMHgxMjI4IC0gc3RhdGUgPCBudW0gKiA0KQorCQlyZXR1
cm4gZmFsc2U7CisJaWYgKDB4MTIzOCAtIHN0YXRlIDwgbnVtICogNCkKKwkJcmV0dXJuIGZhbHNl
OworCWlmICgweDEyODQgLSBzdGF0ZSA8IG51bSAqIDQpCisJCXJldHVybiBmYWxzZTsKKwlpZiAo
MHgxMjhjIC0gc3RhdGUgPCBudW0gKiA0KQorCQlyZXR1cm4gZmFsc2U7CisJaWYgKDB4MTMwNCAt
IHN0YXRlIDwgbnVtICogNCkKKwkJcmV0dXJuIGZhbHNlOworCWlmICgweDEzMTAgLSBzdGF0ZSA8
IG51bSAqIDQpCisJCXJldHVybiBmYWxzZTsKKwlpZiAoMHgxMzE4IC0gc3RhdGUgPCBudW0gKiA0
KQorCQlyZXR1cm4gZmFsc2U7CisJaWYgKDB4MTI4MGMgLSBzdGF0ZSA8IG51bSAqIDQgKyAweDBj
KQorCQlyZXR1cm4gZmFsc2U7CisJaWYgKDB4MTI4YWMgLSBzdGF0ZSA8IG51bSAqIDQgKyAweDBj
KQorCQlyZXR1cm4gZmFsc2U7CisJaWYgKDB4MTI4Y2MgLSBzdGF0ZSA8IG51bSAqIDQgKyAweDBj
KQorCQlyZXR1cm4gZmFsc2U7CisJaWYgKDB4MTI5N2MgLSBzdGF0ZSA8IG51bSAqIDQgKyAweDBj
KQorCQlyZXR1cm4gZmFsc2U7CisJcmV0dXJuIHRydWU7Cit9CisKK2Jvb2wgZXRuYXZpdl9jbWRf
dmFsaWRhdGVfb25lKHN0cnVjdCBldG5hdml2X2dwdSAqZ3B1LAorCXN0cnVjdCBldG5hdml2X2dl
bV9vYmplY3QgKm9iaiwgdW5zaWduZWQgaW50IG9mZnNldCwgdW5zaWduZWQgaW50IHNpemUpCit7
CisJdTMyICpzdGFydCA9IG9iai0+dmFkZHIgKyBvZmZzZXQgKiA0OworCXUzMiAqYnVmID0gc3Rh
cnQ7CisJdTMyICplbmQgPSBidWYgKyBzaXplOworCisJd2hpbGUgKGJ1ZiA8IGVuZCkgeworCQl1
MzIgY21kID0gKmJ1ZjsKKwkJdW5zaWduZWQgaW50IGxlbiwgbiwgb2ZmOworCQl1bnNpZ25lZCBp
bnQgb3AgPSBjbWQgPj4gMjc7CisKKwkJc3dpdGNoIChvcCkgeworCQljYXNlIEZFX09QQ09ERV9M
T0FEX1NUQVRFOgorCQkJbiA9IEVYVFJBQ1QoY21kLCBWSVZfRkVfTE9BRF9TVEFURV9IRUFERVJf
Q09VTlQpOworCQkJbGVuID0gMSArIG47CisJCQlpZiAoYnVmICsgbGVuID4gZW5kKQorCQkJCWJy
ZWFrOworCisJCQlvZmYgPSBFWFRSQUNUKGNtZCwgVklWX0ZFX0xPQURfU1RBVEVfSEVBREVSX09G
RlNFVCk7CisJCQlpZiAoIWV0bmF2aXZfdmFsaWRhdGVfbG9hZF9zdGF0ZShncHUsIGJ1ZiArIDEs
CisJCQkJCQkJIG9mZiAqIDQsIG4pKSB7CisJCQkJZGV2X3dhcm4oZ3B1LT5kZXYsICIlczogbG9h
ZCBzdGF0ZSBjb3ZlcnMgcmVzdHJpY3RlZCBzdGF0ZSAoMHgleC0weCV4KSBhdCBvZmZzZXQgJXVc
biIsCisJCQkJCSBfX2Z1bmNfXywgb2ZmICogNCwgKG9mZiArIG4pICogNCwgYnVmIC0gc3RhcnQp
OworCQkJCXJldHVybiBmYWxzZTsKKwkJCX0KKwkJCWJyZWFrOworCisJCWNhc2UgRkVfT1BDT0RF
X0RSQVdfMkQ6CisJCQluID0gRVhUUkFDVChjbWQsIFZJVl9GRV9EUkFXXzJEX0hFQURFUl9DT1VO
VCk7CisJCQlsZW4gPSAyICsgbiAqIDI7CisJCQlicmVhazsKKworCQljYXNlIEZFX09QQ09ERV9E
UkFXX1BSSU1JVElWRVM6CisJCQlsZW4gPSA0OworCQkJYnJlYWs7CisKKwkJY2FzZSBGRV9PUENP
REVfRFJBV19JTkRFWEVEX1BSSU1JVElWRVM6CisJCQlsZW4gPSA2OworCQkJYnJlYWs7CisKKwkJ
Y2FzZSBGRV9PUENPREVfTk9QOgorCQljYXNlIEZFX09QQ09ERV9TVEFMTDoKKwkJCWxlbiA9IDI7
CisJCQlicmVhazsKKworCQlkZWZhdWx0OgorCQkJZGV2X2VycihncHUtPmRldiwgIiVzOiBvcCAl
dSBub3QgcGVybWl0dGVkIGF0IG9mZnNldCAldVxuIiwKKwkJCQlfX2Z1bmNfXywgb3AsIGJ1ZiAt
IHN0YXJ0KTsKKwkJCXJldHVybiBmYWxzZTsKKwkJfQorCisJCWJ1ZiArPSBBTElHTihsZW4sIDIp
OworCX0KKworCWlmIChidWYgPiBlbmQpIHsKKwkJZGV2X2VycihncHUtPmRldiwgIiVzOiBjb21t
YW5kcyBvdmVyZmxvdyBlbmQgb2YgYnVmZmVyOiAldSA+ICV1XG4iLAorCQkJX19mdW5jX18sIGJ1
ZiAtIHN0YXJ0LCBzaXplKTsKKwkJcmV0dXJuIGZhbHNlOworCX0KKworCXJldHVybiB0cnVlOwor
fQpkaWZmIC0tZ2l0IGEvZHJpdmVycy9zdGFnaW5nL2V0bmF2aXYvZXRuYXZpdl9kcnYuaCBiL2Ry
aXZlcnMvc3RhZ2luZy9ldG5hdml2L2V0bmF2aXZfZHJ2LmgKaW5kZXggNDdhYTc0YjM2MjM1Li4x
OGI5MjlmOWQyNjggMTAwNjQ0Ci0tLSBhL2RyaXZlcnMvc3RhZ2luZy9ldG5hdml2L2V0bmF2aXZf
ZHJ2LmgKKysrIGIvZHJpdmVycy9zdGFnaW5nL2V0bmF2aXYvZXRuYXZpdl9kcnYuaApAQCAtMzks
NiArMzksNyBAQAogCiBzdHJ1Y3QgZXRuYXZpdl9ncHU7CiBzdHJ1Y3QgZXRuYXZpdl9tbXU7Citz
dHJ1Y3QgZXRuYXZpdl9nZW1fb2JqZWN0Owogc3RydWN0IGV0bmF2aXZfZ2VtX3N1Ym1pdDsKIAog
c3RydWN0IGV0bmF2aXZfZmlsZV9wcml2YXRlIHsKQEAgLTExMiw2ICsxMTMsOCBAQCBpbnQgZXRu
YXZpdl9nZW1fbmV3X3VzZXJwdHIoc3RydWN0IGRybV9kZXZpY2UgKmRldiwgc3RydWN0IGRybV9m
aWxlICpmaWxlLAogdTMyIGV0bmF2aXZfYnVmZmVyX2luaXQoc3RydWN0IGV0bmF2aXZfZ3B1ICpn
cHUpOwogdm9pZCBldG5hdml2X2J1ZmZlcl9xdWV1ZShzdHJ1Y3QgZXRuYXZpdl9ncHUgKmdwdSwg
dW5zaWduZWQgaW50IGV2ZW50LAogCXN0cnVjdCBldG5hdml2X2dlbV9zdWJtaXQgKnN1Ym1pdCk7
Citib29sIGV0bmF2aXZfY21kX3ZhbGlkYXRlX29uZShzdHJ1Y3QgZXRuYXZpdl9ncHUgKmdwdSwK
KwlzdHJ1Y3QgZXRuYXZpdl9nZW1fb2JqZWN0ICpvYmosIHVuc2lnbmVkIGludCBvZmZzZXQsIHVu
c2lnbmVkIGludCBzaXplKTsKIAogI2lmZGVmIENPTkZJR19ERUJVR19GUwogdm9pZCBtc21fZ2Vt
X2Rlc2NyaWJlKHN0cnVjdCBkcm1fZ2VtX29iamVjdCAqb2JqLCBzdHJ1Y3Qgc2VxX2ZpbGUgKm0p
OwpkaWZmIC0tZ2l0IGEvZHJpdmVycy9zdGFnaW5nL2V0bmF2aXYvZXRuYXZpdl9nZW1fc3VibWl0
LmMgYi9kcml2ZXJzL3N0YWdpbmcvZXRuYXZpdi9ldG5hdml2X2dlbV9zdWJtaXQuYwppbmRleCBj
MzJmYjQ0MjRlZWEuLjdiZDQ5MTJhYjhhZCAxMDA2NDQKLS0tIGEvZHJpdmVycy9zdGFnaW5nL2V0
bmF2aXYvZXRuYXZpdl9nZW1fc3VibWl0LmMKKysrIGIvZHJpdmVycy9zdGFnaW5nL2V0bmF2aXYv
ZXRuYXZpdl9nZW1fc3VibWl0LmMKQEAgLTM5NCw2ICszOTQsMTMgQEAgaW50IGV0bmF2aXZfaW9j
dGxfZ2VtX3N1Ym1pdChzdHJ1Y3QgZHJtX2RldmljZSAqZGV2LCB2b2lkICpkYXRhLAogCQlzdWJt
aXQtPmNtZFtpXS5zaXplID0gc3VibWl0X2NtZC5zaXplIC8gNDsKIAkJc3VibWl0LT5jbWRbaV0u
b2JqID0gZXRuYXZpdl9vYmo7CiAKKwkJaWYgKCFldG5hdml2X2NtZF92YWxpZGF0ZV9vbmUoZ3B1
LCBldG5hdml2X29iaiwKKwkJCQkJICAgICAgc3VibWl0LT5jbWRbaV0ub2Zmc2V0LAorCQkJCQkg
ICAgICBzdWJtaXQtPmNtZFtpXS5zaXplKSkgeworCQkJcmV0ID0gLUVJTlZBTDsKKwkJCWdvdG8g
b3V0OworCQl9CisKIAkJcmV0ID0gc3VibWl0X3JlbG9jKHN1Ym1pdCwgZXRuYXZpdl9vYmosCiAJ
CQkJICAgc3VibWl0X2NtZC5zdWJtaXRfb2Zmc2V0LAogCQkJCSAgIHN1Ym1pdF9jbWQubnJfcmVs
b2NzLCBzdWJtaXRfY21kLnJlbG9jcyk7Ci0tIAoyLjEuNAoKX19fX19fX19fX19fX19fX19fX19f
X19fX19fX19fX19fX19fX19fX19fX19fX18KZHJpLWRldmVsIG1haWxpbmcgbGlzdApkcmktZGV2
ZWxAbGlzdHMuZnJlZWRlc2t0b3Aub3JnCmh0dHA6Ly9saXN0cy5mcmVlZGVza3RvcC5vcmcvbWFp
bG1hbi9saXN0aW5mby9kcmktZGV2ZWwK