opnsense-src

mirror of https://github.com/opnsense/src.git synced 2026-02-18 18:20:26 -05:00

History

Ed Maste 7976b9c5e0 Correct signedness bug in drm_modeset_ctl drm_modeset_ctl() takes a signed in from userland, does a boundscheck, and then uses it to index into a structure and write to it. The boundscheck only checks upper bound, and never checks for nagative values. If the int coming from userland is negative [after conversion] it will bypass the boundscheck, perform a negative index into an array and write to it, causing memory corruption. Note that this is in the "old" drm driver; this issue does not exist in drm2. Reported by: Ilja Van Sprundel <ivansprundel@ioactive.com> Reviewed by: cem MFC after: 1 day Sponsored by: The FreeBSD Foundation		2018-03-22 01:00:55 +00:00
..
ati_pcigart.c	Add missing calls to bus_dmamap_unload() when freeing static DMA	2014-06-13 18:20:44 +00:00
drm.h	sys/dev: minor spelling fixes.	2016-05-03 03:41:25 +00:00
drm_agpsupport.c	Remove compatibility shims for FreeBSD versions older than 8.0.	2015-06-04 20:36:16 +00:00
drm_atomic.h
drm_auth.c
drm_bufs.c	Fix kernel memory disclosure in drm_infobufs	2018-03-21 23:51:14 +00:00
drm_context.c
drm_dma.c
drm_drawable.c
drm_drv.c	Remove compatibility shims for FreeBSD versions older than 8.0.	2015-06-04 20:36:16 +00:00
drm_fops.c
drm_hashtab.c
drm_hashtab.h
drm_internal.h
drm_ioctl.c
drm_irq.c	Correct signedness bug in drm_modeset_ctl	2018-03-22 01:00:55 +00:00
drm_linux_list.h
drm_lock.c
drm_memory.c
drm_mm.c
drm_mm.h
drm_pci.c	Add missing calls to bus_dmamap_unload() when freeing static DMA	2014-06-13 18:20:44 +00:00
drm_pciids.h	drm(old): Remove i915 and radeon drivers	2017-03-11 03:01:18 +00:00
drm_sarea.h	Remove ia64.	2014-07-07 00:27:09 +00:00
drm_scatter.c	Use atop() instead of OFF_TO_IDX() for convertion of addresses or	2017-03-14 19:39:17 +00:00
drm_sman.c
drm_sman.h
drm_sysctl.c	Adjust printf format specifiers for dev_t and ino_t in kernel.	2014-12-17 07:27:19 +00:00
drm_vm.c	sys/dev: minor spelling fixes.	2016-05-03 03:41:25 +00:00
drmP.h	Add PNP metadata to more drivers	2017-09-26 23:23:58 +00:00
mach64_dma.c	In sys/dev/drm/mach64_dma.c, remove static function mach64_set_dma_eol(),	2013-12-26 00:11:19 +00:00
mach64_drm.h
mach64_drv.c	Remove compatibility shims for FreeBSD versions older than 8.0.	2015-06-04 20:36:16 +00:00
mach64_drv.h
mach64_irq.c
mach64_state.c	sys/dev: minor spelling fixes.	2016-05-03 03:41:25 +00:00
mga_dma.c	sys/dev: minor spelling fixes.	2016-05-03 03:41:25 +00:00
mga_drm.h	sys/dev: minor spelling fixes.	2016-05-03 03:41:25 +00:00
mga_drv.c	Remove compatibility shims for FreeBSD versions older than 8.0.	2015-06-04 20:36:16 +00:00
mga_drv.h
mga_irq.c
mga_state.c	kernel: Fix several typos and minor errors	2017-12-27 03:23:21 +00:00
mga_ucode.h
mga_warp.c
r128_cce.c
r128_drm.h
r128_drv.c	Remove compatibility shims for FreeBSD versions older than 8.0.	2015-06-04 20:36:16 +00:00
r128_drv.h
r128_irq.c
r128_state.c
savage_bci.c	sys/dev: minor spelling fixes.	2016-05-03 03:41:25 +00:00
savage_drm.h	sys/dev: minor spelling fixes.	2016-05-03 03:41:25 +00:00
savage_drv.c	Remove compatibility shims for FreeBSD versions older than 8.0.	2015-06-04 20:36:16 +00:00
savage_drv.h
savage_state.c
sis_drm.h
sis_drv.c	Remove compatibility shims for FreeBSD versions older than 8.0.	2015-06-04 20:36:16 +00:00
sis_drv.h
sis_ds.c
sis_ds.h
sis_mm.c
tdfx_drv.c	Remove compatibility shims for FreeBSD versions older than 8.0.	2015-06-04 20:36:16 +00:00
tdfx_drv.h
via_3d_reg.h
via_dma.c
via_dmablit.c	- Modify vm_page_unwire() and vm_page_enqueue() to directly accept	2014-06-16 18:15:27 +00:00
via_dmablit.h
via_drm.h
via_drv.c
via_drv.h
via_irq.c
via_map.c
via_mm.c
via_verifier.c
via_verifier.h
via_video.c