Re: [PATCH] drm/syncobj: Fix handle <-> fd ioctls with dirty stack
From: Michel Dänzer
Date: Wed Mar 04 2026 - 06:47:36 EST
On 3/4/26 12:25, Julian Orth wrote:
> On Wed, Mar 4, 2026 at 12:15 PM Michel Dänzer
> <michel.daenzer@xxxxxxxxxxx> wrote:
>> On 3/3/26 20:12, Julian Orth wrote:
>>> On Tue, Mar 3, 2026 at 7:53 PM Michel Dänzer <michel.daenzer@xxxxxxxxxxx> wrote:
>>>> On 3/3/26 18:44, Maarten Lankhorst wrote:
>>>>>
>>>>> You don't even need to use memset, this would work too:
>>>>>
>>>>> struct drm_syncobj_handle args = {
>>>>> .flags = 0
>>>>> };
>>>>
>>>> TL;DR: This method isn't 100% safe either.
>>>>
>>>> It won't initialize any padding which isn't covered by any struct field. We try to avoid that and have explicit padding fields instead, mistakes may happen though, and in theory such padding could later be used for a new field.
>>>
>>> I don't think this is workable.
>>
>> libdrm begs to differ. It shows that it's not only workable but really easy. There's no reason for doing it any other way.
>
> Using memset to initialize padding bytes between fields is workable.
> Having the kernel add checks for this for existing ioctls is not
> workable because it would break usespace that doesn't do this.
As discussed in this thread, memset is also required for when the size of an ioctl struct is extended, even if there is no such padding.
> Which is every rust program out there as far as I can tell.
That's surprising. Surely there must be some unsafe code involved which allows uninitialized memory to be passed to ioctl()?
> I'm not aware of any ioctls that actually have padding bytes between
> fields so this discussion is mostly academic.
I covered that in my previous post quoted above.
--
Earthling Michel Dänzer \ GNOME / Xwayland / Mesa developer
https://redhat.com \ Libre software enthusiast