Tree - kernel/kernel-source - Pagure for openSUSE

kernel / kernel-source

Source
Stats

Blame patches.suse/0007-video-fbdev-arkfb-Fix-a-divide-by-zero-bug-in-ark_se.patch

Blob History Raw

Thomas Zimmermann	24dad4	`From 2f1c4523f7a3aaabe7e53d3ebd378292947e95c8 Mon Sep 17 00:00:00 2001`
Thomas Zimmermann	24dad4	`From: Zheyu Ma <zheyuma97@gmail.com>`
Thomas Zimmermann	24dad4	`Date: Wed, 3 Aug 2022 17:23:12 +0800`
Thomas Zimmermann	24dad4	`Subject: video: fbdev: arkfb: Fix a divide-by-zero bug in ark_set_pixclock()`
Thomas Zimmermann	24dad4	`Git-commit: 2f1c4523f7a3aaabe7e53d3ebd378292947e95c8`
Thomas Zimmermann	24dad4	`Patch-mainline: v6.0-rc1`
Thomas Zimmermann	24dad4	`References: bsc#1154048`
Thomas Zimmermann	24dad4
Thomas Zimmermann	24dad4	`Since the user can control the arguments of the ioctl() from the user`
Thomas Zimmermann	24dad4	`space, under special arguments that may result in a divide-by-zero bug`
Thomas Zimmermann	24dad4	`in:`
Thomas Zimmermann	24dad4	`drivers/video/fbdev/arkfb.c:784: ark_set_pixclock(info, (hdiv * info->var.pixclock) / hmul);`
Thomas Zimmermann	24dad4	`with hdiv=1, pixclock=1 and hmul=2 you end up with (1*1)/2 = (int) 0.`
Thomas Zimmermann	24dad4	`and then in:`
Thomas Zimmermann	24dad4	`drivers/video/fbdev/arkfb.c:504: rv = dac_set_freq(par->dac, 0, 1000000000 / pixclock);`
Thomas Zimmermann	24dad4	`we'll get a division-by-zero.`
Thomas Zimmermann	24dad4
Thomas Zimmermann	24dad4	`The following log can reveal it:`
Thomas Zimmermann	24dad4
Thomas Zimmermann	24dad4	`divide error: 0000 [#1] PREEMPT SMP KASAN PTI`
Thomas Zimmermann	24dad4	`RIP: 0010:ark_set_pixclock drivers/video/fbdev/arkfb.c:504 [inline]`
Thomas Zimmermann	24dad4	`RIP: 0010:arkfb_set_par+0x10fc/0x24c0 drivers/video/fbdev/arkfb.c:784`
Thomas Zimmermann	24dad4	`Call Trace:`
Thomas Zimmermann	24dad4	`fb_set_var+0x604/0xeb0 drivers/video/fbdev/core/fbmem.c:1034`
Thomas Zimmermann	24dad4	`do_fb_ioctl+0x234/0x670 drivers/video/fbdev/core/fbmem.c:1110`
Thomas Zimmermann	24dad4	`fb_ioctl+0xdd/0x130 drivers/video/fbdev/core/fbmem.c:1189`
Thomas Zimmermann	24dad4
Thomas Zimmermann	24dad4	`Fix this by checking the argument of ark_set_pixclock() first.`
Thomas Zimmermann	24dad4
Thomas Zimmermann	24dad4	`Fixes: 681e14730c73 ("arkfb: new framebuffer driver for ARK Logic cards")`
Thomas Zimmermann	24dad4	`Signed-off-by: Zheyu Ma <zheyuma97@gmail.com>`
Thomas Zimmermann	24dad4	`Signed-off-by: Helge Deller <deller@gmx.de>`
Thomas Zimmermann	24dad4	`Acked-by: Thomas Zimmermann <tzimmermann@suse.de>`
Thomas Zimmermann	24dad4	`---`
Thomas Zimmermann	24dad4	`drivers/video/fbdev/arkfb.c \| 7 ++++++-`
Thomas Zimmermann	24dad4	`1 file changed, 6 insertions(+), 1 deletion(-)`
Thomas Zimmermann	24dad4
Thomas Zimmermann	24dad4	`diff --git a/drivers/video/fbdev/arkfb.c b/drivers/video/fbdev/arkfb.c`
Thomas Zimmermann	24dad4	`index eb3e47c58c5f..ed76ddc7df3d 100644`
Thomas Zimmermann	24dad4	`--- a/drivers/video/fbdev/arkfb.c`
Thomas Zimmermann	24dad4	`+++ b/drivers/video/fbdev/arkfb.c`
Thomas Zimmermann	24dad4	`@@ -781,7 +781,12 @@ static int arkfb_set_par(struct fb_info *info)`
Thomas Zimmermann	24dad4	`return -EINVAL;`
Thomas Zimmermann	24dad4	`}`
Thomas Zimmermann	24dad4
Thomas Zimmermann	24dad4	`- ark_set_pixclock(info, (hdiv * info->var.pixclock) / hmul);`
Thomas Zimmermann	24dad4	`+ value = (hdiv * info->var.pixclock) / hmul;`
Thomas Zimmermann	24dad4	`+ if (!value) {`
Thomas Zimmermann	24dad4	`+ fb_dbg(info, "invalid pixclock\n");`
Thomas Zimmermann	24dad4	`+ value = 1;`
Thomas Zimmermann	24dad4	`+ }`
Thomas Zimmermann	24dad4	`+ ark_set_pixclock(info, value);`
Thomas Zimmermann	24dad4	`svga_set_timings(par->state.vgabase, &ark_timing_regs, &(info->var), hmul, hdiv,`
Thomas Zimmermann	24dad4	`(info->var.vmode & FB_VMODE_DOUBLE) ? 2 : 1,`
Thomas Zimmermann	24dad4	`(info->var.vmode & FB_VMODE_INTERLACED) ? 2 : 1,`
Thomas Zimmermann	24dad4	`--`
Thomas Zimmermann	24dad4	`2.37.3`
Thomas Zimmermann	24dad4

kernel / kernel-source

Source Code

Blame patches.suse/0007-video-fbdev-arkfb-Fix-a-divide-by-zero-bug-in-ark_se.patch