Re: [PATCH 4/5] fbmem: Prevent invalid virtual screen sizes in fb_set_var()
From: Helge Deller <deller@gmx.de>
Date: 2022-07-04 16:14:39
Also in:
dri-devel
On 7/2/22 14:05, Michel Dänzer wrote:
On 2022-07-01 16:49, Geert Uytterhoeven wrote:quoted
On Thu, Jun 30, 2022 at 9:38 PM Geert Uytterhoeven [off-list ref] wrote:quoted
On Thu, Jun 30, 2022 at 9:17 PM Helge Deller [off-list ref] wrote:quoted
On 6/30/22 21:11, Geert Uytterhoeven wrote:quoted
On Wed, Jun 29, 2022 at 10:00 PM Helge Deller [off-list ref] wrote:quoted
Prevent that drivers configure a virtual screen resolution smaller than the physical screen resolution. This is important, because otherwise we may access memory outside of the graphics memory area. Signed-off-by: Helge Deller <deller@gmx.de> Cc: stable@vger.kernel.org # v5.4+Thanks for your patch!quoted
--- a/drivers/video/fbdev/core/fbmem.c +++ b/drivers/video/fbdev/core/fbmem.c@@ -1006,6 +1006,12 @@ fb_set_var(struct fb_info *info, struct fb_var_screeninfo *var) if (var->xres < 8 || var->yres < 8) return -EINVAL; + /* make sure virtual resolution >= physical resolution */ + if (WARN_ON(var->xres_virtual < var->xres)) + var->xres_virtual = var->xres; + if (WARN_ON(var->yres_virtual < var->yres)) + var->yres_virtual = var->yres;This should be moved below the call to info->fbops->fb_check_var(), so the WARN_ON() catches buggy fbdev drivers, not userspace fuzzers.Yes, makes sense.And print the name of the frame buffer device driver, so people know who to blame.Or better, do not continue, but return with a failure: if (WARN(var->xres_virtual < var->xres || var->yres_virtual < var->yres, "%ps for %s is broken\n", info->fbops->fb_check_var, info->fix.id) return -EINVAL;I'd also recommend WARN(_ON)_ONCE, or users with a broken driver might get spammed.
Yes, that's probably better. Will do. Thanks! Helge