shinys000114/linux
1
0
Fork 0
mirror of https://github.com/hardkernel/linux.git synced 2026-06-11 05:17:10 +09:00
Code Issues Packages Projects Releases Wiki Activity
Files
23a64dd9c8aad2d6d3a7bf8b1cc28549d4aa76d4
linux/drivers/video/fbdev
History
Zheyu Ma 23a64dd9c8 video: fbdev: kyro: Error out if 'pixclock' equals zero 
[ Upstream commit 1520b4b7ba ]

The userspace program could pass any values to the driver through
ioctl() interface. if the driver doesn't check the value of 'pixclock',
it may cause divide error because the value of 'lineclock' and
'frameclock' will be zero.

Fix this by checking whether 'pixclock' is zero in kyrofb_check_var().

The following log reveals it:

[  103.073930] divide error: 0000 [#1] PREEMPT SMP KASAN PTI
[  103.073942] CPU: 4 PID: 12483 Comm: syz-executor Not tainted 5.14.0-rc2-00478-g2734d6c1b1a0-dirty #118
[  103.073959] RIP: 0010:kyrofb_set_par+0x316/0xc80
[  103.074045] Call Trace:
[  103.074048]  ? ___might_sleep+0x1ee/0x2d0
[  103.074060]  ? kyrofb_ioctl+0x330/0x330
[  103.074069]  fb_set_var+0x5bf/0xeb0
[  103.074078]  ? fb_blank+0x1a0/0x1a0
[  103.074085]  ? lock_acquire+0x3bd/0x530
[  103.074094]  ? lock_release+0x810/0x810
[  103.074103]  ? ___might_sleep+0x1ee/0x2d0
[  103.074114]  ? __mutex_lock+0x620/0x1190
[  103.074126]  ? trace_hardirqs_on+0x6a/0x1c0
[  103.074137]  do_fb_ioctl+0x31e/0x700
[  103.074144]  ? fb_getput_cmap+0x280/0x280
[  103.074152]  ? rcu_read_lock_sched_held+0x11/0x80
[  103.074162]  ? rcu_read_lock_sched_held+0x11/0x80
[  103.074171]  ? __sanitizer_cov_trace_switch+0x67/0xf0
[  103.074181]  ? __sanitizer_cov_trace_const_cmp2+0x20/0x80
[  103.074191]  ? do_vfs_ioctl+0x14b/0x16c0
[  103.074199]  ? vfs_fileattr_set+0xb60/0xb60
[  103.074207]  ? rcu_read_lock_sched_held+0x11/0x80
[  103.074216]  ? lock_release+0x483/0x810
[  103.074224]  ? __fget_files+0x217/0x3d0
[  103.074234]  ? __fget_files+0x239/0x3d0
[  103.074243]  ? do_fb_ioctl+0x700/0x700
[  103.074250]  fb_ioctl+0xe6/0x130

Signed-off-by: Zheyu Ma <zheyuma97@gmail.com>
Signed-off-by: Sam Ravnborg <sam@ravnborg.org>
Link: https://patchwork.freedesktop.org/patch/msgid/1627293835-17441-3-git-send-email-zheyuma97@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
2021-09-22 11:43:05 +02:00
..
aty
mach64: fix image corruption due to reading accelerator registers
2018-11-21 09:26:00 +01:00
core
fbmem: don't allow too huge resolutions
2021-09-22 11:43:02 +02:00
geode
x86/cpu: Rename cpu_data.x86_mask to cpu_data.x86_stepping
2018-02-22 15:43:55 +01:00
i810
video: fbdev: i810: add in missing white space in error message text
2016-09-27 11:08:15 +03:00
intelfb
video: fbdev: intelfb: remove impossible condition
2016-09-07 11:16:05 +03:00
kyro
video: fbdev: kyro: Error out if 'pixclock' equals zero
2021-09-22 11:43:05 +02:00
matrox
matroxfb: fix size of memcpy
2016-09-27 11:43:24 +03:00
mb862xx
video: fbdev: mb862xx: remove unused variable
2016-08-30 12:00:15 +03:00
mbx
video/mbx: indent some if statements
2014-07-01 13:32:30 +03:00
mmp
video: fbdev/mmp: add MODULE_LICENSE
2018-02-25 11:05:44 +01:00
nvidia
video: fbdev: nvidia: use arch_phys_wc_add() and ioremap_wc()
2015-06-03 12:41:50 +03:00
omap
fbdev: omapfb: off by one in omapfb_register_client()
2018-09-26 08:36:32 +02:00
omap2
omapfb: fix multiple reference count leaks due to pm_runtime_get_sync
2020-09-03 11:21:17 +02:00
riva
video: fbdev: rivafb: unlock chip before probiding EDID
2015-12-15 15:41:23 +02:00
savage
video: fbdev: constify fb_fix_screeninfo and fb_var_screeninfo structures
2016-09-27 11:16:35 +03:00
sis
video: fbdev: sis: fix null ptr dereference
2020-10-29 09:05:35 +01:00
vermilion
mm, page_alloc: distinguish between being unable to sleep, unwilling to sleep and avoiding waking kswapd
2015-11-06 17:50:42 -08:00
via
fbdev/via: fix defined but not used warning
2018-09-26 08:36:32 +02:00
68328fb.c
video: 68328fb: remove check for CONFIG_FB_68328_INVERT
2014-06-24 10:55:13 +03:00
acornfb.c
dma, mm/pat: Rename dma_*_writecombine() to dma_*_wc()
2016-03-09 14:57:51 +01:00
acornfb.h
amba-clcd-nomadik.c
video: ARM CLCD: export symbols for driver module
2016-08-30 11:54:23 +03:00
amba-clcd-nomadik.h
video: ARM CLCD: add special board and panel hooks for Nomadik
2016-08-11 17:54:54 +03:00
amba-clcd-versatile.c
video: ARM CLCD: fix Vexpress regression
2016-11-03 12:20:14 +02:00
amba-clcd-versatile.h
video: ARM CLCD: add special panel hook for Versatiles
2016-08-11 17:54:54 +03:00
amba-clcd.c
video: ARM CLCD: fix dma allocation size
2018-03-22 09:17:48 +01:00
amifb.c
Merge tag 'fbdev-4.2' of git://git.kernel.org/pub/scm/linux/kernel/git/tomba/linux
2015-06-23 16:23:30 -07:00
arcfb.c
video: fbdev: constify fb_fix_screeninfo and fb_var_screeninfo structures
2016-09-27 11:16:35 +03:00
arkfb.c
drivers/video/fbdev/arkfb.c: Use arch_phys_wc_add() and pci_iomap_wc()
2015-08-25 09:59:45 +02:00
asiliantfb.c
video: fbdev: asiliantfb: Error out if 'pixclock' equals zero
2021-09-22 11:43:05 +02:00
atafb_iplan2p2.c
atafb_iplan2p4.c
atafb_iplan2p8.c
atafb_mfb.c
atafb_utils.h
atafb.c
fbdev: kill fb_rotate
2016-02-26 13:28:35 +02:00
atafb.h
atmel_lcdfb.c
video: fbdev: atmel_lcdfb: fix display-timings lookup
2018-02-22 15:43:49 +01:00
au1100fb.c
fbdev: kill fb_rotate
2016-02-26 13:28:35 +02:00
au1100fb.h
MIPS: Alchemy: au1100fb: use clk framework
2014-07-30 14:10:39 +02:00
au1200fb.c
video: fbdev: au1200fb: Return an error code if a memory allocation fails
2017-12-20 10:07:27 +01:00
au1200fb.h
auo_k190x.c
fbdev: auo_k190x: avoid unused function warnings
2015-12-15 15:41:23 +02:00
auo_k190x.h
auo_k1900fb.c
video: fbdev: drop owner assignment from platform_drivers
2014-10-20 16:21:51 +02:00
auo_k1901fb.c
video: fbdev: drop owner assignment from platform_drivers
2014-10-20 16:21:51 +02:00
bf54x-lq043fb.c
video: fbdev: drop owner assignment from platform_drivers
2014-10-20 16:21:51 +02:00
bf537-lq035.c
fbdev: kill fb_rotate
2016-02-26 13:28:35 +02:00
bfin_adv7393fb.c
fb: adv7393: off by one in probe function
2016-08-30 12:06:12 +03:00
bfin_adv7393fb.h
fbdev/bfin_adv7393fb: move DRIVER_NAME before its first use
2016-08-02 19:35:05 -04:00
bfin-lq035q1-fb.c
bfin-t350mcqb-fb.c
video: fbdev: drop owner assignment from platform_drivers
2014-10-20 16:21:51 +02:00
broadsheetfb.c
fbdev: broadsheetfb: fix memory leak
2015-09-30 10:33:57 +03:00
bt431.h
video: fbdev: bt431: Correct cursor format control macro
2016-02-26 13:06:11 +02:00
bt455.h
video: fbdev: pmag-ba-fb: Optimize Bt455 colormap addressing
2016-02-26 13:06:11 +02:00
bw2.c
video: fbdev: drop owner assignment from platform_drivers
2014-10-20 16:21:51 +02:00
c2p_core.h
c2p_iplan2.c
c2p_planar.c
c2p.h
carminefb_regs.h
carminefb.c
carminefb.h
cg3.c
video: fbdev: drop owner assignment from platform_drivers
2014-10-20 16:21:51 +02:00
cg6.c
video: fbdev: drop owner assignment from platform_drivers
2014-10-20 16:21:51 +02:00
cg14.c
video: fbdev: drop owner assignment from platform_drivers
2014-10-20 16:21:51 +02:00
chipsfb.c
fbdev: chipsfb: remove set but not used variable 'size'
2020-01-29 10:24:15 +01:00
cirrusfb.c
clps711x-fb.c
video: clps711x-fb: release disp device node in probe()
2019-02-12 19:44:56 +01:00
clps711xfb.c
video: fbdev: drop owner assignment from platform_drivers
2014-10-20 16:21:51 +02:00
cobalt_lcdfb.c
video: fbdev: cobalt_lcdfb: Handle return NULL error from devm_ioremap
2017-08-06 18:59:48 -07:00
controlfb.c
powerpc: Move Power Macintosh drivers to generic byteswappers
2015-03-23 14:29:40 +11:00
controlfb.h
fbdev: controlfb: Add missing modes to fix out of bounds access
2017-12-20 10:07:27 +01:00
cyber2000fb.c
video: fbdev: cyber2000fb.c: use container_of to resolve cfb_info from fb_info
2014-09-30 13:06:01 +03:00
cyber2000fb.h
da8xx-fb.c
remove lots of IS_ERR_VALUE abuses
2016-05-27 15:26:11 -07:00
dnfb.c
edid.h
efifb.c
efi/fb: Correct PCI_STD_RESOURCE_END usage
2018-11-10 07:42:45 -08:00
ep93xx-fb.c
dma, mm/pat: Rename dma_*_writecombine() to dma_*_wc()
2016-03-09 14:57:51 +01:00
fb-puv3.c
drivers/video/fbdev/fb-puv3.c: Add header files for function unifb_mmap
2014-05-23 13:51:10 +03:00
ffb.c
video: fbdev: drop owner assignment from platform_drivers
2014-10-20 16:21:51 +02:00
fm2fb.c
fsl-diu-fb.c
video: fbdev: fsl: Fix kernel crash when diu_ops is not implemented
2015-12-09 12:57:06 +02:00
g364fb.c
gbefb.c
dma, mm/pat: Rename dma_*_writecombine() to dma_*_wc()
2016-03-09 14:57:51 +01:00
goldfishfb.c
video: fbdev: Set pixclock = 0 in goldfishfb
2019-04-03 06:24:14 +02:00
grvga.c
video: fbdev: drop owner assignment from platform_drivers
2014-10-20 16:21:51 +02:00
gxt4500.c
gxt4500: enable panning
2015-10-08 12:19:39 +03:00
hecubafb.c
video: fbdev: constify fb_fix_screeninfo and fb_var_screeninfo structures
2016-09-27 11:16:35 +03:00
hgafb.c
video: hgafb: correctly handle card detect failure during probe
2021-05-26 11:29:09 +02:00
hitfb.c
video: fbdev: drop owner assignment from platform_drivers
2014-10-20 16:21:51 +02:00
hpfb.c
video/fbdev, asm/io.h: Remove ioremap_writethrough()
2015-06-07 15:28:57 +02:00
hyperv_fb.c
video: hyperv_fb: Fix the mmap() regression for v5.4.y and older
2021-01-12 19:49:03 +01:00
i740_reg.h
i740fb.c
video: fbdev: constify fb_fix_screeninfo and fb_var_screeninfo structures
2016-09-27 11:16:35 +03:00
igafb.c
imsttfb.c
Revert "video: imsttfb: fix potential NULL pointer dereferences"
2021-05-26 11:29:07 +02:00
imxfb.c
video: fbdev: imxfb: add some error handling
2016-05-10 11:42:25 +03:00
jz4740_fb.c
Kconfig
fbdev: aty: SPARC64 requires FB_ATY_CT
2021-03-03 17:44:34 +01:00
leo.c
video: fbdev: drop owner assignment from platform_drivers
2014-10-20 16:21:51 +02:00
macfb.c
macmodes.c
macmodes.h
Makefile
video: fbdev: exynos: Remove old non-working MIPI driver
2016-09-27 11:05:29 +03:00
maxinefb.c
metronomefb.c
video: fbdev: metronomefb: two harmless off by one bugs
2016-02-16 14:52:43 +02:00
mx3fb.c
mx3fb: Fix print format string
2016-08-30 11:57:21 +03:00
mxsfb.c
video: mxsfb: Fix framebuffer corruption on mx6sx
2016-08-30 11:59:33 +03:00
n411.c
fbdev: n411: check return value
2016-02-26 12:16:58 +02:00
neofb.c
video: fbdev: neofb: fix memory leak in neo_scan_monitor()
2020-08-21 11:01:58 +02:00
nuc900fb.c
dma, mm/pat: Rename dma_*_writecombine() to dma_*_wc()
2016-03-09 14:57:51 +01:00
nuc900fb.h
ocfb.c
ocfb: fix tgdel and tvdel timing parameters
2016-01-29 13:34:07 +02:00
offb.c
video: fbdev: offb: Call pci_enable_device() before using the PCI VGA device
2016-09-27 10:55:02 +03:00
p9100.c
video: fbdev: drop owner assignment from platform_drivers
2014-10-20 16:21:51 +02:00
platinumfb.c
powerpc: Move Power Macintosh drivers to generic byteswappers
2015-03-23 14:29:40 +11:00
platinumfb.h
pm2fb.c
video: fbdev: constify fb_fix_screeninfo and fb_var_screeninfo structures
2016-09-27 11:16:35 +03:00
pm3fb.c
video: fbdev: pm3fb: use arch_phys_wc_add() and ioremap_wc()
2015-06-03 12:41:52 +03:00
pmag-aa-fb.c
video: fbdev: pmag-ba-fb: Optimize Bt455 colormap addressing
2016-02-26 13:06:11 +02:00
pmag-ba-fb.c
video: fbdev: pmag-ba-fb: Remove bad `__init' annotation
2017-11-15 15:53:11 +01:00
pmagb-b-fb.c
ps3fb.c
pvr2fb.c
video: fbdev: pvr2fb: initialize variables
2020-11-10 10:23:53 +01:00
pxa3xx-gcu.c
video: fbdev: pxa3xx_gcu: prepare the clocks
2015-08-10 12:25:43 +03:00
pxa3xx-gcu.h
pxa168fb.c
pxa168fb: Fix the function used to release some memory in an error handling path
2020-02-28 15:42:17 +01:00
pxa168fb.h
pxafb.c
video: pxafb: Fix the function used to balance a 'dma_alloc_coherent()' call
2020-08-21 11:02:00 +02:00
pxafb.h
video: fbdev: pxafb: loosen the platform data bond
2015-12-15 15:41:24 +02:00
q40fb.c
s1d13xxxfb.c
video: fbdev: constify fb_fix_screeninfo and fb_var_screeninfo structures
2016-09-27 11:16:35 +03:00
s3c2410fb.c
video: s3c2410fb: Register cpufreq notifier only on S3C24xx
2016-08-11 17:54:55 +03:00
s3c2410fb.h
video: s3c2410fb: Register cpufreq notifier only on S3C24xx
2016-08-11 17:54:55 +03:00
s3c-fb.c
dma, mm/pat: Rename dma_*_writecombine() to dma_*_wc()
2016-03-09 14:57:51 +01:00
s3fb.c
drivers/video/fbdev/s3fb: Use arch_phys_wc_add() and pci_iomap_wc()
2015-08-25 09:59:45 +02:00
sa1100fb.c
dma, mm/pat: Rename dma_*_writecombine() to dma_*_wc()
2016-03-09 14:57:51 +01:00
sa1100fb.h
ARM: 8244/1: fbdev: sa1100fb: make use of device clock
2014-12-05 16:30:25 +00:00
sbuslib.c
fbdev: sbuslib: integer overflow in sbusfb_ioctl_helper()
2019-11-25 09:53:41 +01:00
sbuslib.h
sh7760fb.c
video: fbdev: drop owner assignment from platform_drivers
2014-10-20 16:21:51 +02:00
sh_mobile_lcdcfb.c
fbdev: sh_mobile_lcdc: Fix destruction of uninitialized mutex
2015-04-07 16:24:15 +03:00
sh_mobile_lcdcfb.h
sh_mobile_meram.c
Merge tag 'pm+acpi-3.19-rc1-2' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm
2014-12-18 20:28:33 -08:00
simplefb.c
simplefb: Disable and release clocks and regulators in destroy callback
2016-09-27 11:21:36 +03:00
skeletonfb.c
fbdev: kill fb_rotate
2016-02-26 13:28:35 +02:00
sm501fb.c
sm501fb: don't return zero on failure path in sm501fb_start()
2018-03-24 11:00:21 +01:00
sm712.h
fbdev: sm712fb: use 1024x768 by default on non-MIPS, fix garbled display
2019-05-25 18:26:52 +02:00
sm712fb.c
video: fbdev: sm712fb: fix an issue about iounmap for a wrong address
2020-08-21 11:01:59 +02:00
smscufx.c
video: smscufx: remove unused variable
2016-09-27 11:47:37 +03:00
ssd1307fb.c
video: ssd1307fb: Start page range at page_offset
2019-10-07 18:53:09 +02:00
sstfb.c
sticore.h
stifb.c
arch, drivers: don't include <asm/io.h> directly, use <linux/io.h> instead
2015-08-10 23:07:05 -04:00
sunxvr500.c
drivers/video: make fbdev/sunxvr500.c explicitly non-modular
2016-03-03 13:36:51 +02:00
sunxvr1000.c
drivers/video: make fbdev/sunxvr1000.c explicitly non-modular
2016-03-03 13:36:51 +02:00
sunxvr2500.c
drivers/video: make fbdev/sunxvr2500.c explicitly non-modular
2016-03-03 13:36:51 +02:00
tcx.c
video: fbdev: drop owner assignment from platform_drivers
2014-10-20 16:21:51 +02:00
tdfxfb.c
video: fbdev: constify fb_fix_screeninfo and fb_var_screeninfo structures
2016-09-27 11:16:35 +03:00
tgafb.c
tmiofb.c
tridentfb.c
Merge tag 'fbdev-4.4' of git://git.kernel.org/pub/scm/linux/kernel/git/tomba/linux
2015-11-10 10:00:09 -08:00
udlfb.c
video: fbdev: udlfb: Fix buffer on stack
2018-03-24 11:00:21 +01:00
uvesafb.c
video: uvesafb: Fix integer overflow in allocation
2018-07-03 11:23:16 +02:00
valkyriefb.c
video: fbdev: valkyriefb.c: use container_of to resolve fb_info_valkyrie from fb_info
2014-09-30 13:06:01 +03:00
valkyriefb.h
vesafb.c
video: fbdev: vesafb: use arch_phys_wc_add()
2015-06-16 09:42:11 +03:00
vfb.c
vfb: fix video mode and line_length being set when loaded
2018-04-13 19:48:10 +02:00
vga16fb.c
video: fbdev: vga16fb: fix setting of pixclock because a pass-by-value error
2020-10-29 09:05:35 +01:00
vt8500lcdfb.c
video: vt8500lcdfb: remove unneeded continue
2015-01-13 13:35:04 +02:00
vt8500lcdfb.h
vt8623fb.c
drivers/video/fbdev/vt8623fb: Use arch_phys_wc_add() and pci_iomap_wc()
2015-08-25 09:59:45 +02:00
w100fb.c
video: fbdev: w100fb: Fix a potential double free.
2020-06-20 10:24:11 +02:00
w100fb.h
wm8505fb_regs.h
wm8505fb.c
video: fbdev: drop owner assignment from platform_drivers
2014-10-20 16:21:51 +02:00
wmt_ge_rops.c
video: fbdev: drop owner assignment from platform_drivers
2014-10-20 16:21:51 +02:00
wmt_ge_rops.h
xen-fbfront.c
xen, fbfront: fix connecting to backend
2017-04-21 09:31:21 +02:00
xilinxfb.c
video: fbdev: drop owner assignment from platform_drivers
2014-10-20 16:21:51 +02:00