shinys000114/linux
1
0
Fork 0
mirror of https://github.com/hardkernel/linux.git synced 2026-04-04 04:03:04 +09:00
Code Issues Packages Projects Releases Wiki Activity
Files
57b0a08e34062361ba67fb9baa03ebbf5e3a620e
linux/drivers/video/fbdev
History
Dan Carpenter 00a6a504c7 fbdev: potential information leak in do_fb_ioctl() 
commit d3d19d6fc5 upstream.

The "fix" struct has a 2 byte hole after ->ywrapstep and the
"fix = info->fix;" assignment doesn't necessarily clear it.  It depends
on the compiler.  The solution is just to replace the assignment with an
memcpy().

Fixes: 1f5e31d7e5 ("fbmem: don't call copy_from/to_user() with mutex held")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: Andrea Righi <righi.andrea@gmail.com>
Cc: Daniel Vetter <daniel.vetter@ffwll.ch>
Cc: Sam Ravnborg <sam@ravnborg.org>
Cc: Maarten Lankhorst <maarten.lankhorst@linux.intel.com>
Cc: Daniel Thompson <daniel.thompson@linaro.org>
Cc: Peter Rosin <peda@axentia.se>
Cc: Jani Nikula <jani.nikula@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20200113100132.ixpaymordi24n3av@kili.mountain
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2023-05-15 17:16:20 +09:00
..
aty
mach64: fix image corruption due to reading accelerator registers
2023-05-15 09:27:03 +09:00
core
fbdev: potential information leak in do_fb_ioctl()
2023-05-15 17:16:20 +09:00
geode
x86/cpu: Rename cpu_data.x86_mask to cpu_data.x86_stepping
2018-02-22 15:43:55 +01:00
i810
video: fbdev: i810: add in missing white space in error message text
2016-09-27 11:08:15 +03:00
intelfb
video: fbdev: intelfb: remove impossible condition
2016-09-07 11:16:05 +03:00
kyro
video: fbdev: constify fb_fix_screeninfo and fb_var_screeninfo structures
2016-09-27 11:16:35 +03:00
matrox
matroxfb: fix size of memcpy
2016-09-27 11:43:24 +03:00
mb862xx
video: fbdev: mb862xx: remove unused variable
2016-08-30 12:00:15 +03:00
mbx
video/mbx: indent some if statements
2014-07-01 13:32:30 +03:00
mmp
video: fbdev/mmp: add MODULE_LICENSE
2018-02-25 11:05:44 +01:00
nvidia
video: fbdev: nvidia: use arch_phys_wc_add() and ioremap_wc()
2015-06-03 12:41:50 +03:00
omap
fbdev: omapfb: off by one in omapfb_register_client()
2023-05-15 08:19:23 +09:00
omap2
omap2fb: Fix stack memory disclosure
2023-05-15 11:01:33 +09:00
riva
video: fbdev: rivafb: unlock chip before probiding EDID
2015-12-15 15:41:23 +02:00
savage
video: fbdev: constify fb_fix_screeninfo and fb_var_screeninfo structures
2016-09-27 11:16:35 +03:00
sis
video: fbdev: sis: Remove unnecessary parentheses and commented code
2023-05-15 17:15:45 +09:00
vermilion
mm, page_alloc: distinguish between being unable to sleep, unwilling to sleep and avoiding waking kswapd
2015-11-06 17:50:42 -08:00
via
fbdev/via: fix defined but not used warning
2023-05-15 08:19:26 +09:00
68328fb.c
video: 68328fb: remove check for CONFIG_FB_68328_INVERT
2014-06-24 10:55:13 +03:00
acornfb.c
dma, mm/pat: Rename dma_*_writecombine() to dma_*_wc()
2016-03-09 14:57:51 +01:00
acornfb.h
amba-clcd-nomadik.c
video: ARM CLCD: export symbols for driver module
2016-08-30 11:54:23 +03:00
amba-clcd-nomadik.h
video: ARM CLCD: add special board and panel hooks for Nomadik
2016-08-11 17:54:54 +03:00
amba-clcd-versatile.c
video: ARM CLCD: fix Vexpress regression
2016-11-03 12:20:14 +02:00
amba-clcd-versatile.h
video: ARM CLCD: add special panel hook for Versatiles
2016-08-11 17:54:54 +03:00
amba-clcd.c
video: ARM CLCD: fix dma allocation size
2018-03-22 09:17:48 +01:00
amifb.c
Merge tag 'fbdev-4.2' of git://git.kernel.org/pub/scm/linux/kernel/git/tomba/linux
2015-06-23 16:23:30 -07:00
arcfb.c
video: fbdev: constify fb_fix_screeninfo and fb_var_screeninfo structures
2016-09-27 11:16:35 +03:00
arkfb.c
drivers/video/fbdev/arkfb.c: Use arch_phys_wc_add() and pci_iomap_wc()
2015-08-25 09:59:45 +02:00
asiliantfb.c
video: fbdev: constify fb_fix_screeninfo and fb_var_screeninfo structures
2016-09-27 11:16:35 +03:00
atafb_iplan2p2.c
atafb_iplan2p4.c
atafb_iplan2p8.c
atafb_mfb.c
atafb_utils.h
atafb.c
fbdev: kill fb_rotate
2016-02-26 13:28:35 +02:00
atafb.h
atmel_lcdfb.c
video: fbdev: atmel_lcdfb: fix display-timings lookup
2018-02-22 15:43:49 +01:00
au1100fb.c
fbdev: kill fb_rotate
2016-02-26 13:28:35 +02:00
au1100fb.h
MIPS: Alchemy: au1100fb: use clk framework
2014-07-30 14:10:39 +02:00
au1200fb.c
video: fbdev: au1200fb: Return an error code if a memory allocation fails
2017-12-20 10:07:27 +01:00
au1200fb.h
auo_k190x.c
fbdev: auo_k190x: avoid unused function warnings
2015-12-15 15:41:23 +02:00
auo_k190x.h
auo_k1900fb.c
video: fbdev: drop owner assignment from platform_drivers
2014-10-20 16:21:51 +02:00
auo_k1901fb.c
video: fbdev: drop owner assignment from platform_drivers
2014-10-20 16:21:51 +02:00
bf54x-lq043fb.c
video: fbdev: drop owner assignment from platform_drivers
2014-10-20 16:21:51 +02:00
bf537-lq035.c
fbdev: kill fb_rotate
2016-02-26 13:28:35 +02:00
bfin_adv7393fb.c
fb: adv7393: off by one in probe function
2016-08-30 12:06:12 +03:00
bfin_adv7393fb.h
fbdev/bfin_adv7393fb: move DRIVER_NAME before its first use
2016-08-02 19:35:05 -04:00
bfin-lq035q1-fb.c
bfin-t350mcqb-fb.c
video: fbdev: drop owner assignment from platform_drivers
2014-10-20 16:21:51 +02:00
broadsheetfb.c
fbdev: broadsheetfb: fix memory leak
2015-09-30 10:33:57 +03:00
bt431.h
video: fbdev: bt431: Correct cursor format control macro
2016-02-26 13:06:11 +02:00
bt455.h
video: fbdev: pmag-ba-fb: Optimize Bt455 colormap addressing
2016-02-26 13:06:11 +02:00
bw2.c
video: fbdev: drop owner assignment from platform_drivers
2014-10-20 16:21:51 +02:00
c2p_core.h
c2p_iplan2.c
c2p_planar.c
c2p.h
carminefb_regs.h
carminefb.c
carminefb.h
cg3.c
video: fbdev: drop owner assignment from platform_drivers
2014-10-20 16:21:51 +02:00
cg6.c
video: fbdev: drop owner assignment from platform_drivers
2014-10-20 16:21:51 +02:00
cg14.c
video: fbdev: drop owner assignment from platform_drivers
2014-10-20 16:21:51 +02:00
chipsfb.c
fbdev: chipsfb: remove set but not used variable 'size'
2023-05-15 16:43:44 +09:00
cirrusfb.c
clps711x-fb.c
video: clps711x-fb: release disp device node in probe()
2023-05-15 11:23:10 +09:00
clps711xfb.c
video: fbdev: drop owner assignment from platform_drivers
2014-10-20 16:21:51 +02:00
cobalt_lcdfb.c
video: fbdev: cobalt_lcdfb: Handle return NULL error from devm_ioremap
2017-08-06 18:59:48 -07:00
controlfb.c
powerpc: Move Power Macintosh drivers to generic byteswappers
2015-03-23 14:29:40 +11:00
controlfb.h
fbdev: controlfb: Add missing modes to fix out of bounds access
2017-12-20 10:07:27 +01:00
cyber2000fb.c
video: fbdev: cyber2000fb.c: use container_of to resolve cfb_info from fb_info
2014-09-30 13:06:01 +03:00
cyber2000fb.h
da8xx-fb.c
remove lots of IS_ERR_VALUE abuses
2016-05-27 15:26:11 -07:00
dnfb.c
edid.h
efifb.c
efi/fb: Correct PCI_STD_RESOURCE_END usage
2023-05-15 09:12:14 +09:00
ep93xx-fb.c
dma, mm/pat: Rename dma_*_writecombine() to dma_*_wc()
2016-03-09 14:57:51 +01:00
fb-puv3.c
drivers/video/fbdev/fb-puv3.c: Add header files for function unifb_mmap
2014-05-23 13:51:10 +03:00
ffb.c
video: fbdev: drop owner assignment from platform_drivers
2014-10-20 16:21:51 +02:00
fm2fb.c
fsl-diu-fb.c
video: fbdev: fsl: Fix kernel crash when diu_ops is not implemented
2015-12-09 12:57:06 +02:00
g364fb.c
gbefb.c
dma, mm/pat: Rename dma_*_writecombine() to dma_*_wc()
2016-03-09 14:57:51 +01:00
goldfishfb.c
video: goldfishfb: fix memory leak on driver remove
2023-05-15 08:19:24 +09:00
grvga.c
video: fbdev: drop owner assignment from platform_drivers
2014-10-20 16:21:51 +02:00
gxt4500.c
gxt4500: enable panning
2015-10-08 12:19:39 +03:00
hecubafb.c
video: fbdev: constify fb_fix_screeninfo and fb_var_screeninfo structures
2016-09-27 11:16:35 +03:00
hgafb.c
video: hgafb: fix potential NULL pointer dereference
2023-05-15 13:48:16 +09:00
hitfb.c
video: fbdev: drop owner assignment from platform_drivers
2014-10-20 16:21:51 +02:00
hpfb.c
video/fbdev, asm/io.h: Remove ioremap_writethrough()
2015-06-07 15:28:57 +02:00
hyperv_fb.c
drivers:hv: Use new vmbus_mmio_free() from client drivers.
2016-04-30 14:01:37 -07:00
i740_reg.h
i740fb.c
video: fbdev: constify fb_fix_screeninfo and fb_var_screeninfo structures
2016-09-27 11:16:35 +03:00
igafb.c
imsttfb.c
video: imsttfb: fix potential NULL pointer dereferences
2023-05-15 13:48:17 +09:00
imxfb.c
video: fbdev: imxfb: add some error handling
2016-05-10 11:42:25 +03:00
jz4740_fb.c
Kconfig
Merge branch 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus
2016-10-15 09:26:12 -07:00
leo.c
video: fbdev: drop owner assignment from platform_drivers
2014-10-20 16:21:51 +02:00
macfb.c
macmodes.c
macmodes.h
Makefile
video: fbdev: exynos: Remove old non-working MIPI driver
2016-09-27 11:05:29 +03:00
maxinefb.c
metronomefb.c
video: fbdev: metronomefb: two harmless off by one bugs
2016-02-16 14:52:43 +02:00
mx3fb.c
mx3fb: Fix print format string
2016-08-30 11:57:21 +03:00
mxsfb.c
video: mxsfb: Fix framebuffer corruption on mx6sx
2016-08-30 11:59:33 +03:00
n411.c
fbdev: n411: check return value
2016-02-26 12:16:58 +02:00
neofb.c
video: fbdev: neofb: use arch_phys_wc_add() and ioremap_wc()
2015-06-03 12:41:49 +03:00
nuc900fb.c
dma, mm/pat: Rename dma_*_writecombine() to dma_*_wc()
2016-03-09 14:57:51 +01:00
nuc900fb.h
ocfb.c
ocfb: fix tgdel and tvdel timing parameters
2016-01-29 13:34:07 +02:00
offb.c
video: fbdev: offb: Call pci_enable_device() before using the PCI VGA device
2016-09-27 10:55:02 +03:00
p9100.c
video: fbdev: drop owner assignment from platform_drivers
2014-10-20 16:21:51 +02:00
platinumfb.c
powerpc: Move Power Macintosh drivers to generic byteswappers
2015-03-23 14:29:40 +11:00
platinumfb.h
pm2fb.c
video: fbdev: constify fb_fix_screeninfo and fb_var_screeninfo structures
2016-09-27 11:16:35 +03:00
pm3fb.c
video: fbdev: pm3fb: use arch_phys_wc_add() and ioremap_wc()
2015-06-03 12:41:52 +03:00
pmag-aa-fb.c
video: fbdev: pmag-ba-fb: Optimize Bt455 colormap addressing
2016-02-26 13:06:11 +02:00
pmag-ba-fb.c
video: fbdev: pmag-ba-fb: Remove bad `__init' annotation
2017-11-15 15:53:11 +01:00
pmagb-b-fb.c
ps3fb.c
pvr2fb.c
mm: replace get_user_pages_unlocked() write/force parameters with gup_flags
2016-10-18 14:13:37 -07:00
pxa3xx-gcu.c
video: fbdev: pxa3xx_gcu: prepare the clocks
2015-08-10 12:25:43 +03:00
pxa3xx-gcu.h
pxa168fb.c
pxa168fb: Fix the function used to release some memory in an error handling path
2023-05-15 16:58:05 +09:00
pxa168fb.h
pxafb.c
video: fbdev: pxafb: clear allocated memory for video modes
2023-05-15 08:19:29 +09:00
pxafb.h
video: fbdev: pxafb: loosen the platform data bond
2015-12-15 15:41:24 +02:00
q40fb.c
s1d13xxxfb.c
video: fbdev: constify fb_fix_screeninfo and fb_var_screeninfo structures
2016-09-27 11:16:35 +03:00
s3c2410fb.c
video: s3c2410fb: Register cpufreq notifier only on S3C24xx
2016-08-11 17:54:55 +03:00
s3c2410fb.h
video: s3c2410fb: Register cpufreq notifier only on S3C24xx
2016-08-11 17:54:55 +03:00
s3c-fb.c
dma, mm/pat: Rename dma_*_writecombine() to dma_*_wc()
2016-03-09 14:57:51 +01:00
s3fb.c
drivers/video/fbdev/s3fb: Use arch_phys_wc_add() and pci_iomap_wc()
2015-08-25 09:59:45 +02:00
sa1100fb.c
dma, mm/pat: Rename dma_*_writecombine() to dma_*_wc()
2016-03-09 14:57:51 +01:00
sa1100fb.h
ARM: 8244/1: fbdev: sa1100fb: make use of device clock
2014-12-05 16:30:25 +00:00
sbuslib.c
fbdev: sbuslib: integer overflow in sbusfb_ioctl_helper()
2023-05-15 15:12:20 +09:00
sbuslib.h
sh7760fb.c
video: fbdev: drop owner assignment from platform_drivers
2014-10-20 16:21:51 +02:00
sh_mobile_lcdcfb.c
fbdev: sh_mobile_lcdc: Fix destruction of uninitialized mutex
2015-04-07 16:24:15 +03:00
sh_mobile_lcdcfb.h
sh_mobile_meram.c
Merge tag 'pm+acpi-3.19-rc1-2' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm
2014-12-18 20:28:33 -08:00
simplefb.c
simplefb: Disable and release clocks and regulators in destroy callback
2016-09-27 11:21:36 +03:00
skeletonfb.c
fbdev: kill fb_rotate
2016-02-26 13:28:35 +02:00
sm501fb.c
sm501fb: don't return zero on failure path in sm501fb_start()
2018-03-24 11:00:21 +01:00
sm712.h
fbdev: sm712fb: use 1024x768 by default on non-MIPS, fix garbled display
2023-05-15 12:53:12 +09:00
sm712fb.c
fbdev: sm712fb: fix memory frequency by avoiding a switch/case fallthrough
2023-05-15 12:53:43 +09:00
smscufx.c
video: smscufx: remove unused variable
2016-09-27 11:47:37 +03:00
ssd1307fb.c
video: ssd1307fb: Start page range at page_offset
2023-05-15 14:40:43 +09:00
sstfb.c
sticore.h
stifb.c
arch, drivers: don't include <asm/io.h> directly, use <linux/io.h> instead
2015-08-10 23:07:05 -04:00
sunxvr500.c
drivers/video: make fbdev/sunxvr500.c explicitly non-modular
2016-03-03 13:36:51 +02:00
sunxvr1000.c
drivers/video: make fbdev/sunxvr1000.c explicitly non-modular
2016-03-03 13:36:51 +02:00
sunxvr2500.c
drivers/video: make fbdev/sunxvr2500.c explicitly non-modular
2016-03-03 13:36:51 +02:00
tcx.c
video: fbdev: drop owner assignment from platform_drivers
2014-10-20 16:21:51 +02:00
tdfxfb.c
video: fbdev: constify fb_fix_screeninfo and fb_var_screeninfo structures
2016-09-27 11:16:35 +03:00
tgafb.c
tmiofb.c
tridentfb.c
Merge tag 'fbdev-4.4' of git://git.kernel.org/pub/scm/linux/kernel/git/tomba/linux
2015-11-10 10:00:09 -08:00
udlfb.c
video: fbdev: udlfb: Fix buffer on stack
2018-03-24 11:00:21 +01:00
uvesafb.c
video: uvesafb: Fix integer overflow in allocation
2018-07-03 11:23:16 +02:00
valkyriefb.c
video: fbdev: valkyriefb.c: use container_of to resolve fb_info_valkyrie from fb_info
2014-09-30 13:06:01 +03:00
valkyriefb.h
vesafb.c
video: fbdev: vesafb: use arch_phys_wc_add()
2015-06-16 09:42:11 +03:00
vfb.c
vfb: fix video mode and line_length being set when loaded
2018-04-13 19:48:10 +02:00
vga16fb.c
video: fbdev: constify fb_fix_screeninfo and fb_var_screeninfo structures
2016-09-27 11:16:35 +03:00
vt8500lcdfb.c
video: vt8500lcdfb: remove unneeded continue
2015-01-13 13:35:04 +02:00
vt8500lcdfb.h
vt8623fb.c
drivers/video/fbdev/vt8623fb: Use arch_phys_wc_add() and pci_iomap_wc()
2015-08-25 09:59:45 +02:00
w100fb.c
w100fb.h
wm8505fb_regs.h
wm8505fb.c
video: fbdev: drop owner assignment from platform_drivers
2014-10-20 16:21:51 +02:00
wmt_ge_rops.c
video: fbdev: drop owner assignment from platform_drivers
2014-10-20 16:21:51 +02:00
wmt_ge_rops.h
xen-fbfront.c
xen, fbfront: fix connecting to backend
2017-04-21 09:31:21 +02:00
xilinxfb.c
video: fbdev: drop owner assignment from platform_drivers
2014-10-20 16:21:51 +02:00