UbiquitousOS
/
OpenCloudOS-Kernel
mirror of https://gitee.com/OpenCloudOS/OpenCloudOS-Kernel.git
11
0
Fork 0
Code Issues Projects Releases Wiki Activity
OpenCloudOS-Kernel/drivers/video/fbdev
History
Tetsuo Handa ffb324e6f8 tty: vt: always invoke vc->vc_sw->con_resize callback 
syzbot is reporting OOB write at vga16fb_imageblit() [1], for
resize_screen() from ioctl(VT_RESIZE) returns 0 without checking whether
requested rows/columns fit the amount of memory reserved for the graphical
screen if current mode is KD_GRAPHICS.

----------
  #include <sys/types.h>
  #include <sys/stat.h>
  #include <fcntl.h>
  #include <sys/ioctl.h>
  #include <linux/kd.h>
  #include <linux/vt.h>

  int main(int argc, char *argv[])
  {
        const int fd = open("/dev/char/4:1", O_RDWR);
        struct vt_sizes vt = { 0x4100, 2 };

        ioctl(fd, KDSETMODE, KD_GRAPHICS);
        ioctl(fd, VT_RESIZE, &vt);
        ioctl(fd, KDSETMODE, KD_TEXT);
        return 0;
  }
----------

Allow framebuffer drivers to return -EINVAL, by moving vc->vc_mode !=
KD_GRAPHICS check from resize_screen() to fbcon_resize().

Link: https://syzkaller.appspot.com/bug?extid=1f29e126cf461c4de3b3 [1]
Reported-by: syzbot <syzbot+1f29e126cf461c4de3b3@syzkaller.appspotmail.com>
Suggested-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Tested-by: syzbot <syzbot+1f29e126cf461c4de3b3@syzkaller.appspotmail.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
 		2021-05-15 08:12:12 -07:00
..
aty fbdev: atyfb: use LCD management functions for PPC_PMAC also 2021-03-11 11:11:32 +01:00
core tty: vt: always invoke vc->vc_sw->con_resize callback 2021-05-15 08:12:12 -07:00
geode video: fbdev: lxfb_ops: Fix fall-through warnings for Clang 2020-11-22 22:58:55 +01:00
i810 video: fbdev: i810: use true,false for bool variables 2020-05-06 19:29:10 +02:00
intelfb drm pull for 5.6-rc1 2020-01-30 08:04:01 -08:00
kyro video: fbdev: kyro: remove set but not used 'ulCoreClock' 2020-09-08 13:33:31 +02:00
matrox treewide: remove editor modelines and cruft 2021-05-07 00:26:34 -07:00
mb862xx video: fbdev: mb862xx: remove set but not used variable 'mdr' 2020-04-08 12:09:15 +02:00
mmp video: fbdev: mmp: Fix kernel-doc warning for lcd_spi_write 2020-12-08 18:34:25 +01:00
nvidia video: fbdev: nvidia: Fix set but not used warnings 2020-11-30 20:21:54 +01:00
omap video: omap: Remove in_interrupt() usage. 2021-02-18 15:14:32 +01:00
omap2 fbdev: omapfb: avoid -Wempty-body warning 2021-03-22 15:02:14 +01:00
riva video: fbdev: riva: Fix kernel-doc and set but not used warnings 2020-11-30 20:04:36 +01:00
savage fbdev: savagefb: use generic power management 2020-09-08 13:33:15 +02:00
sis video: fbdev: sis: Drop useless call to SiS_GetResInfo() 2020-12-08 18:36:52 +01:00
vermilion remove ioremap_nocache and devm_ioremap_nocache 2020-01-06 09:45:59 +01:00
via video: fbdev: via: Fix set but not used warning for mode_crt_table 2020-11-30 20:04:24 +01:00
68328fb.c video/fbdev/68328fb: Remove dead code 2020-01-03 14:27:43 +01:00
Kconfig fbdev: aty: SPARC64 requires FB_ATY_CT 2020-11-27 16:14:02 +01:00
Makefile drm next for 5.10-rc1 2020-10-15 10:46:16 -07:00
acornfb.c video: fbdev: acornfb: remove free_unused_pages() 2021-02-24 13:38:31 -08:00
acornfb.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
amba-clcd.c drm-misc-next for 5.13: 2021-03-16 17:08:46 +10:00
amifb.c backlight/video: Use Platform getter/setter functions 2021-02-12 10:01:45 +00:00
arcfb.c treewide: Use fallthrough pseudo-keyword 2020-08-23 17:36:59 -05:00
arkfb.c fbdev: arkfb: use generic power management 2020-09-08 13:33:20 +02:00
asiliantfb.c video: constify fb ops across all drivers 2019-12-05 10:57:53 +02:00
atafb.c fbdev/atafb: Remove unused extern variables 2020-10-28 19:40:11 +01:00
atafb.h
atafb_iplan2p2.c fbdev: atafb: Remove obsolete module support 2019-04-01 17:46:55 +02:00
atafb_iplan2p4.c fbdev: atafb: Remove obsolete module support 2019-04-01 17:46:55 +02:00
atafb_iplan2p8.c fbdev: atafb: Remove obsolete module support 2019-04-01 17:46:55 +02:00
atafb_mfb.c fbdev: atafb: Remove obsolete module support 2019-04-01 17:46:55 +02:00
atafb_utils.h
atmel_lcdfb.c video: fbdev: atmel_lcdfb: fix return error code in atmel_lcdfb_of_init() 2020-11-17 08:47:15 +01:00
au1100fb.c video: constify fb ops across all drivers 2019-12-05 10:57:53 +02:00
au1100fb.h au1100fb: fix DMA API abuse 2019-06-03 16:00:08 +02:00
au1200fb.c video: constify fb ops across all drivers 2019-12-05 10:57:53 +02:00
au1200fb.h
broadsheetfb.c video: constify fb ops across all drivers 2019-12-05 10:57:53 +02:00
bt431.h
bt455.h
bw2.c video: fbdev: sparc drivers: fix kernel-doc warnings for blank_mode 2020-12-08 18:34:08 +01:00
c2p.h
c2p_core.h fbdev: c2p: Use BUILD_BUG() instead of custom solution 2020-03-09 11:12:19 +01:00
c2p_iplan2.c
c2p_planar.c
carminefb.c drm pull for 5.6-rc1 2020-01-30 08:04:01 -08:00
carminefb.h
carminefb_regs.h
cg3.c video: fbdev: sparc drivers: fix kernel-doc warnings for blank_mode 2020-12-08 18:34:08 +01:00
cg6.c video: fbdev: sparc drivers: fix kernel-doc warnings for blank_mode 2020-12-08 18:34:08 +01:00
cg14.c fbdev: cg14fb: use resource_size 2020-01-15 17:31:50 +01:00
chipsfb.c video: constify fb ops across all drivers 2019-12-05 10:57:53 +02:00
cirrusfb.c video: fbdev: cirrusfb: Fix kernel-doc and set but not used warnings 2020-12-05 21:16:02 +01:00
clps711x-fb.c video: constify fb ops across all drivers 2019-12-05 10:57:53 +02:00
cobalt_lcdfb.c video: constify fb ops across all drivers 2019-12-05 10:57:53 +02:00
controlfb.c video: fbdev: controlfb: Fix set but not used warnings 2020-12-08 18:36:36 +01:00
controlfb.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
cyber2000fb.c fbdev: cyber2000fb: use generic power management 2020-09-08 13:33:16 +02:00
cyber2000fb.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
da8xx-fb.c backlight/video: Use Platform getter/setter functions 2021-02-12 10:01:45 +00:00
dnfb.c video: constify fb ops across all drivers 2019-12-05 10:57:53 +02:00
edid.h
efifb.c efifb: Check efifb_pci_dev before using it 2021-04-26 17:33:03 -04:00
ep93xx-fb.c video: fbdev: Replace HTTP links with HTTPS ones 2020-07-20 11:47:29 +02:00
ffb.c video: fbdev: sparc drivers: fix kernel-doc warnings for blank_mode 2020-12-08 18:34:08 +01:00
fm2fb.c video: constify fb ops across all drivers 2019-12-05 10:57:53 +02:00
fsl-diu-fb.c video: fbdev: fsl-diu-fb: remove unneeded variable 'res' 2020-10-17 08:23:14 +02:00
g364fb.c fbdev/g364fb: Fix build failure 2020-02-19 10:58:22 -08:00
gbefb.c video: fbdev: gbefb: Fix set but not used warning 2020-12-08 18:35:24 +01:00
goldfishfb.c video: fbdev: goldfishfb: Fix defined but not used warning 2020-12-08 18:34:50 +01:00
grvga.c video: fbdev: Replace HTTP links with HTTPS ones 2020-07-20 11:47:29 +02:00
gxt4500.c treewide: Use fallthrough pseudo-keyword 2020-08-23 17:36:59 -05:00
hecubafb.c video: constify fb ops across all drivers 2019-12-05 10:57:53 +02:00
hgafb.c video: fbdev: hgafb: Fix kernel-doc warnings 2020-12-08 18:31:11 +01:00
hitfb.c mm: don't include asm/pgtable.h if linux/mm.h is already included 2020-06-09 09:39:13 -07:00
hpfb.c maccess: rename probe_kernel_{read,write} to copy_{from,to}_kernel_nofault 2020-06-17 10:57:41 -07:00
hyperv_fb.c hyperv-next for 5.13 2021-04-26 10:44:16 -07:00
i740_reg.h
i740fb.c fbdev: i740fb: use generic power management 2020-09-08 13:33:17 +02:00
imsttfb.c video: constify fb ops across all drivers 2019-12-05 10:57:53 +02:00
imxfb.c backlight/video: Use Platform getter/setter functions 2021-02-12 10:01:45 +00:00
leo.c video: fbdev: sparc drivers: fix kernel-doc warnings for blank_mode 2020-12-08 18:34:08 +01:00
macfb.c video: fbdev: Replace HTTP links with HTTPS ones 2020-07-20 11:47:29 +02:00
macmodes.c
macmodes.h
maxinefb.c video: constify fb ops across all drivers 2019-12-05 10:57:53 +02:00
metronomefb.c video: fbdev: Replace HTTP links with HTTPS ones 2020-07-20 11:47:29 +02:00
mx3fb.c video: fbdev: mx3fb: Fix kernel-doc, set but not used and string warnings 2020-11-30 20:04:56 +01:00
n411.c
neofb.c video: fbdev: neofb: Fix set but not used warning for CursorMem 2020-11-30 20:21:08 +01:00
ocfb.c video: ocfb: Use devm_platform_ioremap_resource() in ocfb_probe() 2020-01-03 14:27:49 +01:00
offb.c treewide: Use fallthrough pseudo-keyword 2020-08-23 17:36:59 -05:00
p9100.c video: fbdev: sparc drivers: fix kernel-doc warnings for blank_mode 2020-12-08 18:34:08 +01:00
platinumfb.c video: constify fb ops across all drivers 2019-12-05 10:57:53 +02:00
platinumfb.h
pm2fb.c video: fbdev: pm2fb: Fix kernel-doc warnings 2020-11-30 20:04:43 +01:00
pm3fb.c treewide: Remove uninitialized_var() usage 2020-07-16 12:35:15 -07:00
pmag-aa-fb.c drm pull for 5.6-rc1 2020-01-30 08:04:01 -08:00
pmag-ba-fb.c drm pull for 5.6-rc1 2020-01-30 08:04:01 -08:00
pmagb-b-fb.c drm pull for 5.6-rc1 2020-01-30 08:04:01 -08:00
ps3fb.c powerpc/ps3: make system bus's remove and shutdown callbacks return void 2020-12-04 01:01:22 +11:00
pvr2fb.c video: fbdev: pvr2fb: initialize variables 2020-08-05 19:47:22 +02:00
pxa3xx-gcu.c misc: cleanup minor number definitions in c file into miscdevice.h 2020-03-18 12:27:03 +01:00
pxa3xx-gcu.h
pxa168fb.c treewide: Use fallthrough pseudo-keyword 2020-08-23 17:36:59 -05:00
pxa168fb.h
pxafb.c treewide: Use fallthrough pseudo-keyword 2020-08-23 17:36:59 -05:00
pxafb.h video: pxafb: Remove cpufreq policy notifier 2019-08-26 10:02:02 +02:00
q40fb.c mm: don't include asm/pgtable.h if linux/mm.h is already included 2020-06-09 09:39:13 -07:00
s1d13xxxfb.c video: fbdev: s1d13xxxfb: Fix kernel-doc and set but not used warnings 2020-11-29 22:51:07 +01:00
s3c-fb.c video: fbdev: s3c-fb: Fix kernel-doc and set but not used warnings 2020-12-05 21:01:04 +01:00
s3c2410fb-regs-lcd.h fbdev: s3c2410fb: remove mach header dependency 2020-08-20 17:48:12 +02:00
s3c2410fb.c fbdev: s3c2410fb: remove mach header dependency 2020-08-20 17:48:12 +02:00
s3c2410fb.h
s3fb.c fbdev: s3fb: use generic power management 2020-09-08 13:33:19 +02:00
sa1100fb.c treewide: Use fallthrough pseudo-keyword 2020-08-23 17:36:59 -05:00
sa1100fb.h ARM/fbdev: sa11x0: Switch to use GPIO descriptors 2020-04-17 15:50:11 +02:00
sbuslib.c fbdev: sbuslib: remove compat_alloc_user_space usage 2020-09-25 16:34:50 +02:00
sbuslib.h
sh7760fb.c drm pull for 5.6-rc1 2020-01-30 08:04:01 -08:00
sh_mobile_lcdcfb.c fbdev/sh_mobile: Drop unused include 2020-11-01 10:29:04 +01:00
sh_mobile_lcdcfb.h fbdev/sh_mobile: remove sh_mobile_lcdc_display_notify 2019-06-12 20:28:11 +02:00
simplefb.c video: fbdev: simplefb: Fix info message during probe 2021-01-20 12:06:32 +01:00
skeletonfb.c video: constify fb ops across all drivers 2019-12-05 10:57:53 +02:00
sm501fb.c treewide: Use fallthrough pseudo-keyword 2020-08-23 17:36:59 -05:00
sm712.h fbdev: sm712fb: use 1024x768 by default on non-MIPS, fix garbled display 2019-04-01 17:46:59 +02:00
sm712fb.c fbdev: sm712fb: handle ioremap() errors in probe 2020-09-08 13:33:02 +02:00
smscufx.c video: constify fb ops across all drivers 2019-12-05 10:57:53 +02:00
ssd1307fb.c video: fbdev: ssd1307fb: Added support to Column offset 2020-09-08 13:33:03 +02:00
sstfb.c video: fbdev: sstfb: Updated logging to fix set but not used warnings 2020-11-30 20:04:59 +01:00
sticore.h parisc/sticon: Add user font support 2020-10-15 08:12:59 +02:00
stifb.c treewide: Use fallthrough pseudo-keyword 2020-08-23 17:36:59 -05:00
sunxvr500.c video: constify fb ops across all drivers 2019-12-05 10:57:53 +02:00
sunxvr1000.c video: constify fb ops across all drivers 2019-12-05 10:57:53 +02:00
sunxvr2500.c video: constify fb ops across all drivers 2019-12-05 10:57:53 +02:00
tcx.c video: fbdev: sparc drivers: fix kernel-doc warnings for blank_mode 2020-12-08 18:34:08 +01:00
tdfxfb.c video: fbdev: tdfx: Fix set but not used warning in att_outb() 2020-11-30 20:04:30 +01:00
tgafb.c video: fbdev: tgafb: Fix kernel-doc and set but not used warnings 2020-11-30 20:04:50 +01:00
tmiofb.c video: constify fb ops across all drivers 2019-12-05 10:57:53 +02:00
tridentfb.c drm pull for 5.6-rc1 2020-01-30 08:04:01 -08:00
udlfb.c udlfb: Fix memory leak in dlfb_usb_probe 2020-12-15 13:44:14 +01:00
uvesafb.c video: fbdev: uvesafb: Fix set but not used warning 2020-12-08 18:33:48 +01:00
valkyriefb.c video: fbdev: valkyriefb.c: fix warning comparing pointer to 0 2020-05-06 21:04:45 +02:00
valkyriefb.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
vesafb.c video: fbdev: vesafb: add missed release_region 2020-04-17 15:50:14 +02:00
vfb.c video: constify fb ops across all drivers 2019-12-05 10:57:53 +02:00
vga16fb.c treewide: remove editor modelines and cruft 2021-05-07 00:26:34 -07:00
vt8500lcdfb.c video: vt8500lcdfb: fix fallthrough warning 2020-04-17 15:50:08 +02:00
vt8500lcdfb.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 282 2019-06-05 17:36:37 +02:00
vt8623fb.c fbdev: vt8623fb: use generic power management 2020-09-08 13:33:18 +02:00
w100fb.c video: fbdev: w100fb: Fix a potential double free. 2020-05-06 20:22:25 +02:00
w100fb.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
wm8505fb.c video: fbdev: wm8505fb: fix sparse warnings about using incorrect types 2020-03-02 16:32:04 +01:00
wm8505fb_regs.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 282 2019-06-05 17:36:37 +02:00
wmt_ge_rops.c video: fbdev: wmt_ge_rops: Fix function not declared warnings 2020-12-08 18:34:36 +01:00
wmt_ge_rops.h
xen-fbfront.c treewide: Use fallthrough pseudo-keyword 2020-08-23 17:36:59 -05:00
xilinxfb.c backlight/video: Use Platform getter/setter functions 2021-02-12 10:01:45 +00:00