From: Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>
To: Grzegorz Halat <ghalat@redhat.com>
Cc: linux-kernel@vger.kernel.org,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Jiri Slaby <jslaby@suse.com>,
linux-fbdev@vger.kernel.org,
Oleksandr Natalenko <oleksandr@redhat.com>
Subject: Re: [PATCH] vt/fbcon: deinitialize resources in visual_init() after failed memory allocation
Date: Fri, 17 May 2019 13:24:49 +0200 [thread overview]
Message-ID: <782f3255-3a25-4620-e97c-2f742e733f32@samsung.com> (raw)
In-Reply-To: <20190426145946.26537-1-ghalat@redhat.com>
On 4/26/19 4:59 PM, Grzegorz Halat wrote:
> After memory allocation failure vc_allocate() doesn't clean up data
> which has been initialized in visual_init(). In case of fbcon this
> leads to divide-by-0 in fbcon_init() on next open of the same tty.
>
> memory allocation in vc_allocate() may fail here:
> 1097: vc->vc_screenbuf = kzalloc(vc->vc_screenbuf_size, GFP_KERNEL);
>
> on next open() fbcon_init() skips vc_font.data initialization:
> 1088: if (!p->fontdata) {
>
> division by zero in fbcon_init() happens here:
> 1149: new_cols /= vc->vc_font.width;
>
> Additional check is needed in fbcon_deinit() to prevent
> usage of uninitialized vc_screenbuf:
>
> 1251: if (vc->vc_hi_font_mask && vc->vc_screenbuf)
> 1252: set_vc_hi_font(vc, false);
>
> Crash:
>
> #6 [ffffc90001eafa60] divide_error at ffffffff81a00be4
> [exception RIP: fbcon_init+463]
> RIP: ffffffff814b860f RSP: ffffc90001eafb18 RFLAGS: 00010246
> ...
> #7 [ffffc90001eafb60] visual_init at ffffffff8154c36e
> #8 [ffffc90001eafb80] vc_allocate at ffffffff8154f53c
> #9 [ffffc90001eafbc8] con_install at ffffffff8154f624
> ...
>
> Signed-off-by: Grzegorz Halat <ghalat@redhat.com>
Acked-by: Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>
Best regards,
--
Bartlomiej Zolnierkiewicz
Samsung R&D Institute Poland
Samsung Electronics
WARNING: multiple messages have this Message-ID (diff)
From: Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>
To: Grzegorz Halat <ghalat@redhat.com>
Cc: linux-kernel@vger.kernel.org,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Jiri Slaby <jslaby@suse.com>,
linux-fbdev@vger.kernel.org,
Oleksandr Natalenko <oleksandr@redhat.com>
Subject: Re: [PATCH] vt/fbcon: deinitialize resources in visual_init() after failed memory allocation
Date: Fri, 17 May 2019 11:24:49 +0000 [thread overview]
Message-ID: <782f3255-3a25-4620-e97c-2f742e733f32@samsung.com> (raw)
In-Reply-To: <20190426145946.26537-1-ghalat@redhat.com>
On 4/26/19 4:59 PM, Grzegorz Halat wrote:
> After memory allocation failure vc_allocate() doesn't clean up data
> which has been initialized in visual_init(). In case of fbcon this
> leads to divide-by-0 in fbcon_init() on next open of the same tty.
>
> memory allocation in vc_allocate() may fail here:
> 1097: vc->vc_screenbuf = kzalloc(vc->vc_screenbuf_size, GFP_KERNEL);
>
> on next open() fbcon_init() skips vc_font.data initialization:
> 1088: if (!p->fontdata) {
>
> division by zero in fbcon_init() happens here:
> 1149: new_cols /= vc->vc_font.width;
>
> Additional check is needed in fbcon_deinit() to prevent
> usage of uninitialized vc_screenbuf:
>
> 1251: if (vc->vc_hi_font_mask && vc->vc_screenbuf)
> 1252: set_vc_hi_font(vc, false);
>
> Crash:
>
> #6 [ffffc90001eafa60] divide_error at ffffffff81a00be4
> [exception RIP: fbcon_init+463]
> RIP: ffffffff814b860f RSP: ffffc90001eafb18 RFLAGS: 00010246
> ...
> #7 [ffffc90001eafb60] visual_init at ffffffff8154c36e
> #8 [ffffc90001eafb80] vc_allocate at ffffffff8154f53c
> #9 [ffffc90001eafbc8] con_install at ffffffff8154f624
> ...
>
> Signed-off-by: Grzegorz Halat <ghalat@redhat.com>
Acked-by: Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>
Best regards,
--
Bartlomiej Zolnierkiewicz
Samsung R&D Institute Poland
Samsung Electronics
next prev parent reply other threads:[~2019-05-17 11:24 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <CGME20190426145959epcas3p452b4b80025c58916331820abbb0060ed@epcas3p4.samsung.com>
2019-04-26 14:59 ` [PATCH] vt/fbcon: deinitialize resources in visual_init() after failed memory allocation Grzegorz Halat
2019-04-26 14:59 ` Grzegorz Halat
2019-05-16 14:33 ` Grzegorz Halat
2019-05-16 14:33 ` Grzegorz Halat
2019-05-24 8:06 ` Greg Kroah-Hartman
2019-05-24 8:06 ` Greg Kroah-Hartman
2019-05-24 13:52 ` Grzegorz Halat
2019-05-24 13:52 ` Grzegorz Halat
2019-05-24 15:08 ` Greg Kroah-Hartman
2019-05-24 15:08 ` Greg Kroah-Hartman
2019-05-17 11:24 ` Bartlomiej Zolnierkiewicz [this message]
2019-05-17 11:24 ` Bartlomiej Zolnierkiewicz
[not found] <20190426144357.25826-1-ghalat@redhat.com>
2019-05-21 6:27 ` Oleksandr Natalenko
2019-05-21 6:27 ` Oleksandr Natalenko
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=782f3255-3a25-4620-e97c-2f742e733f32@samsung.com \
--to=b.zolnierkie@samsung.com \
--cc=ghalat@redhat.com \
--cc=gregkh@linuxfoundation.org \
--cc=jslaby@suse.com \
--cc=linux-fbdev@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=oleksandr@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.