From: "Maciej W. Rozycki" <macro@orcam.me.uk>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Linux Fbdev development list <linux-fbdev@vger.kernel.org>,
Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>,
Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
syzkaller-bugs <syzkaller-bugs@googlegroups.com>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
dri-devel <dri-devel@lists.freedesktop.org>,
Jani Nikula <jani.nikula@intel.com>,
Colin King <colin.king@canonical.com>,
Jiri Slaby <jirislaby@kernel.org>,
syzbot <syzbot+1f29e126cf461c4de3b3@syzkaller.appspotmail.com>
Subject: Re: [PATCH] video: fbdev: vga16fb: fix OOB write in vga16fb_imageblit()
Date: Fri, 14 May 2021 22:25:53 +0200 (CEST) [thread overview]
Message-ID: <alpine.DEB.2.21.2105142150460.3032@angie.orcam.me.uk> (raw)
In-Reply-To: <CAHk-=wguwhFpjhyMtDaH2hhjoV62gDgByC=aPyTrW9CkM5hqvA@mail.gmail.com>
On Fri, 14 May 2021, Linus Torvalds wrote:
> > Currently it is impossible to control upper limit of rows/columns values
> > based on amount of memory reserved for the graphical screen, for
> > resize_screen() calls vc->vc_sw->con_resize() only if vc->vc_mode is not
> > already KD_GRAPHICS
>
> Honestly, the saner approach would seem to be to simply error out if
> vc_mode is KD_GRAPHICS.
>
> Doing VT_RESIZE while in KD_GRAPHICS mode seems _very_ questionable,
> and is clearly currently very buggy.
I haven't looked into it any further beyond tracking down (again, using
the LMO tree) the originating change as the other fix took precedence. It
came with:
commit 094e0a9cdbdf1e11a28dd756a6cbd750b6303d10
Author: Ralf Baechle <ralf@linux-mips.org>
Date: Sun Jun 1 12:07:37 2003 +0000
Merge with Linux 2.5.51
along with framebuffer console support:
+inline int resize_screen(int currcons, int width, int height)
+{
+ /* Resizes the resolution of the display adapater */
+ int err = 0;
+
+ if (vcmode != KD_GRAPHICS && sw->con_resize)
+ err = sw->con_resize(vc_cons[currcons].d, width, height);
+ return err;
+}
+
A handler for fbcon was added shortly afterwards with:
commit bab384bdbe279efd7acc2146ef13b0b0395b2a42
Author: Ralf Baechle <ralf@linux-mips.org>
Date: Tue Jun 3 17:04:10 2003 +0000
Merge with Linux 2.5.59.
however vgacon didn't have a handler for it until commit 28254d439b8c
("[PATCH] vga text console and stty cols/rows") two years later only.
Overall I think it does make sense to resize the text console at any
time, even if the visible console (VT) chosen is in the graphics mode, as
my understanding (and experience at least with vgacon) is that resizing
the console applies globally across all the VTs. So the intent of the
original change appears valid to me, and the choice not to reprogram the
visible console and only store the settings for a future use if it's in
the graphics mode correct.
Which means any bug triggered here needs to be fixed elsewhere rather
than by making the request fail.
NB for fbcon the usual ioctl to resize the console is FBIOPUT_VSCREENINFO
rather than VT_RESIZEX; fbset(8) uses it, and I actually experimented with
it and a TGA-like (SFB+) framebuffer when at my lab last time, as Linux is
kind enough to know how to fiddle with its clockchip. It works just fine.
Maciej
next prev parent reply other threads:[~2021-05-14 20:25 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-05-08 7:07 BUG: unable to handle kernel paging request in vga16fb_imageblit (2) syzbot
2021-05-01 20:31 ` [syzbot] " syzbot
2021-05-02 1:53 ` syzbot
2021-05-03 13:41 ` Tetsuo Handa
2021-05-07 11:09 ` Tetsuo Handa
2021-05-14 16:19 ` [PATCH] video: fbdev: vga16fb: fix OOB write in vga16fb_imageblit() Tetsuo Handa
2021-05-14 17:29 ` Linus Torvalds
2021-05-14 17:37 ` Linus Torvalds
2021-05-14 18:23 ` Linus Torvalds
2021-05-14 20:25 ` Maciej W. Rozycki [this message]
2021-05-14 20:32 ` Linus Torvalds
2021-05-14 21:10 ` Linus Torvalds
2021-05-15 7:43 ` [PATCH v2] tty: vt: always invoke vc->vc_sw->con_resize callback Tetsuo Handa
2021-05-15 16:21 ` Maciej W. Rozycki
2021-05-15 16:32 ` Maciej W. Rozycki
2021-05-15 16:41 ` Linus Torvalds
2021-05-17 13:13 ` Daniel Vetter
2021-05-15 16:11 ` [PATCH] video: fbdev: vga16fb: fix OOB write in vga16fb_imageblit() Maciej W. Rozycki
2021-05-17 13:07 ` Daniel Vetter
2021-05-17 13:10 ` Daniel Vetter
2021-05-15 0:45 ` Tetsuo Handa
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=alpine.DEB.2.21.2105142150460.3032@angie.orcam.me.uk \
--to=macro@orcam.me.uk \
--cc=b.zolnierkie@samsung.com \
--cc=colin.king@canonical.com \
--cc=dri-devel@lists.freedesktop.org \
--cc=gregkh@linuxfoundation.org \
--cc=jani.nikula@intel.com \
--cc=jirislaby@kernel.org \
--cc=linux-fbdev@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=penguin-kernel@i-love.sakura.ne.jp \
--cc=syzbot+1f29e126cf461c4de3b3@syzkaller.appspotmail.com \
--cc=syzkaller-bugs@googlegroups.com \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).