linux-fbdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Daniel Vetter <daniel.vetter@ffwll.ch>
To: Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>
Cc: Geert Uytterhoeven <geert@linux-m68k.org>,
	syzbot <syzbot+04168c8063cfdde1db5e@syzkaller.appspotmail.com>,
	Andrew Morton <akpm@linux-foundation.org>,
	Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>,
	Colin King <colin.king@canonical.com>,
	DRI Development <dri-devel@lists.freedesktop.org>,
	Linux Fbdev development list <linux-fbdev@vger.kernel.org>,
	Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
	Masahiro Yamada <masahiroy@kernel.org>,
	syzkaller-bugs <syzkaller-bugs@googlegroups.com>,
	Randy Dunlap <rdunlap@infradead.org>
Subject: Re: [PATCH] fbmem: don't allow too huge resolutions
Date: Tue, 31 Aug 2021 18:20:09 +0200	[thread overview]
Message-ID: <CAKMK7uEbvUjskYmobK1g-iA++LeQvfUUik=ZJtrHh0+TdjE7+A@mail.gmail.com> (raw)
In-Reply-To: <5c6d2b95-31d7-0d59-5e62-2593d9a0e1fe@i-love.sakura.ne.jp>

On Tue, Aug 31, 2021 at 5:24 PM Tetsuo Handa
<penguin-kernel@i-love.sakura.ne.jp> wrote:
> On 2021/08/31 15:48, Geert Uytterhoeven wrote:
> > Furthermore, this restricts the virtual frame buffer size on 64-bit,
> > too, while graphics cards can have much more than 4 GiB of RAM.
>
> Excuse me, but do you mean that some hardware allows allocating more than
> UINT_MAX bytes of memory for kernel frame buffer drivers?
>
> > IMHO that should be fixed in vga16fb, too.
>
> According to https://elixir.bootlin.com/linux/v5.14/A/ident/fb_check_var ,
> there are 89 files. Randomly picking up drivers/video/fbdev/udlfb.c as
> an example. dlfb_is_valid_mode() from dlfb_ops_check_var() is doing
>
>   if (mode->xres * mode->yres > dlfb->sku_pixel_limit)
>     return 0;
>   return 1;
>
> where max dlfb->sku_pixel_limit seems to be 2048 * 1152 but I think we need
> same overflow check. I want to avoid patching individual modules if possible.
> That depends on whether some hardware needs to allocate more than UINT_MAX
> bytes of memory.

Yeah basic input validation makes no sense to push into each driver.
That's just asking that most of the fbdev drivers will never be fixed.

Same for not-so-basic input validation, if there's no driver that
actually needs the flexibility (like the virtual vs physical size
thing that's floating around maybe).
-Daniel
-- 
Daniel Vetter
Software Engineer, Intel Corporation
http://blog.ffwll.ch

  reply	other threads:[~2021-08-31 16:20 UTC|newest]

Thread overview: 26+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-07-14  5:16 [syzbot] BUG: unable to handle kernel paging request in vga16fb_fillrect syzbot
2021-08-30  0:24 ` Randy Dunlap
2021-08-30  2:27   ` Tetsuo Handa
2021-08-30  2:31     ` Randy Dunlap
2021-08-30 16:05       ` [PATCH] fbmem: don't allow too huge resolutions Tetsuo Handa
2021-08-31  6:48         ` Geert Uytterhoeven
2021-08-31 15:23           ` Tetsuo Handa
2021-08-31 16:20             ` Daniel Vetter [this message]
2021-08-31 17:19             ` Geert Uytterhoeven
2021-08-31 18:53               ` Daniel Vetter
2021-08-31 18:56                 ` Geert Uytterhoeven
2021-08-31 19:04                   ` Daniel Vetter
2021-09-01  1:14                     ` [PATCH v2] " Tetsuo Handa
2021-09-01  7:12                       ` Geert Uytterhoeven
2021-09-08 10:27                       ` [PATCH v2 (repost)] " Tetsuo Handa
2021-09-08 16:52                         ` Daniel Vetter
2021-08-30 12:00     ` [syzbot] BUG: unable to handle kernel paging request in vga16fb_fillrect Geert Uytterhoeven
2021-08-30 13:00       ` Dan Carpenter
2021-08-30 13:37         ` Tetsuo Handa
2021-08-30 13:47           ` Dan Carpenter
2021-08-30 14:25             ` Tetsuo Handa
2021-08-30 14:29               ` Dan Carpenter
2021-08-30 14:30               ` Geert Uytterhoeven
2021-08-30 14:38                 ` Tetsuo Handa
2021-08-30 14:53                   ` Geert Uytterhoeven
2021-08-30 15:00                     ` Geert Uytterhoeven

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CAKMK7uEbvUjskYmobK1g-iA++LeQvfUUik=ZJtrHh0+TdjE7+A@mail.gmail.com' \
    --to=daniel.vetter@ffwll.ch \
    --cc=akpm@linux-foundation.org \
    --cc=b.zolnierkie@samsung.com \
    --cc=colin.king@canonical.com \
    --cc=dri-devel@lists.freedesktop.org \
    --cc=geert@linux-m68k.org \
    --cc=linux-fbdev@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=masahiroy@kernel.org \
    --cc=penguin-kernel@i-love.sakura.ne.jp \
    --cc=rdunlap@infradead.org \
    --cc=syzbot+04168c8063cfdde1db5e@syzkaller.appspotmail.com \
    --cc=syzkaller-bugs@googlegroups.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).