From: Geert Uytterhoeven <geert@linux-m68k.org>
To: Zheyu Ma <zheyuma97@gmail.com>
Cc: "Antonino A. Daplas" <adaplas@gmail.com>,
DRI Development <dri-devel@lists.freedesktop.org>,
Linux Fbdev development list <linux-fbdev@vger.kernel.org>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
stable <stable@vger.kernel.org>
Subject: Re: [PATCH v2 1/3] video: fbdev: asiliantfb: Error out if 'pixclock' equals zero
Date: Fri, 10 Sep 2021 17:16:44 +0200 [thread overview]
Message-ID: <CAMuHMdXB_HHgi1iPSnjusQvgdUYJDBwQc=+f+5vpmEjXBKArng@mail.gmail.com> (raw)
In-Reply-To: <1627293835-17441-2-git-send-email-zheyuma97@gmail.com>
Hi Zheyu,
On Mon, Jul 26, 2021 at 12:04 PM Zheyu Ma <zheyuma97@gmail.com> wrote:
> The userspace program could pass any values to the driver through
> ioctl() interface. If the driver doesn't check the value of 'pixclock',
> it may cause divide error.
>
> Fix this by checking whether 'pixclock' is zero first.
>
> The following log reveals it:
>
> [ 43.861711] divide error: 0000 [#1] PREEMPT SMP KASAN PTI
> [ 43.861737] CPU: 2 PID: 11764 Comm: i740 Not tainted 5.14.0-rc2-00513-gac532c9bbcfb-dirty #224
> [ 43.861756] RIP: 0010:asiliantfb_check_var+0x4e/0x730
> [ 43.861843] Call Trace:
> [ 43.861848] ? asiliantfb_remove+0x190/0x190
> [ 43.861858] fb_set_var+0x2e4/0xeb0
> [ 43.861866] ? fb_blank+0x1a0/0x1a0
> [ 43.861873] ? lock_acquire+0x1ef/0x530
> [ 43.861884] ? lock_release+0x810/0x810
> [ 43.861892] ? lock_is_held_type+0x100/0x140
> [ 43.861903] ? ___might_sleep+0x1ee/0x2d0
> [ 43.861914] ? __mutex_lock+0x620/0x1190
> [ 43.861921] ? do_fb_ioctl+0x313/0x700
> [ 43.861929] ? mutex_lock_io_nested+0xfa0/0xfa0
> [ 43.861936] ? __this_cpu_preempt_check+0x1d/0x30
> [ 43.861944] ? _raw_spin_unlock_irqrestore+0x46/0x60
> [ 43.861952] ? lockdep_hardirqs_on+0x59/0x100
> [ 43.861959] ? _raw_spin_unlock_irqrestore+0x46/0x60
> [ 43.861967] ? trace_hardirqs_on+0x6a/0x1c0
> [ 43.861978] do_fb_ioctl+0x31e/0x700
>
> Signed-off-by: Zheyu Ma <zheyuma97@gmail.com>
Thanks for your patch!
> ---
> Changes in v2:
> - Make commit log more descriptive
> ---
> drivers/video/fbdev/asiliantfb.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/drivers/video/fbdev/asiliantfb.c b/drivers/video/fbdev/asiliantfb.c
> index 3e006da47752..84c56f525889 100644
> --- a/drivers/video/fbdev/asiliantfb.c
> +++ b/drivers/video/fbdev/asiliantfb.c
> @@ -227,6 +227,9 @@ static int asiliantfb_check_var(struct fb_var_screeninfo *var,
> {
> unsigned long Ftarget, ratio, remainder;
>
> + if (!var->pixclock)
> + return -EINVAL;
While this fixes the crash, it is not correct: according to the
fbdev API, invalid values must be rounded up to a supported value,
if possible. -EINVAL should only be returned if rounding up values
in fb_var_screeninfo cannot give a valid mode.
The same comment applies to the other patches in this series:
[PATCH v2 2/3] video: fbdev: kyro: Error out if 'pixclock' equals zero
[PATCH v2 3/3] video: fbdev: riva: Error out if 'pixclock' equals zero
> +
> ratio = 1000000 / var->pixclock;
> remainder = 1000000 % var->pixclock;
> Ftarget = 1000000 * ratio + (1000000 * remainder) / var->pixclock;
Gr{oetje,eeting}s,
Geert
--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68k.org
In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
-- Linus Torvalds
next prev parent reply other threads:[~2021-09-10 15:17 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-07-26 10:03 [PATCH v2 0/3] Error out if 'pixclock' equals zero Zheyu Ma
2021-07-26 10:03 ` [PATCH v2 1/3] video: fbdev: asiliantfb: " Zheyu Ma
2021-09-10 15:16 ` Geert Uytterhoeven [this message]
2021-07-26 10:03 ` [PATCH v2 2/3] video: fbdev: kyro: " Zheyu Ma
2021-07-26 10:03 ` [PATCH v2 3/3] video: fbdev: riva: " Zheyu Ma
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAMuHMdXB_HHgi1iPSnjusQvgdUYJDBwQc=+f+5vpmEjXBKArng@mail.gmail.com' \
--to=geert@linux-m68k.org \
--cc=adaplas@gmail.com \
--cc=dri-devel@lists.freedesktop.org \
--cc=linux-fbdev@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=zheyuma97@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).