Received: by 2002:a05:6a10:6744:0:0:0:0 with SMTP id w4csp5396430pxu; Thu, 22 Oct 2020 00:45:51 -0700 (PDT) X-Google-Smtp-Source: ABdhPJx+a1UCRejvXCpLeIE/ECcwY+fNhdxMgRnxHpNUVVPYeZgon9YZLFFaYApY5duIcfGO/4jR X-Received: by 2002:aa7:d449:: with SMTP id q9mr1025363edr.321.1603352751685; Thu, 22 Oct 2020 00:45:51 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1603352751; cv=none; d=google.com; s=arc-20160816; b=AQa39hrfMeXn8w2TBn938Hwfs58Xuti1kZNivegw/eNiLebBNXwSZoBB+UnYy8nXmz AazAfAwXHbJWIWWoBtwXD3C3uLMsjUEc/1oqkpr7dyYXoVTJA47oiQJUtrJIU9tBKG/f vJUMpHthFLCeEZLjrRmve4wOMYjyqAceWDS39iG0dm3rbce5HqBv6MTAPDnSJmTiphwn QGNxG7sBP2yUYQF3FBmuwViqs7qTJ6J6unAqoFI/npeL2q1WeX1MHXztn3yzbM5Wo/gg oykDMdaVDFkHgD112NYfNQeg8ZHKIsjsvziWff1p0B1qGQEbqUX82Ffb4s3c3bA4zSu0 TTVg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=ia1bvcLIGRlULe3HUUv1lS8YCwcY+Jyv65hKmvu1yYo=; b=spia27KtiKbnHxeWokTZGbguKSQNI5rBzertN7TmsYXIPZtdCMBHusYtiC2UDWz5gg Flrhx4T0g6UrKfEE/1ONubp1x8TTvcAhxGuaFGkZyh0yBVnXvg4HZg4FMUzq3LevTMV5 FSFNwcXyGl4oTv9gdcOH+uVnuTfju5fHCIWz+pgZzN77X22s6fNFkOChhxBJtLd/ZX74 bZzIJFGeTe4MLScJm4nTXxyDFJ6US1VobA7f+GPyTKHfkwmkmizTf8/IFTgHGYKUFZSI PX3cRKGAPUMEJFYjC3XOKxqgvDNkcFB45aGuAoDda8iyKVr67K4FA8qcy44roUcOAEeM xRFg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@oracle.com header.s=corp-2020-01-29 header.b=T+mPkrUL; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id g14si400919ejr.221.2020.10.22.00.45.29; Thu, 22 Oct 2020 00:45:51 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@oracle.com header.s=corp-2020-01-29 header.b=T+mPkrUL; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2507359AbgJUX7L (ORCPT + 99 others); Wed, 21 Oct 2020 19:59:11 -0400 Received: from userp2120.oracle.com ([156.151.31.85]:56196 "EHLO userp2120.oracle.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2507354AbgJUX7L (ORCPT ); Wed, 21 Oct 2020 19:59:11 -0400 Received: from pps.filterd (userp2120.oracle.com [127.0.0.1]) by userp2120.oracle.com (8.16.0.42/8.16.0.42) with SMTP id 09LNsmm4104771; Wed, 21 Oct 2020 23:59:00 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=from : to : cc : subject : date : message-id : mime-version : content-transfer-encoding; s=corp-2020-01-29; bh=ia1bvcLIGRlULe3HUUv1lS8YCwcY+Jyv65hKmvu1yYo=; b=T+mPkrULepGxEyQ+/ozMIxARHfBx1kgMxaNvSMGMmxaAPv19uO3pCsUhIFHIdaPQlJua Dz+efSUQ3HiZ2ExKj7c9rRko9VWVnYFu/UFUwqN23SoVSIFwyjCzciO5Qhql8VHhzFEU ol9ZFqhXQkokyJQ2D716Vbq6G+1u6bJmtHLDrWru8wBpL/ZYM1kIQR+eIN5SykFiP8// k1qNNQM9FY5hvRjy0Y8jZAozeRV7my956gX9Lei4ENt/zsPh5bxSqycZlMr51CIdHsPL jBrwZ0K2dgPYwqIW1ICC30GImMIO1EraDqQmBZga87GkOnmQpFrsFY0i5R0HYphniJKm hA== Received: from aserp3020.oracle.com (aserp3020.oracle.com [141.146.126.70]) by userp2120.oracle.com with ESMTP id 34ak16kky0-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Wed, 21 Oct 2020 23:58:59 +0000 Received: from pps.filterd (aserp3020.oracle.com [127.0.0.1]) by aserp3020.oracle.com (8.16.0.42/8.16.0.42) with SMTP id 09LNtheh114258; Wed, 21 Oct 2020 23:58:59 GMT Received: from pps.reinject (localhost [127.0.0.1]) by aserp3020.oracle.com with ESMTP id 348ah086yt-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Wed, 21 Oct 2020 23:58:59 +0000 Received: from aserp3020.oracle.com (aserp3020.oracle.com [127.0.0.1]) by pps.reinject (8.16.0.36/8.16.0.36) with SMTP id 09LNwwIj119041; Wed, 21 Oct 2020 23:58:58 GMT Received: from ca-dev112.us.oracle.com (ca-dev112.us.oracle.com [10.147.25.63]) by aserp3020.oracle.com with ESMTP id 348ah086yg-1; Wed, 21 Oct 2020 23:58:58 +0000 From: saeed.mirzamohammadi@oracle.com To: linux-kernel@vger.kernel.org Cc: b.zolnierkie@samsung.com, akpm@linux-foundation.org, rppt@kernel.org, daniel.vetter@ffwll.ch, jani.nikula@intel.com, gustavoars@kernel.org, dri-devel@lists.freedesktop.org, linux-fbdev@vger.kernel.org Subject: [PATCH 1/1] video: fbdev: fix divide error in fbcon_switch Date: Wed, 21 Oct 2020 16:57:58 -0700 Message-Id: <20201021235758.59993-1-saeed.mirzamohammadi@oracle.com> X-Mailer: git-send-email 2.27.0 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Proofpoint-Virus-Version: vendor=nai engine=6000 definitions=9781 signatures=668682 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 bulkscore=0 phishscore=0 priorityscore=1501 clxscore=1011 malwarescore=0 mlxscore=0 adultscore=0 lowpriorityscore=0 impostorscore=0 spamscore=0 mlxlogscore=999 suspectscore=1 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2009150000 definitions=main-2010210166 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Saeed Mirzamohammadi This patch fixes the issue due to: [ 89.572883] divide_error: 0000 [#1] SMP KASAN PTI [ 89.572897] CPU: 3 PID: 16083 Comm: repro Not tainted 5.9.0-rc7.20200930.rc1.allarch-19-g3e32d0d.syzk #5 [ 89.572902] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 0.5.1 01/01/2011 [ 89.572934] RIP: 0010:cirrusfb_check_var+0x84/0x1260 The error happens when the pixels value is calculated before performing the sanity checks on bits_per_pixel. A bits_per_pixel set to zero causes divide by zero error. This patch moves the calculation after the sanity check. Signed-off-by: Saeed Mirzamohammadi Tested-by: Saeed Mirzamohammadi --- drivers/video/fbdev/cirrusfb.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/video/fbdev/cirrusfb.c b/drivers/video/fbdev/cirrusfb.c index 15a9ee7cd734..a7749101b094 100644 --- a/drivers/video/fbdev/cirrusfb.c +++ b/drivers/video/fbdev/cirrusfb.c @@ -531,7 +531,7 @@ static int cirrusfb_check_var(struct fb_var_screeninfo *var, { int yres; /* memory size in pixels */ - unsigned pixels = info->screen_size * 8 / var->bits_per_pixel; + unsigned int pixels; struct cirrusfb_info *cinfo = info->par; switch (var->bits_per_pixel) { @@ -573,6 +573,7 @@ static int cirrusfb_check_var(struct fb_var_screeninfo *var, return -EINVAL; } + pixels = info->screen_size * 8 / var->bits_per_pixel; if (var->xres_virtual < var->xres) var->xres_virtual = var->xres; /* use highest possible virtual resolution */ -- 2.27.0