Received: by 2002:a05:6a10:1d13:0:0:0:0 with SMTP id pp19csp3340235pxb; Sun, 29 Aug 2021 22:46:55 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwf7uwLOkmlJfVAXAvqK0tK8kQNL7xZ2L9RwaFZxniDf9/Z67yPlLS4BDnW42UTQD5t9Bxf X-Received: by 2002:a17:907:f97:: with SMTP id kb23mr23278184ejc.15.1630302415595; Sun, 29 Aug 2021 22:46:55 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1630302415; cv=none; d=google.com; s=arc-20160816; b=cxh6fCodYjZUenczZ9qUxoppEJ6L1CQM3iTdFjLbuEXoSrh8Da2e9+cHt4KOI45gFG N0ZYxyGQbxHoQGhKLNiUuE6IwSK/aEhIFZoic3vUKNV2RLbRbv+03/5Kq3BUb17Abe7y UMs9is55+Lv53O1HTFOfSiq2Zwb9gU02xWK11cg4bUT/MitNfVARWeW53Irafu7+LNlP hsLSRKn9AXOvTNMhGbQvFYz8u9M4kTDzLvlMSAaROj6f3N6W8CR1b082I0MMs/uRsOUQ vAsQNM/gQh62AGXKDJyODXOihZtnmKJ8M1NmalVHYjaHjJ/XZ6wKa31dDHAcKGru5TyR 1LQQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=URrnYRjGdCz6zQ20G8qlbzoMJR74nkkZ4HcCaHRwG5A=; b=GUPUE1lQdzewVYpvw+yk23OsN+7RLijfax04rT/2Mrj3JMkzAesou7EsaRrekF0BA1 qdyPNYZNk89SxJMFZbwAxH8SmzctXnql0/DTjj1lotUuks5zpztz+MgHj7/Kck1s5PDa xVSwocPNKln6NNmzS0Yd8/wn/q6gRPtQEL0M4bl0GJ0jQUNLcVtCYc3D+O4/ENrK3Kcm CemGgdVxmIblse7DSt1mrSKgPVc4407x/bysB3GiOxIZA+G/9bQOO9xnlyhrtkTL4Ea8 WafujesOXBRTW8qdLIFgxzV15hwU35P9HXJ4NIR87qZ45q9mzIeE7WS3EO/yIQg1OLkm 6KiQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=HayGxGtZ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id e1si17220760edl.348.2021.08.29.22.46.30; Sun, 29 Aug 2021 22:46:55 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=HayGxGtZ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231741AbhH3Fp6 (ORCPT + 99 others); Mon, 30 Aug 2021 01:45:58 -0400 Received: from mail.kernel.org ([198.145.29.99]:42078 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229936AbhH3Fpz (ORCPT ); Mon, 30 Aug 2021 01:45:55 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id C38FD60F57; Mon, 30 Aug 2021 05:45:00 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1630302301; bh=LU8rgY0nlcLGJ0Odp4fZfzKGSi2dMFgS4N01IWoDkt0=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=HayGxGtZ83S7vi18Gk6XUrcgt28QrdBKOAD024qt/XbwSyxM4105omlig777Sf/6K 7Dtv2P+YWO4u9FaOwjIFpaGJdGTWbDfbo2Ooy17hqbRftxkrfZ+fSvC8q5RDxgfCer LGEQKYd/ylznu56w1ZhtnU2weyK+B0e+mBsAQINc= Date: Mon, 30 Aug 2021 07:44:57 +0200 From: Greg KH To: tcs.kernel@gmail.com Cc: daniel.vetter@ffwll.ch, willy@infradead.org, george.kennedy@oracle.com, dri-devel@lists.freedesktop.org, linux-fbdev@vger.kernel.org, linux-kernel@vger.kernel.org, arnd@arndb.de, penguin-kernel@i-love.sakura.ne.jp, Haimin Zhang Subject: Re: [PATCH V4] fbcon: fix fbcon out-of-bounds write in sys_imageblit Message-ID: References: <1630294223-7225-1-git-send-email-tcs_kernel@tencent.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1630294223-7225-1-git-send-email-tcs_kernel@tencent.com> Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Aug 30, 2021 at 11:30:23AM +0800, tcs.kernel@gmail.com wrote: > From: Haimin Zhang > > yres and vyres can be controlled by user mode parameters, and cause > p->vrows to become a negative value. While this value be passed to real_y > function, the ypos will be out of screen range.This is an out-of-bounds > write bug. > some driver will check xres and yres in fb_check_var callback,but some not > so we add a common check after that callback. > > Signed-off-by: Haimin Zhang > Signed-off-by: Tetsuo Handa > --- > drivers/video/fbdev/core/fbmem.c | 4 ++++ > 1 file changed, 4 insertions(+) > > diff --git a/drivers/video/fbdev/core/fbmem.c b/drivers/video/fbdev/core/fbmem.c > index 1c85514..5599372 100644 > --- a/drivers/video/fbdev/core/fbmem.c > +++ b/drivers/video/fbdev/core/fbmem.c > @@ -1013,6 +1013,10 @@ static int fb_check_caps(struct fb_info *info, struct fb_var_screeninfo *var, > if (ret) > return ret; > > + /* virtual resolution cannot be smaller than visible resolution. */ > + if (var->yres_virtual < var->yres || var->xres_virtual < var->xres) > + return -EINVAL; > + > if ((var->activate & FB_ACTIVATE_MASK) != FB_ACTIVATE_NOW) > return 0; > > -- > 1.8.3.1 > Hi, This is the friendly patch-bot of Greg Kroah-Hartman. You have sent him a patch that has triggered this response. He used to manually respond to these common problems, but in order to save his sanity (he kept writing the same thing over and over, yet to different people), I was created. Hopefully you will not take offence and will fix the problem in your patch and resubmit it so that it can be accepted into the Linux kernel tree. You are receiving this message because of the following common error(s) as indicated below: - This looks like a new version of a previously submitted patch, but you did not list below the --- line any changes from the previous version. Please read the section entitled "The canonical patch format" in the kernel file, Documentation/SubmittingPatches for what needs to be done here to properly describe this. If you wish to discuss this problem further, or you have questions about how to resolve this issue, please feel free to respond to this email and Greg will reply once he has dug out from the pending patches received from other developers. thanks, greg k-h's patch email bot