Received: by 2002:a05:6a10:eb17:0:0:0:0 with SMTP id hx23csp445977pxb; Thu, 9 Sep 2021 04:47:07 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyXN5e15nlA1Ouiw8hB7Zwh74qTKRApqhStYuht2TA/SWBW94NaTNhhHTmrw4fSSmAWtt4W X-Received: by 2002:a05:6e02:dc2:: with SMTP id l2mr2127974ilj.76.1631188027186; Thu, 09 Sep 2021 04:47:07 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1631188027; cv=none; d=google.com; s=arc-20160816; b=B808xjnVu6RSwU9sEx9RtmobIjYePKL3Cl82h1Cd8mez/GnvM1rd6UsaBX4h4MVzQs FYdSTkmh5e4p8DIpjdzowWu9cjM6ineCF/I5FmXPH5NfLFkTuHqdAt19I+7WfnfjvWN/ Kxg0PGl5Uiuw9yfSMStb4qOQH20R+ifaPZ8mGaKjmtdZmUjC113Ich2xj1EMBVioekm/ HqNCN/pNs+29Nbv+c16AHtxw1mvtwwjF/dYruNBdz1pOgrxh0lwj6VfNlmrb/rvX4hN2 c+pMv51yslgp0D9bZI/dtD+L0Zc8BQeGkNKn3OVS/0FBo1D0itSC90tEwdAY01lMPbGM e2Bg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=ZnA7J0jGDMTcWTEBQPzBGi5ikyEFYA5nzreyxXV7bkw=; b=I7Kmcqo7ma2Y1H1o3q/nT5a1R92XJVvgDoNX1wBvScwgfTnrG/RE8VYAHymdVh52Kz 3NbRkwRxpZ31y/nCwj9ZGLufzeA64rSnUoBxBX56rXhRBDnwLqSiipHglnO09Su9soJR WrHyyduARIR2jt4qHiT5HNkyt+D05MIVQsln4dtRpv6s0o22FHHMRYx09jjgSOifPWl5 M4+Wozs+IfcOiyDg0ruO8jKpEFw0XVqD8+U+H7WIhXe9K4CkuvJ6XYuICTj+b+EmBIFr Is2+B6i7hiTKR3lY0BwHmDzt4/I/dbqXPRVtlJQKivqeh3c8ppbna/xnhCsxcvi6NO+k CZZQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=vK5Pmc0M; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id q22si1357560jae.93.2021.09.09.04.46.55; Thu, 09 Sep 2021 04:47:07 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=vK5Pmc0M; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237295AbhIILrU (ORCPT + 99 others); Thu, 9 Sep 2021 07:47:20 -0400 Received: from mail.kernel.org ([198.145.29.99]:46060 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S240122AbhIILoa (ORCPT ); Thu, 9 Sep 2021 07:44:30 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 845A06120C; Thu, 9 Sep 2021 11:42:33 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1631187754; bh=CFxoJqTD6D2XgEUt9WJ2SR1eXohXAMMWRfLmxb/Gz8Q=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=vK5Pmc0MwVgqB4iFKSXRNPUbpGtbTscKWFPGqdhdWlcl+FOPwmWRM3qWT4ilfxOje luMGjk6J0EWS9VBrKLpoP+J3uMmqpJTaogtwQ8SW5NsY/OomeWfmjzIoHWWoPLqHHA L2ypYgWwHYkCKnj0y8SLbnRCgMpYxbIoiQn7dAUWTalJx5NXyHNv+u4q0RLe23iCzD HonsTyKnnGX1P3HSUH6TjPpDEsqSgJbN1R/C22qweTcfYkRvUTgKfKBPfKc/bVAvEI +pjrvwd2CD7h/YS4ZOpQqR1d2Hlv2OdnqRBn2GQ8QIEw+wbu5dxEELvARMZinqzn+b 0KC/TnFbEQ9zw== From: Sasha Levin To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Zheyu Ma , Sam Ravnborg , Sasha Levin , dri-devel@lists.freedesktop.org, linux-fbdev@vger.kernel.org Subject: [PATCH AUTOSEL 5.14 068/252] video: fbdev: asiliantfb: Error out if 'pixclock' equals zero Date: Thu, 9 Sep 2021 07:38:02 -0400 Message-Id: <20210909114106.141462-68-sashal@kernel.org> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20210909114106.141462-1-sashal@kernel.org> References: <20210909114106.141462-1-sashal@kernel.org> MIME-Version: 1.0 X-stable: review X-Patchwork-Hint: Ignore Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Zheyu Ma [ Upstream commit b36b242d4b8ea178f7fd038965e3cac7f30c3f09 ] The userspace program could pass any values to the driver through ioctl() interface. If the driver doesn't check the value of 'pixclock', it may cause divide error. Fix this by checking whether 'pixclock' is zero first. The following log reveals it: [ 43.861711] divide error: 0000 [#1] PREEMPT SMP KASAN PTI [ 43.861737] CPU: 2 PID: 11764 Comm: i740 Not tainted 5.14.0-rc2-00513-gac532c9bbcfb-dirty #224 [ 43.861756] RIP: 0010:asiliantfb_check_var+0x4e/0x730 [ 43.861843] Call Trace: [ 43.861848] ? asiliantfb_remove+0x190/0x190 [ 43.861858] fb_set_var+0x2e4/0xeb0 [ 43.861866] ? fb_blank+0x1a0/0x1a0 [ 43.861873] ? lock_acquire+0x1ef/0x530 [ 43.861884] ? lock_release+0x810/0x810 [ 43.861892] ? lock_is_held_type+0x100/0x140 [ 43.861903] ? ___might_sleep+0x1ee/0x2d0 [ 43.861914] ? __mutex_lock+0x620/0x1190 [ 43.861921] ? do_fb_ioctl+0x313/0x700 [ 43.861929] ? mutex_lock_io_nested+0xfa0/0xfa0 [ 43.861936] ? __this_cpu_preempt_check+0x1d/0x30 [ 43.861944] ? _raw_spin_unlock_irqrestore+0x46/0x60 [ 43.861952] ? lockdep_hardirqs_on+0x59/0x100 [ 43.861959] ? _raw_spin_unlock_irqrestore+0x46/0x60 [ 43.861967] ? trace_hardirqs_on+0x6a/0x1c0 [ 43.861978] do_fb_ioctl+0x31e/0x700 Signed-off-by: Zheyu Ma Signed-off-by: Sam Ravnborg Link: https://patchwork.freedesktop.org/patch/msgid/1627293835-17441-2-git-send-email-zheyuma97@gmail.com Signed-off-by: Sasha Levin --- drivers/video/fbdev/asiliantfb.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/video/fbdev/asiliantfb.c b/drivers/video/fbdev/asiliantfb.c index 3e006da47752..84c56f525889 100644 --- a/drivers/video/fbdev/asiliantfb.c +++ b/drivers/video/fbdev/asiliantfb.c @@ -227,6 +227,9 @@ static int asiliantfb_check_var(struct fb_var_screeninfo *var, { unsigned long Ftarget, ratio, remainder; + if (!var->pixclock) + return -EINVAL; + ratio = 1000000 / var->pixclock; remainder = 1000000 % var->pixclock; Ftarget = 1000000 * ratio + (1000000 * remainder) / var->pixclock; -- 2.30.2