Received: by 2002:a05:6a10:2726:0:0:0:0 with SMTP id ib38csp3505975pxb; Mon, 4 Apr 2022 19:09:49 -0700 (PDT) X-Google-Smtp-Source: ABdhPJx2RxoUSnUls6xs9Mhhl43f3r5oO8j+ZswOg3Xi7pW7ENIpqoCH1OpHL81o8oFK2ynzvX3Z X-Received: by 2002:a65:5ac2:0:b0:399:dea:cd1f with SMTP id d2-20020a655ac2000000b003990deacd1fmr953567pgt.80.1649124589418; Mon, 04 Apr 2022 19:09:49 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1649124589; cv=none; d=google.com; s=arc-20160816; b=w5uaHQqeTa95BD81FCzuwFlPV5RhCejiVFm8PFRJKVRV+v3CKFHiJ7vJVlsX6GQv8j IWEPB6SfdIEUbX7YBeRPkawkRwaBz7/rj5PUgYNIXTl26Q/yS+yei/pdbh1CB6TOR3pi qrPIX3dOEvtWU3ZOQbJxwmh6ex5V9m1dNBFFXzrxCP0L4XZzfQU6pqZHzArgrOMuIAnu J6VhtkfkgvlYr8U0kzoykLN7xLpv3FZzXKVZIjXKQs8eW6ciW2hF5SV20MiHi4EVSWpa yUDmt2I9bLEk/uzlFMSauzy2CyeF0Zcwx75nVF9nLXv60kcHqSsk6WmYmouXeSL+pQIY eX5w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=AsQsOGOBswiqIkfE+MmZmSYrrU64sgPI4cLq7rNPZkk=; b=y81th53mlVTnYlFAJfxapV2JOCfdI1LKwuUuQ9q0BUHAHFvgPoboJR0h9rtLu8uV9Q 7exNhHBrDGJKL0cXu134AHkJSiqAiLZtVGUDDgfolwng7jwQ37dJ3UcHi649t9uKhm+a +Aj6rz0MKLtO/nw48X9xBEOpFtKpadpSPJ3uWEBFUjFQ/+dMapdAD10lixmF2Me6uNsU JlC5RKAAwshJuXv8QYBwrlMKzFtFZaWQ1OfYx8/e2xNZBkgLcVZ9JoL3XA1RovPBkjJb 9E6nEZGq+onSz2Z850C+vTqymOXmyATqyTorhUC1ljjxNt41w4NFiYzQo+xm/166+PiY 1voQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=b4c7KmBW; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [2620:137:e000::1:18]) by mx.google.com with ESMTPS id r2-20020a170902ea4200b00153b2d16570si10979346plg.376.2022.04.04.19.09.49 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 04 Apr 2022 19:09:49 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) client-ip=2620:137:e000::1:18; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=b4c7KmBW; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id B4E63248793; Mon, 4 Apr 2022 17:32:31 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S239686AbiDDIuV (ORCPT + 99 others); Mon, 4 Apr 2022 04:50:21 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50030 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S243582AbiDDIt4 (ORCPT ); Mon, 4 Apr 2022 04:49:56 -0400 Received: from mail-pl1-x634.google.com (mail-pl1-x634.google.com [IPv6:2607:f8b0:4864:20::634]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0F01C30F64; Mon, 4 Apr 2022 01:48:00 -0700 (PDT) Received: by mail-pl1-x634.google.com with SMTP id o10so1663403ple.7; Mon, 04 Apr 2022 01:48:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=AsQsOGOBswiqIkfE+MmZmSYrrU64sgPI4cLq7rNPZkk=; b=b4c7KmBW0dluWZGhagtxX35zeboI86n00qjpygwNWb4mr9DaRZ6+hVK0lwlf8CRknM knRly/iSX7myVM4yjqVn9+5Uhrp+Vd9NDBC9jeUSfKfGic+DoUDOwQVqCgZKUxY4t30s S6co9ns78h8EOSuPT5AW8xTNGw0kx1dbO/fN703kgdlfd9EpmDl6na6IHiv77Z6ogI8H BfBso/WnyYdmflfwlALETgTAH7sMrjnWUAcl9+bTz9wrqXAWCSYTIFxvt91ZxjwL7m0q 04g+YjOhsvC6gzJ7L91krIz8eBRXNArQZXmByvOfA/8CUOj9Ct224O1V/oXSr5Xj6gJ6 EcdQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=AsQsOGOBswiqIkfE+MmZmSYrrU64sgPI4cLq7rNPZkk=; b=PGE67l69uFiC3DwMREm0HDuYgn3dcZkoQ/nbe+SwrJyS4PLSFuXfKeKvCt9Hw8w0yV GzaoSbu2abJ2tBxXDVj9qrbeTTQnIAtAd/tNpdjbTE4t6QBviS2+4TY9anreCWtiAm2x HgbnK3BEyXYuPV9WjA43Z7HPan28s0XIEwgUCqhBb01NuWWMV1klltEczwaJlarzYXz9 pKkzsAysNJbvV0QXs2MlvahjTtLJGXDgoOngJLfd2Rw+O3N/IaDi6SnbHnqBq2UU9+Nr eBkYCf7OvjGjYPnjLHlMcZ5K9b2tPmfzeB753+E2FQDY28JVzPwn7iK009BNyCZ12rvU D9Vg== X-Gm-Message-State: AOAM5321pPgV+RsaPG3q4bci2+jgDIemhlXtCXgUY9uiQNIptmWzmTsg CftVhF7UdJIakooz6TXI2rD9hHl2L4tMMDMysQ== X-Received: by 2002:a17:902:8f94:b0:14f:d9b3:52c2 with SMTP id z20-20020a1709028f9400b0014fd9b352c2mr21780055plo.103.1649062080299; Mon, 04 Apr 2022 01:48:00 -0700 (PDT) Received: from localhost.localdomain ([144.202.91.207]) by smtp.gmail.com with ESMTPSA id u6-20020a17090a3fc600b001ca88b0bdfesm3991960pjm.13.2022.04.04.01.47.58 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 04 Apr 2022 01:48:00 -0700 (PDT) From: Zheyu Ma To: deller@gmx.de Cc: linux-fbdev@vger.kernel.org, dri-devel@lists.freedesktop.org, linux-kernel@vger.kernel.org, Zheyu Ma Subject: [PATCH 6/7] video: fbdev: arkfb: Error out if 'pixclock' equals zero Date: Mon, 4 Apr 2022 16:47:22 +0800 Message-Id: <20220404084723.79089-7-zheyuma97@gmail.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220404084723.79089-1-zheyuma97@gmail.com> References: <20220404084723.79089-1-zheyuma97@gmail.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-1.7 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RDNS_NONE, SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org The userspace program could pass any values to the driver through ioctl() interface. If the driver doesn't check the value of 'pixclock', it may cause divide error. Fix this by checking whether 'pixclock' is zero. The following log reveals it: [ 76.603696] divide error: 0000 [#1] PREEMPT SMP KASAN PTI [ 76.603712] RIP: 0010:arkfb_set_par+0x10fc/0x24f0 [ 76.603762] Call Trace: [ 76.603764] [ 76.603773] fb_set_var+0x604/0xeb0 [ 76.603827] do_fb_ioctl+0x234/0x670 [ 76.603873] fb_ioctl+0xdd/0x130 [ 76.603881] do_syscall_64+0x3b/0x90 Signed-off-by: Zheyu Ma --- drivers/video/fbdev/arkfb.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/video/fbdev/arkfb.c b/drivers/video/fbdev/arkfb.c index edf169d0816e..eb3e47c58c5f 100644 --- a/drivers/video/fbdev/arkfb.c +++ b/drivers/video/fbdev/arkfb.c @@ -566,6 +566,9 @@ static int arkfb_check_var(struct fb_var_screeninfo *var, struct fb_info *info) { int rv, mem, step; + if (!var->pixclock) + return -EINVAL; + /* Find appropriate format */ rv = svga_match_format (arkfb_formats, var, NULL); if (rv < 0) -- 2.25.1