Received: by 2002:a05:6a10:2726:0:0:0:0 with SMTP id ib38csp3538772pxb;
        Mon, 4 Apr 2022 20:27:16 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJxJm0RB9xty62k+ND2kmFpdQpy6RZnmKtC1jBUxiq/80i/1ACLJ6bOCEAOXb5HbqLDEV0/C
X-Received: by 2002:a17:902:d0d2:b0:156:caaa:6c16 with SMTP id n18-20020a170902d0d200b00156caaa6c16mr1424026pln.81.1649129236342;
        Mon, 04 Apr 2022 20:27:16 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1649129236; cv=none;
        d=google.com; s=arc-20160816;
        b=twPkG+b7tF3QjKrgwwsIr1bvjzcX5VcU8qpBc0oMWPcChoDGQYJMQUFSY1ZxX0zPhz
         5gATXLlIEk6p6OggJTFWN/Z5Lm8VQjOT5EPAkJ4kzMfgat98sSJl+xWjZRVhy6YKiEnj
         bEZGoVmabHZK89QWPKQlX44EEvkrc8N28swPpclP0WPpICbrLMmQAIl16tDiOR0vuHv4
         XaKAfSvg4yh7E1sHdl5YuDuyJPztutjum9FOqevIIvfS5A8ueb8ohkFTKmJJSOE5l7B1
         VykSLDt/Rx55af4lPUz48tqP1NzSgG2+6yFfeJ777VQ1Bk2lo6rAmrs8hv1/pSsG9A1y
         wegQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :references:in-reply-to:message-id:date:subject:cc:to:from
         :dkim-signature;
        bh=SWpUGp4NjV3mF23nQixJRErG81vz0xeRsfDHiseYmFE=;
        b=b80Gh3eRCHx+8vvl3u/SgjZP4ghbPKTxvTWRMqsngz+4pwYxgwt5SA5jDe1rlGsB5r
         gh/mXl/vAygNTxp9pTVYMux4P74fIjwpHyjAalUSrBDo+QsXA8F8oxIg1LHfdOLzqPCP
         ARhBg4I/RaYrKuUcfEiIQ0sU8QgRyaoHoOsyXCZ0lTERRd0ATUm4AopurmtRW7VSRElK
         QzmRJkVtXrJN/9mgjXXN8vJZL8gG6fkdtIVndR8LlLCjBI3TdpdLeVSKXOWXuPs/zCC/
         ma4qWoC77UkOHUqNgNbM/R1tz1BBX30qRnsrMngLyPgM5KgfDWFuAXXZxiUKxNimeQPW
         GtqA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20210112 header.b=b0BitWdv;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [2620:137:e000::1:18])
        by mx.google.com with ESMTPS id n12-20020a170902d2cc00b00153b2d16424si12309367plc.44.2022.04.04.20.27.16
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 04 Apr 2022 20:27:16 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) client-ip=2620:137:e000::1:18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20210112 header.b=b0BitWdv;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by lindbergh.monkeyblade.net (Postfix) with ESMTP id AFFF166F8B;
	Mon,  4 Apr 2022 18:26:52 -0700 (PDT)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S244528AbiDDIu1 (ORCPT <rfc822;0x.yzhang@gmail.com> + 99 others);
        Mon, 4 Apr 2022 04:50:27 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49574 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S242942AbiDDIty (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 4 Apr 2022 04:49:54 -0400
Received: from mail-pf1-x42a.google.com (mail-pf1-x42a.google.com [IPv6:2607:f8b0:4864:20::42a])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7EA263BBC1;
        Mon,  4 Apr 2022 01:47:58 -0700 (PDT)
Received: by mail-pf1-x42a.google.com with SMTP id w7so8298022pfu.11;
        Mon, 04 Apr 2022 01:47:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=from:to:cc:subject:date:message-id:in-reply-to:references
         :mime-version:content-transfer-encoding;
        bh=SWpUGp4NjV3mF23nQixJRErG81vz0xeRsfDHiseYmFE=;
        b=b0BitWdvZHTGzL4flNceTWdnxQtwSwZY5rAnnRUa1Ml+nFqLcBJ2kKJx/fs6xfPFvl
         CnhHwqlgN/roC4WdLsqaGZsrjw6Ld8wHYNg7TEz0LuvMMuJCYT1osfRnlImjbXzJc5Gj
         9vDQNbKfeIWAgtHngp01v6YPYfxabAvWqaqYHRs2bqWl2kkaRyMwlJu+2ZrhHUj5PLrs
         yjl5sBxSLIL93Y2FN9GX0kX6956qgWteXsvblXuZLS6Fbf4RptxQoU6nDZ3xBJFrZK1w
         V/7LXCAYAJvqjwVBn/J4+KZoqUzskh2ygSUXO4hEz6OnN7FCJ/rzL3/obwNAklbZ0TYN
         kF+w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=SWpUGp4NjV3mF23nQixJRErG81vz0xeRsfDHiseYmFE=;
        b=US3FOB8Gtnk1/PBVb5AQnDtER/KrYNkkV5H/VOqKsxiunR5xi+VVVOwkqObSPGGhFY
         KmUHtzrfbvJvYouCAGXTuwNN9759HCQBMDWKNFAR0BgeVxwXZULP/OpsMlGOp2LN16L0
         1wMtjEg5sW6Eok/8C3nTHt31Kb/kzzLipr2d2mX2V1yzA+ZwWQbK9nkzJJfjnDlDV577
         UYdkwpPkWA3jnHH53Uz5rHABiYuB4cDaX3/yRY9GAP5/pssZVYCxjMYtSH0+2gI30ZGP
         Y+uQabOT3GCah8/BFh/ct9Yud4QUw8PfT6D/1pPtDjnHBTlQ60WlmoIwk/1pLwM9za8f
         Lt6Q==
X-Gm-Message-State: AOAM531c2QFmkLERUiz1dsUhZ3Y8a3t9DIb+ZdP1XoA/KdMzHP7dBd81
        T9T6PKlWmz2oFSCbObpAxYlUu4XOxCWdYsBAuw==
X-Received: by 2002:a63:4f08:0:b0:34c:6090:603e with SMTP id d8-20020a634f08000000b0034c6090603emr24435870pgb.15.1649062077959;
        Mon, 04 Apr 2022 01:47:57 -0700 (PDT)
Received: from localhost.localdomain ([144.202.91.207])
        by smtp.gmail.com with ESMTPSA id u6-20020a17090a3fc600b001ca88b0bdfesm3991960pjm.13.2022.04.04.01.47.56
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 04 Apr 2022 01:47:57 -0700 (PDT)
From:   Zheyu Ma <zheyuma97@gmail.com>
To:     deller@gmx.de
Cc:     linux-fbdev@vger.kernel.org, dri-devel@lists.freedesktop.org,
        linux-kernel@vger.kernel.org, Zheyu Ma <zheyuma97@gmail.com>
Subject: [PATCH 5/7] video: fbdev: tridentfb: Error out if 'pixclock' equals zero
Date:   Mon,  4 Apr 2022 16:47:21 +0800
Message-Id: <20220404084723.79089-6-zheyuma97@gmail.com>
X-Mailer: git-send-email 2.25.1
In-Reply-To: <20220404084723.79089-1-zheyuma97@gmail.com>
References: <20220404084723.79089-1-zheyuma97@gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-1.7 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM,
	HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RDNS_NONE,
	SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no
	version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
	lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

The userspace program could pass any values to the driver through
ioctl() interface. If the driver doesn't check the value of 'pixclock',
it may cause divide error.

Fix this by checking whether 'pixclock' is zero.

The following log reveals it:

[   38.260715] divide error: 0000 [#1] PREEMPT SMP KASAN PTI
[   38.260733] RIP: 0010:tridentfb_check_var+0x853/0xe60
[   38.260791] Call Trace:
[   38.260793]  <TASK>
[   38.260796]  fb_set_var+0x367/0xeb0
[   38.260879]  do_fb_ioctl+0x234/0x670
[   38.260922]  fb_ioctl+0xdd/0x130
[   38.260930]  do_syscall_64+0x3b/0x90

Signed-off-by: Zheyu Ma <zheyuma97@gmail.com>
---
 drivers/video/fbdev/tridentfb.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/drivers/video/fbdev/tridentfb.c b/drivers/video/fbdev/tridentfb.c
index 4d20cb557ff0..319131bd72cf 100644
--- a/drivers/video/fbdev/tridentfb.c
+++ b/drivers/video/fbdev/tridentfb.c
@@ -996,6 +996,9 @@ static int tridentfb_check_var(struct fb_var_screeninfo *var,
 	int ramdac = 230000; /* 230MHz for most 3D chips */
 	debug("enter\n");
 
+	if (!var->pixclock)
+		return -EINVAL;
+
 	/* check color depth */
 	if (bpp == 24)
 		bpp = var->bits_per_pixel = 32;
-- 
2.25.1