From patchwork Sun Aug 27 18:23:29 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: =?utf-8?q?Jan_H=2E_Sch=C3=B6nherr?=
 <jschoenh@amazon.de>
X-Patchwork-Id: 9923993
Return-Path: <linux-fbdev-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	BC42D60375 for <patchwork-linux-fbdev@patchwork.kernel.org>;
	Sun, 27 Aug 2017 18:24:38 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id AB46C285DE
	for <patchwork-linux-fbdev@patchwork.kernel.org>;
	Sun, 27 Aug 2017 18:24:38 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 8C3152863F; Sun, 27 Aug 2017 18:24:38 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-6.0 required=2.0 tests=BAYES_00,DKIM_ADSP_ALL,
	DKIM_SIGNED, RCVD_IN_DNSWL_HI,
	T_DKIM_INVALID autolearn=ham version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 0B5C1285DE
	for <patchwork-linux-fbdev@patchwork.kernel.org>;
	Sun, 27 Aug 2017 18:24:37 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1751273AbdH0SX5 (ORCPT
	<rfc822;patchwork-linux-fbdev@patchwork.kernel.org>);
	Sun, 27 Aug 2017 14:23:57 -0400
Received: from smtp-fw-6001.amazon.com ([52.95.48.154]:27167 "EHLO
	smtp-fw-6001.amazon.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1751272AbdH0SX5 (ORCPT
	<rfc822;linux-fbdev@vger.kernel.org>);
	Sun, 27 Aug 2017 14:23:57 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=amazon.de; i=@amazon.de; q=dns/txt; s=amazon201209;
	t=1503858236; x=1535394236;
	h=from:to:cc:subject:date:message-id:mime-version:
	content-transfer-encoding;
	bh=6CutbvdAHDE4ePpoN+RQKM3g+9Zsuvct270nKNnLW6Q=;
	b=MfvuzqTPyxIPwLv6hEh2eBDvCmmu6CV1yPGyTIbtKvgaoreeDceupNuV
	JVkG97fpXjpQvKXvlpTQrzdV/7oGTf/wykZkrrYU9HuTvrlqyijzHsdba
	SGj73NB5DJyzAR3znAmxC8Ec1p0Yqw7nfOSHrXI3s5KCsaRjbWkHCpjto c=;
X-IronPort-AV: E=Sophos;i="5.41,437,1498521600"; d="scan'208";a="307306888"
Received: from iad12-co-svc-p1-lb1-vlan3.amazon.com (HELO
	email-inbound-relay-6013.iad6.amazon.com) ([10.43.8.6])
	by smtp-border-fw-out-6001.iad6.amazon.com with
	ESMTP/TLS/DHE-RSA-AES256-SHA; 27 Aug 2017 18:23:49 +0000
Received: from u28d244cd5724546b2f74.ant.amazon.com
	(iad7-ws-svc-lb50-vlan2.amazon.com [10.0.93.210])
	by email-inbound-relay-6013.iad6.amazon.com (8.14.7/8.14.7) with
	ESMTP id v7RINgHT014534
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO);
	Sun, 27 Aug 2017 18:23:45 GMT
Received: from u28d244cd5724546b2f74.ant.amazon.com (localhost [127.0.0.1])
	by u28d244cd5724546b2f74.ant.amazon.com
	(8.14.4/8.14.4/Debian-2ubuntu2.1) with ESMTP id v7RINfia014976;
	Sun, 27 Aug 2017 20:23:41 +0200
Received: (from jschoenh@localhost)
	by u28d244cd5724546b2f74.ant.amazon.com (8.14.4/8.14.4/Submit) id
	v7RINdQh014968; Sun, 27 Aug 2017 20:23:39 +0200
From: =?UTF-8?q?Jan=20H=2E=20Sch=C3=B6nherr?= <jschoenh@amazon.de>
To: Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	Jiri Slaby <jslaby@suse.cz>, linux-fbdev@vger.kernel.org,
	=?UTF-8?q?Jan=20H=2E=20Sch=C3=B6nherr?= <jschoenh@amazon.de>
Subject: [PATCH] vgacon: Prevent faulty bootparams.screeninfo from causing
	harm
Date: Sun, 27 Aug 2017 20:23:29 +0200
Message-Id: <1503858209-14909-1-git-send-email-jschoenh@amazon.de>
X-Mailer: git-send-email 2.3.1.dirty
MIME-Version: 1.0
Sender: linux-fbdev-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-fbdev.vger.kernel.org>
X-Mailing-List: linux-fbdev@vger.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

If a zero for the number of colums or rows manages to slip through,
gotoxy() will underflow vc->vc_pos, causing the next action on the
referenced memory to end with a page fault.

Make the check in vgacon_startup() more pessimistic to prevent that.

Signed-off-by: Jan H. Schönherr <jschoenh@amazon.de>
---
 drivers/video/console/vgacon.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/drivers/video/console/vgacon.c b/drivers/video/console/vgacon.c
index dc06cb6..445b1dc 100644
--- a/drivers/video/console/vgacon.c
+++ b/drivers/video/console/vgacon.c
@@ -398,9 +398,8 @@ static const char *vgacon_startup(void)
 #endif
 	}
 
-	/* boot_params.screen_info initialized? */
-	if ((screen_info.orig_video_mode  == 0) &&
-	    (screen_info.orig_video_lines == 0) &&
+	/* boot_params.screen_info reasonably initialized? */
+	if ((screen_info.orig_video_lines == 0) ||
 	    (screen_info.orig_video_cols  == 0))
 		goto no_vga;