From patchwork Sat Jun 25 23:27:01 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Helge Deller X-Patchwork-Id: 12895530 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id D3BAACCA47E for ; Sat, 25 Jun 2022 23:27:12 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233365AbiFYX1M (ORCPT ); Sat, 25 Jun 2022 19:27:12 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51714 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233648AbiFYX1K (ORCPT ); Sat, 25 Jun 2022 19:27:10 -0400 Received: from mout.gmx.net (mout.gmx.net [212.227.15.15]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 515521262F for ; Sat, 25 Jun 2022 16:27:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.net; s=badeba3b8450; t=1656199624; bh=tRqvkgP3s46IORRaOk1LZP5YQEeJ21rrrTXuUbKXSvE=; h=X-UI-Sender-Class:From:To:Subject:Date:In-Reply-To:References; b=ekyLueu3q4yEKiZDvMkn+rLTB9o/oGUxKPmhZqM6vvBVlIaRBjInTvrGfT243U19e Sfq3Ic1xWr26A5K00TNFl2/YryPaexB0y5vaIgoUhlFDRT3JSkh57mW0+gmDGLPt6q HSar6354k5GxRXcRqR2SVflqcEQmJtU4TQahCAeY= X-UI-Sender-Class: 01bb95c1-4bf8-414a-932a-4f6e2808ef9c Received: from p100.fritz.box ([92.116.162.44]) by mail.gmx.net (mrgmx004 [212.227.17.190]) with ESMTPSA (Nemesis) id 1Mo6v3-1nK5rv1qWp-00pb5f; Sun, 26 Jun 2022 01:27:04 +0200 From: Helge Deller To: dri-devel@lists.freedesktop.org, daniel.vetter@ffwll.ch, linux-fbdev@vger.kernel.org Subject: [PATCH v4 1/3] fbcon: Disallow setting font bigger than screen size Date: Sun, 26 Jun 2022 01:27:01 +0200 Message-Id: <20220625232703.401821-2-deller@gmx.de> X-Mailer: git-send-email 2.35.3 In-Reply-To: <20220625232703.401821-1-deller@gmx.de> References: <20220625232703.401821-1-deller@gmx.de> MIME-Version: 1.0 X-Provags-ID: V03:K1:kPgt/ZBrXeMKs7bGhKl4XwlKHLKK75ciK7MEj01fO2LR5SVO5M1 k2oCKgWk+XQTUSU/0PQAzXJWtZUVy8Yj4iG54SUXaQ6q2wu43DbcaSVFvvdx692b4T0SxEO jbF/iGrtAS22ja+FAtweeifaWJRIT+EryrHEKpVBLrNiAAV8fAYvHl7fxb96KY3OO4abrKS nkFqR1ToqxUdOI4LkRxMw== X-UI-Out-Filterresults: notjunk:1;V03:K0:OHawpzh/pyk=:5h8Q7LLBjRQrXxPueJBVtA t47X7LA84ma/ZC7qjwFI93R3g4HZuvVZmtuA0JXDcrgZ5/0FLDbUOMvH9ZynuYFysx1rrBduM nSF5p4iI/f7qaB3ySTO7wtlEEDpn1i1nb3vm5tqamh++dzqswZiL5+m6g4sc8hQkfZ+Wu0rgu EgrqK+gxYdFrVgb/ArtzaKzWMg+8Ol0OdbiykSseY84PQeRkLGopK7mCTXbRPk8823/eTvMAl w1sT21xa3xaeM5XnuDK67KPgc8EDIYpZdMJqwNtYt6ouiw83PHqJ5giRWXbgnIDlFg5lPnh/r gnBRtTkUTJhjnIMi8d73XunVveKlVgCvp17fNYOtyIPT6oIbx7Hnw2OeFAtDTLY7wxHjCWkjT T1mbh4osqLB8H3wWkeLOGDpodYeW+FDE5W8ogQUBNKJWHbyFk1dgmMcuNp00iRMUUhv1as0TO CYIlim9Gp+pQtqgO4eQ1yKwFbmwnNeLBdrSSqhsfX3JhF0NveX7HHwCEc+rVxW0nx3ukA7wlF NDGtj23XI9p6Pr7uzfB/ctlW90G1yV95CvWAibLoSJX+lHeIuxa9WkG8F33fGmEkoO61848ON rjrUdjQTeAqZ/C7FnAirMc+0hMfHgKEH+eiQFKHCg61SS81FmAF7fD39Rj7ASMpW91SsED2TO Y3a+6TK/xxKXR2esnssX7WMLpJd03AOw0znAYnsbaIVJoNW8ywpo0afn/WQ2KyEqPSLVK7KFd PPdFOjuzZEQA7arBvgf89yThWZrO1myqiyWpdwduiPiyxOdw63RPqoGUM2jTp6V1olfBIaoJK r49ydJHfmmH8LEp99svTRAe24y6O/aZBRT3VOBQ4V6bmMK3coIu+Va2Y07qPa1yVMiRdsTq9W Pg8Kskwnd6+kMnlM0JlddM2euC24x/C8j+HddGvFvxwyKxNOz+BMCamPYMB17/nA+BNeLm68e JJ5rnbDtLZ5XJsJQ7L2Z0r/bL/O999qjJp5huUOLBxhd7L4szFBEpiLxhRZaapEe0narWP9qa 8fXWY9o403FEBZ+yAQGpLN7kewcIB2l7KPYl71cPdbkgZ0+pa80aSOwAHFd7o2VXrtwwS1tBY bSx3Y/CbNiiVKM4t6sGRUkP5B7L/ZtWIWWSM20Bru9wYGYYZUfdH1zuWg== Precedence: bulk List-ID: X-Mailing-List: linux-fbdev@vger.kernel.org Prevent that users set a font size which is bigger than the physical screen. It's unlikely this may happen (because screens are usually much larger than the fonts and each font char is limited to 32x32 pixels), but it may happen on smaller screens/LCD displays. Signed-off-by: Helge Deller Reviewed-by: Daniel Vetter Cc: stable@vger.kernel.org # v4.14+ --- drivers/video/fbdev/core/fbcon.c | 5 +++++ 1 file changed, 5 insertions(+) -- 2.35.3 diff --git a/drivers/video/fbdev/core/fbcon.c b/drivers/video/fbdev/core/fbcon.c index c4e91715ef00..e162d5e753e5 100644 --- a/drivers/video/fbdev/core/fbcon.c +++ b/drivers/video/fbdev/core/fbcon.c @@ -2469,6 +2469,11 @@ static int fbcon_set_font(struct vc_data *vc, struct console_font *font, if (charcount != 256 && charcount != 512) return -EINVAL; + /* font bigger than screen resolution ? */ + if (font->width > FBCON_SWAP(info->var.rotate, info->var.xres, info->var.yres) || + font->height > FBCON_SWAP(info->var.rotate, info->var.yres, info->var.xres)) + return -EINVAL; + /* Make sure drawing engine can handle the font */ if (!(info->pixmap.blit_x & (1 << (font->width - 1))) || !(info->pixmap.blit_y & (1 << (font->height - 1)))) From patchwork Sat Jun 25 23:27:02 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Helge Deller X-Patchwork-Id: 12895529 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 594CBC433EF for ; Sat, 25 Jun 2022 23:27:12 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233693AbiFYX1L (ORCPT ); Sat, 25 Jun 2022 19:27:11 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51710 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233550AbiFYX1K (ORCPT ); Sat, 25 Jun 2022 19:27:10 -0400 Received: from mout.gmx.net (mout.gmx.net [212.227.15.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 226B212629 for ; Sat, 25 Jun 2022 16:27:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.net; s=badeba3b8450; t=1656199624; bh=nfABXp4+4Nirl11sxz+LuJ8G0460lBsNCoiDTu/FQT8=; h=X-UI-Sender-Class:From:To:Subject:Date:In-Reply-To:References; b=RNxzvEfkKBXioLdUqcCbzQXsHLs+ViVgfhiDCTbVbca6S1Q/EidBqj6hpo7OPcuPB bX2kAyVyG/soQtIvcog9QzcsfIQvB05ePZufsk3UhGfU+2/4JaFy1mYiGT2s13b2j9 dTXjW+gocryUUJGYhJFauuF+U2oEGTGCCrhd9lGI= X-UI-Sender-Class: 01bb95c1-4bf8-414a-932a-4f6e2808ef9c Received: from p100.fritz.box ([92.116.162.44]) by mail.gmx.net (mrgmx004 [212.227.17.190]) with ESMTPSA (Nemesis) id 1MeU0k-1nUoQu2QoG-00aSns; Sun, 26 Jun 2022 01:27:04 +0200 From: Helge Deller To: dri-devel@lists.freedesktop.org, daniel.vetter@ffwll.ch, linux-fbdev@vger.kernel.org Subject: [PATCH v4 2/3] fbcon: Prevent that screen size is smaller than font size Date: Sun, 26 Jun 2022 01:27:02 +0200 Message-Id: <20220625232703.401821-3-deller@gmx.de> X-Mailer: git-send-email 2.35.3 In-Reply-To: <20220625232703.401821-1-deller@gmx.de> References: <20220625232703.401821-1-deller@gmx.de> MIME-Version: 1.0 X-Provags-ID: V03:K1:wkuZk46WpVrZtroQJngQJ56MT8kBhZUkpKEwH0MihMZLa3la8eY c88p54UrCwJZ2vo6KLnTBzkuU02KKxr1xvlF8EtvpGHEaP7kk1+7+r7tCAq+zOX1LQjZyhx HxcHT3zyAp34+aZNb6Z11TC3I6bZewvBg6e8SM9g2TJOvrY9YbTCPM/5kcK4Svm0IZETsol J6tmz/hx9l5JNPrMw2txQ== X-UI-Out-Filterresults: notjunk:1;V03:K0:Tt+6iidaFxo=:Uf8yC0Lrwlb/Uym78a7o+H xi30oinsHXhpB8Lqx8xjWUSXouEoTLrMgGKJQyFPxQkr2QTo4YFatb5JRaNzBB8XC9+bCFVB1 SPtz63DkwsRQF1Bb9UJWmelzHq5LKewzB9uo7yPLCyyUS2i7REicn6aB5PGYDLSfnhjlPcLzv NwUj4KWnHbcUmG/YqDAgwJrcekHzrCLL5fdmI5zlUMP5byuDoKhsB7zJddf+cc5xWfTnH/NbA N+tvW8yJKyC7z7xNN201n0KHC4nDRx1HYt/MWDv801rYOntMBU437nh5f+ss+/zldqlF2jqOX 7ER5o6jhk6LVPEq/fKcdFaHj3I0d6Jq5pUfYINkOXa1H8Lr/gJp6eP6LjqZI52x/C6OfCfZ+p YaDx+uqzmKCvDHopatfKaEtO79Xzz3W61UhtZyUXIoNiB5Ms+KyVMxtWvrU7/jKOSz1mMxSON 0+S9BnNR9qVqZUmvZmS/mCeb2e+Kl96Z6DqxhTkydAdobmp8FpYFe9vqT1XryLhzCE/1SzU3+ 6u6xnHUxG2BzUEnoZGQEj08WmeVuiC3rOOU+qbDIVVvb1xmoyk5ennRd3R5LPM+aOujXgw+je g3qFbQurRLoozwKnZEzxnHTUXhelzRFPp4ciMaLcSJU4xSLSWPpkiDNggLZo5AzRy5dqTqLXn Q7JGIlyF4zlTaflf4La7HO2MUCjFoEByqVNM2Ov+NY7VHPON2rkqEcadOflUax/4jNQfnX12f 2HyWDXzKJAXlDlWM6VS/q78a51t5ixSuszMyn2VS/D2edFLpEdsb5s/3SFkuhYRk1hknIBbbJ 2Ur9kojDD1VwEFl0F4eesr90aau5K8q/LUbPDFNO+9CSvAJuv7nKn8XzaTSeQbmej6EROMaNL wN2YnukILbaEld/sgTvWiO9s4SKWsE7em35RqqyP7tt1pWCiWdsnsInvFJ8RSHZIgVRKe0kbF QQMS/VOJUGEKmLP102yw9qJf9dhcEZrrY+d1e8OuYHTvKwrM19PuAeLPXKdICjTSY/QvTNWsZ KHEnXuN3PzZGpYEV9VG28RgVoimWHA8b5CBq6qiv4ff/EIaQuLMHour8TeSpysTQvXEsBJlxu c3/dLL5M6Dd8Ci839pY8/GHa7bcX+SCFBg4XKQ9WTmqZoZuftRFm2elUw== Precedence: bulk List-ID: X-Mailing-List: linux-fbdev@vger.kernel.org We need to prevent that users configure a screen size which is smaller than the currently selected font size. Otherwise rendering chars on the screen will access memory outside the graphics memory region. This patch adds a new function fbcon_modechange_possible() which implements this check and which later may be extended with other checks if necessary. The new function is called from the FBIOPUT_VSCREENINFO ioctl handler in fbmem.c, which will return -EINVAL if userspace asked for a too small screen size. This patch depends on commit 409d6c95f9c6 ("fbcon: Introduce wrapper for console->fb_info lookup"), so it needs to be backported as well. Signed-off-by: Helge Deller Cc: stable@vger.kernel.org # v5.4+ Reviewed-by: Daniel Vetter --- drivers/video/fbdev/core/fbcon.c | 27 +++++++++++++++++++++++++++ drivers/video/fbdev/core/fbmem.c | 4 +++- include/linux/fbcon.h | 4 ++++ 3 files changed, 34 insertions(+), 1 deletion(-) -- 2.35.3 diff --git a/drivers/video/fbdev/core/fbcon.c b/drivers/video/fbdev/core/fbcon.c index e162d5e753e5..2ab7515ac842 100644 --- a/drivers/video/fbdev/core/fbcon.c +++ b/drivers/video/fbdev/core/fbcon.c @@ -2736,6 +2736,33 @@ void fbcon_update_vcs(struct fb_info *info, bool all) } EXPORT_SYMBOL(fbcon_update_vcs); +/* let fbcon check if it supports a new screen resolution */ +int fbcon_modechange_possible(struct fb_info *info, struct fb_var_screeninfo *var) +{ + struct fbcon_ops *ops = info->fbcon_par; + struct vc_data *vc; + int i; + + WARN_CONSOLE_UNLOCKED(); + + if (!ops || ops->currcon < 0) + return -EINVAL; + + /* prevent setting a screen size which is smaller than font size */ + for (i = first_fb_vc; i <= last_fb_vc; i++) { + vc = vc_cons[i].d; + if (!vc || fbcon_info_from_console(i) != info) + continue; + + if (vc->vc_font.width > FBCON_SWAP(var->rotate, var->xres, var->yres) || + vc->vc_font.height > FBCON_SWAP(var->rotate, var->yres, var->xres)) + return -EINVAL; + } + + return 0; +} +EXPORT_SYMBOL(fbcon_modechange_possible); + int fbcon_mode_deleted(struct fb_info *info, struct fb_videomode *mode) { diff --git a/drivers/video/fbdev/core/fbmem.c b/drivers/video/fbdev/core/fbmem.c index afa2863670f3..160389365a36 100644 --- a/drivers/video/fbdev/core/fbmem.c +++ b/drivers/video/fbdev/core/fbmem.c @@ -1106,7 +1106,9 @@ static long do_fb_ioctl(struct fb_info *info, unsigned int cmd, return -EFAULT; console_lock(); lock_fb_info(info); - ret = fb_set_var(info, &var); + ret = fbcon_modechange_possible(info, &var); + if (!ret) + ret = fb_set_var(info, &var); if (!ret) fbcon_update_vcs(info, var.activate & FB_ACTIVATE_ALL); unlock_fb_info(info); diff --git a/include/linux/fbcon.h b/include/linux/fbcon.h index ff5596dd30f8..2382dec6d6ab 100644 --- a/include/linux/fbcon.h +++ b/include/linux/fbcon.h @@ -15,6 +15,8 @@ void fbcon_new_modelist(struct fb_info *info); void fbcon_get_requirement(struct fb_info *info, struct fb_blit_caps *caps); void fbcon_fb_blanked(struct fb_info *info, int blank); +int fbcon_modechange_possible(struct fb_info *info, + struct fb_var_screeninfo *var); void fbcon_update_vcs(struct fb_info *info, bool all); void fbcon_remap_all(struct fb_info *info); int fbcon_set_con2fb_map_ioctl(void __user *argp); @@ -33,6 +35,8 @@ static inline void fbcon_new_modelist(struct fb_info *info) {} static inline void fbcon_get_requirement(struct fb_info *info, struct fb_blit_caps *caps) {} static inline void fbcon_fb_blanked(struct fb_info *info, int blank) {} +static inline int fbcon_modechange_possible(struct fb_info *info, + struct fb_var_screeninfo *var) { return 0; } static inline void fbcon_update_vcs(struct fb_info *info, bool all) {} static inline void fbcon_remap_all(struct fb_info *info) {} static inline int fbcon_set_con2fb_map_ioctl(void __user *argp) { return 0; } From patchwork Sat Jun 25 23:27:03 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Helge Deller X-Patchwork-Id: 12895531 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3D32ACCA481 for ; Sat, 25 Jun 2022 23:27:13 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233648AbiFYX1M (ORCPT ); Sat, 25 Jun 2022 19:27:12 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51712 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233580AbiFYX1K (ORCPT ); Sat, 25 Jun 2022 19:27:10 -0400 Received: from mout.gmx.net (mout.gmx.net [212.227.15.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 514711262B for ; Sat, 25 Jun 2022 16:27:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.net; s=badeba3b8450; t=1656199624; bh=+UUHAoLGglrFmQ1D3PopMLV9eHPVTbS6pQ95MJjQz8E=; h=X-UI-Sender-Class:From:To:Subject:Date:In-Reply-To:References; b=aFGFieeK+xy/S1PqFRCeV7CE4yN+krnXDIPo7rdihu6FU7amdsZyQDJusb15DkENo VXym5PcDvwhw4X+GgBNzM1oujL+JpfoaU3iirMR1V91RIAf+LTxNxOU32kftbzXC7C MbUSsbfk8Ur1R2hDbhGbLEOuDfGNqQ//og3tR1dQ= X-UI-Sender-Class: 01bb95c1-4bf8-414a-932a-4f6e2808ef9c Received: from p100.fritz.box ([92.116.162.44]) by mail.gmx.net (mrgmx004 [212.227.17.190]) with ESMTPSA (Nemesis) id 1N0X8o-1ni3xs2zjA-00wVts; Sun, 26 Jun 2022 01:27:04 +0200 From: Helge Deller To: dri-devel@lists.freedesktop.org, daniel.vetter@ffwll.ch, linux-fbdev@vger.kernel.org Subject: [PATCH v4 3/3] fbmem: Prevent invalid virtual screen sizes Date: Sun, 26 Jun 2022 01:27:03 +0200 Message-Id: <20220625232703.401821-4-deller@gmx.de> X-Mailer: git-send-email 2.35.3 In-Reply-To: <20220625232703.401821-1-deller@gmx.de> References: <20220625232703.401821-1-deller@gmx.de> MIME-Version: 1.0 X-Provags-ID: V03:K1:fhlHNLJqCM8ds5xK1fcv/hiPhHSL0WEc42VnZ3Zz9O3Fq+GF2oB sS4s6a5HZLoKlKinhvMqcaPZq9z6uL+rpDAE37N+Hgewr0bYjPnATJ8Y00z7RQ0tC4Jq4/D oBKHrAp4349nlgbn3CDE3fLvo5ZxC5vuEMrL9eaQNqfVVEeBAV6b9pXJGqJG0OdYeOtGx5l CMzmoyW5eRXTTrrMD1Q0w== X-UI-Out-Filterresults: notjunk:1;V03:K0:fqsV0Ly/PLQ=:Ditle9gpB0CrEsfqZurQEa 7H0kBf2eKyzZwdxq0mzZV3bovG5ouiT+OYSPcVlY2A/AA45bG6bzhm/WaYu94ke8ihPRHbVt7 JGaztrXlGCAubLdXpRDT/5tQo+NRtrru2jspvtEXcBJkE4nqBF4MU8YKOVqQ+DVWNbOtFne+/ wA8gUl5y1+WK3w2Lh9WgseeQyEdO/eAJpECjuG25jkjM1LKLG5Hakx9R0UyV3463SwOdSrzs+ Oz0JS7NuVTCiMCN5zzoOGc2VAshvb0HU0d33MzXaa13/MfAYEzHZAy7rgA5HuyFywtkyczWuB n1h6ULaByE92hOLcf5ZESI3BMAVGxhxao2s9ZW+s3mSdkM0m8mibo6PR8pxs3Z8IBJs6LK1to wwCX+1WknvmFCEjF2Mgd0rFCOdreB+i0RF8Dgckpf3jz2iJ9ezqEtQvuU8r+nOUPORuipfHtK iT229ZR+YJ0+Z/fAqbvkWkiwg9Zjp+1RJkd4/4jeprCcY1oD0MiSWmCbU+NDI9818RJ5jHcjA 4bmJ/huGxpbAYjuRvEzyxjCYLsx/Q1tzTaKxsut0dUTjccJkt2K6m+a4zSbrLLtfuwXpuTVOH BJflmnJCuA3zGGGCz97naTffBp4j9dmGKccteoFBSe/KryDh2ZzQ3sN0wxI2OUW4lIFt/a6cw FGHi1t0Bjh5+MEkaqz0WAJep+20W4NafDPQleSgpF42DyB3Z692ejqTTNriorQRAU1T+FA/Ox E1KA7WaSAnHdypRFPguyfm3A3VjzHb0eeIgJ2jCAFdm7Vx4uuH68wfKvW/cCrdPe+aTMd6MiX 3Umc6PUyRrVTLFvb6oOR0Daf+0fMcD/Xj5tgJk8c0YR+7JD848J7XBTr2Cn5ficbJoInJD0y7 YdLPpREWnsDLzWXniCMe+R5liIf2QBBYmZBKq+46Mh/bnfWxPcRQCeWxSHfZReirFj7KSy5/r Clw4n6XixDf1sBocBQ3ZlkcaTSbzAN+dnpWtrVH2bvB7v5zIcAJh/pBZQfC/ExcMARUuYtwZ7 0AzQLzU4Vi89GS4kGeOohQdMkQdwMawayRTG+CJHxNQ5Sc4TUBxwYBb41fAEwC0mNBLSzpOYc s9gHlJzSa9F7cexg5+lX5KkoNNE/RnieyfoZ9ZcHYU3Nd/Vk2mV0hwGQg== Precedence: bulk List-ID: X-Mailing-List: linux-fbdev@vger.kernel.org Prevent that drivers or the user sets the virtual screen resolution smaller than the physical screen resolution. This is important, because otherwise we may access memory outside of the graphics memory area. Signed-off-by: Helge Deller Reviewed-by: Daniel Vetter Cc: stable@vger.kernel.org # v5.4+ --- drivers/video/fbdev/core/fbmem.c | 6 ++++++ 1 file changed, 6 insertions(+) -- 2.35.3 diff --git a/drivers/video/fbdev/core/fbmem.c b/drivers/video/fbdev/core/fbmem.c index 160389365a36..b6e1d0f2b974 100644 --- a/drivers/video/fbdev/core/fbmem.c +++ b/drivers/video/fbdev/core/fbmem.c @@ -1006,6 +1006,12 @@ fb_set_var(struct fb_info *info, struct fb_var_screeninfo *var) if (var->xres < 8 || var->yres < 8) return -EINVAL; + /* make sure virtual resolution >= physical resolution */ + if (var->xres_virtual < var->xres) + return -EINVAL; + if (var->yres_virtual < var->yres) + return -EINVAL; + /* Too huge resolution causes multiplication overflow. */ if (check_mul_overflow(var->xres, var->yres, &unused) || check_mul_overflow(var->xres_virtual, var->yres_virtual, &unused))