On 2022-07-01 16:49, Geert Uytterhoeven wrote: > On Thu, Jun 30, 2022 at 9:38 PM Geert Uytterhoeven <geert@xxxxxxxxxxxxxx> wrote: >> On Thu, Jun 30, 2022 at 9:17 PM Helge Deller <deller@xxxxxx> wrote: >>> On 6/30/22 21:11, Geert Uytterhoeven wrote: >>>> On Wed, Jun 29, 2022 at 10:00 PM Helge Deller <deller@xxxxxx> wrote: >>>>> Prevent that drivers configure a virtual screen resolution smaller than >>>>> the physical screen resolution. This is important, because otherwise we >>>>> may access memory outside of the graphics memory area. >>>>> >>>>> Signed-off-by: Helge Deller <deller@xxxxxx> >>>>> Cc: stable@xxxxxxxxxxxxxxx # v5.4+ >>>> >>>> Thanks for your patch! >>>> >>>>> --- a/drivers/video/fbdev/core/fbmem.c >>>>> +++ b/drivers/video/fbdev/core/fbmem.c >>>>> @@ -1006,6 +1006,12 @@ fb_set_var(struct fb_info *info, struct fb_var_screeninfo *var) >>>>> if (var->xres < 8 || var->yres < 8) >>>>> return -EINVAL; >>>>> >>>>> + /* make sure virtual resolution >= physical resolution */ >>>>> + if (WARN_ON(var->xres_virtual < var->xres)) >>>>> + var->xres_virtual = var->xres; >>>>> + if (WARN_ON(var->yres_virtual < var->yres)) >>>>> + var->yres_virtual = var->yres; >>>> >>>> This should be moved below the call to info->fbops->fb_check_var(), >>>> so the WARN_ON() catches buggy fbdev drivers, not userspace fuzzers. >>> >>> Yes, makes sense. >> >> And print the name of the frame buffer device driver, so people know >> who to blame. > > Or better, do not continue, but return with a failure: > > if (WARN(var->xres_virtual < var->xres || var->yres_virtual < var->yres, > "%ps for %s is broken\n", info->fbops->fb_check_var, info->fix.id) > return -EINVAL; I'd also recommend WARN(_ON)_ONCE, or users with a broken driver might get spammed. -- Earthling Michel Dänzer | https://redhat.com Libre software enthusiast | Mesa and Xwayland developer
