github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-07 14:04:54 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
98f401d363
linux/drivers
History
Letu Ren 8fc778ee2f fbdev: fb_pm2fb: Avoid potential divide by zero error 
commit 19f953e743 upstream.

In `do_fb_ioctl()` of fbmem.c, if cmd is FBIOPUT_VSCREENINFO, var will be
copied from user, then go through `fb_set_var()` and
`info->fbops->fb_check_var()` which could may be `pm2fb_check_var()`.
Along the path, `var->pixclock` won't be modified. This function checks
whether reciprocal of `var->pixclock` is too high. If `var->pixclock` is
zero, there will be a divide by zero error. So, it is necessary to check
whether denominator is zero to avoid crash. As this bug is found by
Syzkaller, logs are listed below.

divide error in pm2fb_check_var
Call Trace:
 <TASK>
 fb_set_var+0x367/0xeb0 drivers/video/fbdev/core/fbmem.c:1015
 do_fb_ioctl+0x234/0x670 drivers/video/fbdev/core/fbmem.c:1110
 fb_ioctl+0xdd/0x130 drivers/video/fbdev/core/fbmem.c:1189

Reported-by: Zheyu Ma <zheyuma97@gmail.com>
Signed-off-by: Letu Ren <fantasquex@gmail.com>
Signed-off-by: Helge Deller <deller@gmx.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2022-09-05 10:28:56 +02:00
..
accessibility tty: the rest, stop using tty_schedule_flip() 2022-07-29 17:19:28 +02:00
acpi ACPI: processor: Remove freq Qos request for all CPUs 2022-08-31 17:15:23 +02:00
amba amba: Make the remove callback return void 2022-04-08 14:40:02 +02:00
android
ata ata: libata-eh: Add missing command name 2022-08-25 11:37:50 +02:00
atm atm: idt77252: fix use-after-free bugs caused by tst_timer 2022-08-25 11:38:02 +02:00
auxdisplay
base driver core: fix potential deadlock in __driver_attach 2022-08-21 15:15:55 +02:00
bcma
block loop: Check for overflow while configuring loop 2022-08-31 17:15:22 +02:00
bluetooth Bluetooth: hci_intel: Add check for platform_driver_register 2022-08-21 15:15:49 +02:00
bus bus: hisi_lpc: fix missing platform_device_put() in hisi_lpc_acpi_probe() 2022-08-21 15:15:35 +02:00
cdrom
char random: update comment from copy_to_user() -> copy_to_iter() 2022-06-29 08:59:54 +02:00
clk clk: qcom: clk-alpha-pll: fix clk_trion_pll_configure description 2022-08-25 11:38:14 +02:00
clocksource clocksource/drivers/ixp4xx: remove EXPORT_SYMBOL_GPL from ixp4xx_timer_setup() 2022-07-07 17:52:23 +02:00
connector
counter
cpufreq cpufreq: pmac32-cpufreq: Fix refcount leak bug 2022-07-21 21:20:14 +02:00
cpuidle
crypto crypto: hisilicon/sec - fix auth key size error 2022-08-21 15:15:50 +02:00
dax dax: make sure inodes are flushed before destroy cache 2022-04-08 14:40:16 +02:00
dca
devfreq PM / devfreq: exynos-ppmu: Fix refcount leak in of_get_devfreq_events 2022-07-07 17:52:18 +02:00
dio
dma dmaengine: sprd: Cleanup in .remove() after pm_runtime_get_sync() failed 2022-08-25 11:38:17 +02:00
dma-buf udmabuf: Set the DMA mask for the udmabuf device (v2) 2022-09-05 10:28:55 +02:00
edac EDAC/ghes: Set the DIMM label unconditionally 2022-08-03 12:00:50 +02:00
eisa
extcon extcon: Modify extcon device to be created after driver data is set 2022-06-14 18:32:43 +02:00
firewire firewire: core: extend card->lock in fw_core_handle_bus_reset 2022-05-12 12:25:32 +02:00
firmware firmware: arm_scpi: Ensure scpi_info is not assigned if the probe fails 2022-08-21 15:16:17 +02:00
fpga fpga: altera-pr-ip: fix unsigned comparison with less than zero 2022-08-21 15:15:53 +02:00
fsi fsi: Aspeed: Fix a potential double free 2022-04-08 14:40:23 +02:00
gnss
gpio gpio: gpiolib-of: Fix refcount bugs in of_mm_gpiochip_add_data() 2022-08-21 15:16:01 +02:00
gpu drm/meson: Fix overflow implicit truncation warnings 2022-08-25 11:38:12 +02:00
greybus greybus: svc: fix an error handling bug in gb_svc_hello() 2022-04-08 14:39:50 +02:00
hid HID: hidraw: fix memory leak in hidraw_release() 2022-09-05 10:28:56 +02:00
hsi
hv Drivers: hv: vmbus: Release cpu lock in error case 2022-06-22 14:13:16 +02:00
hwmon hwmon: (drivetemp) Add module alias 2022-08-21 15:15:35 +02:00
hwspinlock
hwtracing intel_th: pci: Add Raptor Lake-S CPU support 2022-08-21 15:16:17 +02:00
i2c i2c: imx: Make sure to unregister adapter on remove() 2022-08-25 11:38:08 +02:00
i3c
ide
idle intel_idle: Disable IBRS during long idle 2022-07-25 11:26:43 +02:00
iio iio: accel: bma400: Reordering of header files 2022-08-21 15:15:54 +02:00
infiniband RDMA/rxe: Limit the number of calls to each tasklet 2022-08-25 11:38:16 +02:00
input Input: gscps2 - check return value of ioremap() in gscps2_probe() 2022-08-21 15:16:15 +02:00
interconnect interconnect: imx: fix max_node_id 2022-08-21 15:16:00 +02:00
iommu iommu/vt-d: avoid invalid memory access via node_online(NUMA_NO_NODE) 2022-08-21 15:16:17 +02:00
ipack
irqchip irqchip/tegra: Fix overflow implicit truncation warnings 2022-08-25 11:38:12 +02:00
isdn
leds
lightnvm lightnvm: disable the subsystem 2022-05-09 09:04:56 +02:00
macintosh macintosh/adb: fix oob read in do_adb_query() function 2022-08-11 13:06:47 +02:00
mailbox mailbox: forward the hrtimer if not queued and under a lock 2022-06-09 10:21:18 +02:00
mcb
md md: call __md_stop_writes in md_stop 2022-08-31 17:15:23 +02:00
media media: pvrusb2: fix memory leak in pvr_probe 2022-09-05 10:28:56 +02:00
memory memory: samsung: exynos5422-dmc: Fix refcount leak in of_get_dram_timings 2022-06-29 08:59:54 +02:00
memstick memstick/ms_block: Fix a memory leak 2022-08-21 15:15:58 +02:00
message
mfd mfd: max77620: Fix refcount leak in max77620_initialise_fps 2022-08-21 15:16:09 +02:00
misc cxl: Fix a memory leak in an error handling path 2022-08-25 11:38:15 +02:00
mmc mmc: meson-gx: Fix an error handling path in meson_mmc_probe() 2022-08-25 11:37:50 +02:00
most
mtd mtd: rawnand: arasan: Prevent an unsupported configuration 2022-08-21 15:16:26 +02:00
mux
net ionic: fix up issues with handling EAGAIN on FW cmds 2022-08-31 17:15:21 +02:00
nfc nfc: pn533: Fix use-after-free bugs caused by pn532_cmd_timeout 2022-08-31 17:15:16 +02:00
ntb NTB: ntb_tool: uninitialized heap data in tool_fn_write() 2022-08-25 11:38:01 +02:00
nubus
nvdimm nvdimm: Fix badblocks clear off-by-one error 2022-07-07 17:52:15 +02:00
nvme nvmet-tcp: fix lockdep complaint on nvmet_tcp_wq flush during queue teardown 2022-08-25 11:38:17 +02:00
nvmem
of of: overlay: do not break notify on NOTIFY_{OK|STOP} 2022-06-09 10:21:03 +02:00
opp opp: Fix error check in dev_pm_opp_attach_genpd() 2022-08-21 15:16:04 +02:00
oprofile
parisc parisc: Check the return value of ioremap() in lba_driver_probe() 2022-08-21 15:15:23 +02:00
parport
pci Revert "PCI/portdrv: Don't disable AER reporting in get_port_device_capability()" 2022-09-05 10:28:55 +02:00
pcmcia pcmcia: db1xxx_ss: restrict to MIPS_DB1XXX boards 2022-06-14 18:32:30 +02:00
perf drivers/perf: arm_spe: Fix consistency of SYS_PMSCR_EL1.CX 2022-08-21 15:15:36 +02:00
phy phy: qcom-qmp: fix pipe-clock imbalance on power-on failure 2022-06-14 18:32:32 +02:00
pinctrl pinctrl: amd: Don't save/restore interrupt status and wake status bits 2022-08-31 17:15:14 +02:00
platform platform/chrome: cros_ec_proto: don't show MKBP version if unsupported 2022-08-25 11:38:12 +02:00
pnp
power power/reset: arm-versatile: Fix refcount leak in versatile_reboot_probe 2022-07-29 17:19:10 +02:00
powercap
pps
ps3
ptp ptp: replace snprintf with sysfs_emit 2022-04-13 21:00:55 +02:00
pwm pwm: lpc18xx-sct: Convert to devm_platform_ioremap_resource() 2022-08-21 15:15:37 +02:00
rapidio
ras
regulator regulator: of: Fix refcount leak bug in of_get_regulation_constraints() 2022-08-21 15:15:36 +02:00
remoteproc remoteproc: sysmon: Wait for SSCTL service to come up 2022-08-21 15:16:08 +02:00
reset reset: tegra-bpmp: Restore Handle errors in BPMP response 2022-04-27 13:53:52 +02:00
rpmsg rpmsg: qcom_smd: Fix refcount leak in qcom_smd_parse_edge 2022-08-21 15:16:08 +02:00
rtc rtc: mt6397: check return value after calling platform_get_resource() 2022-06-14 18:32:33 +02:00
s390 scsi: zfcp: Fix missing auto port scan and thus missing target ports 2022-08-21 15:16:13 +02:00
sbus
scsi scsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq 2022-08-31 17:15:24 +02:00
sfi
sh
siox
slimbus slimbus: qcom: Fix IRQ check in qcom_slim_probe 2022-05-18 10:23:47 +02:00
soc soc: qcom: Make QCOM_RPMPD depend on PM 2022-08-21 15:15:36 +02:00
soundwire soundwire: bus_type: fix remove and shutdown support 2022-08-21 15:15:56 +02:00
spi spi: meson-spicc: add local pow2 clock ops to preserve rate between messages 2022-08-25 11:38:06 +02:00
spmi
ssb
staging staging: rtl8192u: Fix sleep in atomic context bug in dm_fsync_timer_callback 2022-08-21 15:15:57 +02:00
target target: remove an incorrect unmap zeroes data deduction 2022-06-09 10:21:01 +02:00
tc
tee tee: fix memory leak in tee_shm_register() 2022-08-25 11:38:24 +02:00
thermal thermal: sysfs: Fix cooling_device_stats_setup() error code path 2022-08-21 15:15:22 +02:00
thunderbolt
tty tty: serial: Fix refcount leak bug in ucc_uart.c 2022-08-25 11:38:18 +02:00
uio
usb gadgetfs: ep_io - wait until IRQ finishes 2022-08-25 11:38:15 +02:00
vdpa vdpasim: allow to enable a vq repeatedly 2022-06-09 10:21:29 +02:00
vfio vfio: Clear the caps->buf to NULL after free 2022-08-25 11:38:18 +02:00
vhost vringh: Fix loop descriptors check in the indirect cases 2022-06-14 18:32:45 +02:00
video fbdev: fb_pm2fb: Avoid potential divide by zero error 2022-09-05 10:28:56 +02:00
virt vboxguest: Do not use devm for irq 2022-08-25 11:38:14 +02:00
virtio virtio_mmio: Restore guest page size on resume 2022-07-21 21:20:13 +02:00
visorbus
vlynq
vme
w1 w1: w1_therm: fixes w1_seq for ds28ea00 sensors 2022-04-13 21:01:01 +02:00
watchdog watchdog: armada_37xx_wdt: check the return value of devm_ioremap() in armada_37xx_wdt_probe() 2022-08-21 15:16:10 +02:00
xen xen/privcmd: fix error exit of privcmd_ioctl_dm_op() 2022-08-31 17:15:23 +02:00
zorro
Kconfig
Makefile