• Zheyu Ma's avatar
    video: fbdev: kyro: Error out if 'pixclock' equals zero · 1520b4b7
    Zheyu Ma authored
    The userspace program could pass any values to the driver through
    ioctl() interface. if the driver doesn't check the value of 'pixclock',
    it may cause divide error because the value of 'lineclock' and
    'frameclock' will be zero.
    
    Fix this by checking whether 'pixclock' is zero in kyrofb_check_var().
    
    The following log reveals it:
    
    [  103.073930] divide error: 0000 [#1] PREEMPT SMP KASAN PTI
    [  103.073942] CPU: 4 PID: 12483 Comm: syz-executor Not tainted 5.14.0-rc2-00478-g2734d6c1-dirty #118
    [  103.073959] RIP: 0010:kyrofb_set_par+0x316/0xc80
    [  103.074045] Call Trace:
    [  103.074048]  ? ___might_sleep+0x1ee/0x2d0
    [  103.074060]  ? kyrofb_ioctl+0x330/0x330
    [  103.074069]  fb_set_var+0x5bf/0xeb0
    [  103.074078]  ? fb_blank+0x1a0/0x1a0
    [  103.074085]  ? lock_acquire+0x3bd/0x530
    [  103.074094]  ? lock_release+0x810/0x810
    [  103.074103]  ? ___might_sleep+0x1ee/0x2d0
    [  103.074114]  ? __mutex_lock+0x620/0x1190
    [  103.074126]  ? trace_hardirqs_on+0x6a/0x1c0
    [  103.074137]  do_fb_ioctl+0x31e/0x700
    [  103.074144]  ? fb_getput_cmap+0x280/0x280
    [  103.074152]  ? rcu_read_lock_sched_held+0x11/0x80
    [  103.074162]  ? rcu_read_lock_sched_held+0x11/0x80
    [  103.074171]  ? __sanitizer_cov_trace_switch+0x67/0xf0
    [  103.074181]  ? __sanitizer_cov_trace_const_cmp2+0x20/0x80
    [  103.074191]  ? do_vfs_ioctl+0x14b/0x16c0
    [  103.074199]  ? vfs_fileattr_set+0xb60/0xb60
    [  103.074207]  ? rcu_read_lock_sched_held+0x11/0x80
    [  103.074216]  ? lock_release+0x483/0x810
    [  103.074224]  ? __fget_files+0x217/0x3d0
    [  103.074234]  ? __fget_files+0x239/0x3d0
    [  103.074243]  ? do_fb_ioctl+0x700/0x700
    [  103.074250]  fb_ioctl+0xe6/0x130
    Signed-off-by: default avatarZheyu Ma <zheyuma97@gmail.com>
    Signed-off-by: default avatarSam Ravnborg <sam@ravnborg.org>
    Link: https://patchwork.freedesktop.org/patch/msgid/1627293835-17441-3-git-send-email-zheyuma97@gmail.com
    1520b4b7
fbdev.c 20.5 KB