Re: [PATCH] fbdev: fix divide error in fb_var_to_videomode

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Shile Zhang <shile.zhang@linux.alibaba.com>
To: Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>,
	Fredrik Noring <noring@nocrew.org>,
	Daniel Vetter <daniel.vetter@ffwll.ch>
Cc: linux-kernel@vger.kernel.org, dri-devel@lists.freedesktop.org,
	linux-fbdev@vger.kernel.org
Subject: Re: [PATCH] fbdev: fix divide error in fb_var_to_videomode
Date: Tue, 26 Mar 2019 05:54:13 +0000	[thread overview]
Message-ID: <0560ca36-a7a8-ed6f-d66f-059336e6b5e9@linux.alibaba.com> (raw)
In-Reply-To: <1552998003-237288-1-git-send-email-shile.zhang@linux.alibaba.com>

Hi, Bartlomiej, Fredrik, Daniel,

Could you please help to have a look at this patch?

Many thanks!

-Shile

On 2019/3/19 20:20, shile.zhang@linux.alibaba.com wrote:
> From: Shile Zhang <shile.zhang@linux.alibaba.com>
>
> To fix following divide-by-zero error found by Syzkaller:
>
>    divide error: 0000 [#1] SMP PTI
>    CPU: 7 PID: 8447 Comm: test Kdump: loaded Not tainted 4.19.24-8.al7.x86_64 #1
>    Hardware name: Alibaba Cloud Alibaba Cloud ECS, BIOS rel-1.12.0-0-ga698c8995f-prebuilt.qemu.org 04/01/2014
>    RIP: 0010:fb_var_to_videomode+0xae/0xc0
>    Code: 04 44 03 46 78 03 4e 7c 44 03 46 68 03 4e 70 89 ce d1 ee 69 c0 e8 03 00 00 f6 c2 01 0f 45 ce 83 e2 02 8d 34 09 0f 45 ce 31 d2 <41> f7 f0 31 d2 f7 f1 89 47 08 f3 c3 66 0f 1f 44 00 00 0f 1f 44 00
>    RSP: 0018:ffffb7e189347bf0 EFLAGS: 00010246
>    RAX: 00000000e1692410 RBX: ffffb7e189347d60 RCX: 0000000000000000
>    RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffb7e189347c10
>    RBP: ffff99972a091c00 R08: 0000000000000000 R09: 0000000000000000
>    R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000100
>    R13: 0000000000010000 R14: 00007ffd66baf6d0 R15: 0000000000000000
>    FS:  00007f2054d11740(0000) GS:ffff99972fbc0000(0000) knlGS:0000000000000000
>    CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
>    CR2: 00007f205481fd20 CR3: 00000004288a0001 CR4: 00000000001606a0
>    Call Trace:
>     fb_set_var+0x257/0x390
>     ? lookup_fast+0xbb/0x2b0
>     ? fb_open+0xc0/0x140
>     ? chrdev_open+0xa6/0x1a0
>     do_fb_ioctl+0x445/0x5a0
>     do_vfs_ioctl+0x92/0x5f0
>     ? __alloc_fd+0x3d/0x160
>     ksys_ioctl+0x60/0x90
>     __x64_sys_ioctl+0x16/0x20
>     do_syscall_64+0x5b/0x190
>     entry_SYSCALL_64_after_hwframe+0x44/0xa9
>    RIP: 0033:0x7f20548258d7
>    Code: 44 00 00 48 8b 05 b9 15 2d 00 64 c7 00 26 00 00 00 48 c7 c0 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 89 15 2d 00 f7 d8 64 89 01 48
>
> It can be triggered easily with following test code:
>
>    #include <linux/fb.h>
>    #include <fcntl.h>
>    #include <sys/ioctl.h>
>    int main(void)
>    {
>            struct fb_var_screeninfo var = {.activate = 0x100, .pixclock = 60};
>            int fd = open("/dev/fb0", O_RDWR);
>            if (fd < 0)
>                    return 1;
>
>            if (ioctl(fd, FBIOPUT_VSCREENINFO, &var))
>                    return 1;
>
>            return 0;
>    }
>
> Signed-off-by: Shile Zhang <shile.zhang@linux.alibaba.com>
> ---
>   drivers/video/fbdev/core/modedb.c | 3 +++
>   1 file changed, 3 insertions(+)
>
> diff --git a/drivers/video/fbdev/core/modedb.c b/drivers/video/fbdev/core/modedb.c
> index 283d9307..ac04987 100644
> --- a/drivers/video/fbdev/core/modedb.c
> +++ b/drivers/video/fbdev/core/modedb.c
> @@ -935,6 +935,9 @@ void fb_var_to_videomode(struct fb_videomode *mode,
>   	if (var->vmode & FB_VMODE_DOUBLE)
>   		vtotal *= 2;
>   
> +	if (!htotal || !vtotal)
> +		return;
> +
>   	hfreq = pixclock/htotal;
>   	mode->refresh = hfreq/vtotal;
>   }

WARNING: multiple messages have this Message-ID (diff)

From: Shile Zhang <shile.zhang@linux.alibaba.com>
To: Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>,
	Fredrik Noring <noring@nocrew.org>,
	Daniel Vetter <daniel.vetter@ffwll.ch>
Cc: linux-kernel@vger.kernel.org, dri-devel@lists.freedesktop.org,
	linux-fbdev@vger.kernel.org
Subject: Re: [PATCH] fbdev: fix divide error in fb_var_to_videomode
Date: Tue, 26 Mar 2019 13:54:13 +0800	[thread overview]
Message-ID: <0560ca36-a7a8-ed6f-d66f-059336e6b5e9@linux.alibaba.com> (raw)
In-Reply-To: <1552998003-237288-1-git-send-email-shile.zhang@linux.alibaba.com>

Hi, Bartlomiej, Fredrik, Daniel,

Could you please help to have a look at this patch?

Many thanks!

-Shile

On 2019/3/19 20:20, shile.zhang@linux.alibaba.com wrote:
> From: Shile Zhang <shile.zhang@linux.alibaba.com>
>
> To fix following divide-by-zero error found by Syzkaller:
>
>    divide error: 0000 [#1] SMP PTI
>    CPU: 7 PID: 8447 Comm: test Kdump: loaded Not tainted 4.19.24-8.al7.x86_64 #1
>    Hardware name: Alibaba Cloud Alibaba Cloud ECS, BIOS rel-1.12.0-0-ga698c8995f-prebuilt.qemu.org 04/01/2014
>    RIP: 0010:fb_var_to_videomode+0xae/0xc0
>    Code: 04 44 03 46 78 03 4e 7c 44 03 46 68 03 4e 70 89 ce d1 ee 69 c0 e8 03 00 00 f6 c2 01 0f 45 ce 83 e2 02 8d 34 09 0f 45 ce 31 d2 <41> f7 f0 31 d2 f7 f1 89 47 08 f3 c3 66 0f 1f 44 00 00 0f 1f 44 00
>    RSP: 0018:ffffb7e189347bf0 EFLAGS: 00010246
>    RAX: 00000000e1692410 RBX: ffffb7e189347d60 RCX: 0000000000000000
>    RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffb7e189347c10
>    RBP: ffff99972a091c00 R08: 0000000000000000 R09: 0000000000000000
>    R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000100
>    R13: 0000000000010000 R14: 00007ffd66baf6d0 R15: 0000000000000000
>    FS:  00007f2054d11740(0000) GS:ffff99972fbc0000(0000) knlGS:0000000000000000
>    CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
>    CR2: 00007f205481fd20 CR3: 00000004288a0001 CR4: 00000000001606a0
>    Call Trace:
>     fb_set_var+0x257/0x390
>     ? lookup_fast+0xbb/0x2b0
>     ? fb_open+0xc0/0x140
>     ? chrdev_open+0xa6/0x1a0
>     do_fb_ioctl+0x445/0x5a0
>     do_vfs_ioctl+0x92/0x5f0
>     ? __alloc_fd+0x3d/0x160
>     ksys_ioctl+0x60/0x90
>     __x64_sys_ioctl+0x16/0x20
>     do_syscall_64+0x5b/0x190
>     entry_SYSCALL_64_after_hwframe+0x44/0xa9
>    RIP: 0033:0x7f20548258d7
>    Code: 44 00 00 48 8b 05 b9 15 2d 00 64 c7 00 26 00 00 00 48 c7 c0 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 89 15 2d 00 f7 d8 64 89 01 48
>
> It can be triggered easily with following test code:
>
>    #include <linux/fb.h>
>    #include <fcntl.h>
>    #include <sys/ioctl.h>
>    int main(void)
>    {
>            struct fb_var_screeninfo var = {.activate = 0x100, .pixclock = 60};
>            int fd = open("/dev/fb0", O_RDWR);
>            if (fd < 0)
>                    return 1;
>
>            if (ioctl(fd, FBIOPUT_VSCREENINFO, &var))
>                    return 1;
>
>            return 0;
>    }
>
> Signed-off-by: Shile Zhang <shile.zhang@linux.alibaba.com>
> ---
>   drivers/video/fbdev/core/modedb.c | 3 +++
>   1 file changed, 3 insertions(+)
>
> diff --git a/drivers/video/fbdev/core/modedb.c b/drivers/video/fbdev/core/modedb.c
> index 283d9307..ac04987 100644
> --- a/drivers/video/fbdev/core/modedb.c
> +++ b/drivers/video/fbdev/core/modedb.c
> @@ -935,6 +935,9 @@ void fb_var_to_videomode(struct fb_videomode *mode,
>   	if (var->vmode & FB_VMODE_DOUBLE)
>   		vtotal *= 2;
>   
> +	if (!htotal || !vtotal)
> +		return;
> +
>   	hfreq = pixclock/htotal;
>   	mode->refresh = hfreq/vtotal;
>   }

next prev parent reply	other threads:[~2019-03-26  5:54 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-03-19 12:20 [PATCH] fbdev: fix divide error in fb_var_to_videomode shile.zhang
2019-03-19 12:20 ` shile.zhang
2019-03-26  5:54 ` Shile Zhang [this message]
2019-03-26  5:54   ` Shile Zhang
2019-03-29 18:49   ` Fredrik Noring
2019-03-29 18:49     ` Fredrik Noring
2019-03-29 20:46 ` Mukesh Ojha
2019-03-29 20:58   ` Mukesh Ojha
2019-04-01 15:25   ` Bartlomiej Zolnierkiewicz
2019-04-01 15:25     ` Bartlomiej Zolnierkiewicz
2019-04-01 15:25     ` Bartlomiej Zolnierkiewicz
2019-04-02  0:22     ` Shile Zhang

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=0560ca36-a7a8-ed6f-d66f-059336e6b5e9@linux.alibaba.com \
    --to=shile.zhang@linux.alibaba.com \
    --cc=b.zolnierkie@samsung.com \
    --cc=daniel.vetter@ffwll.ch \
    --cc=dri-devel@lists.freedesktop.org \
    --cc=linux-fbdev@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=noring@nocrew.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.