From mboxrd@z Thu Jan  1 00:00:00 1970
From: Jiri Slaby <jirislaby@kernel.org>
Date: Thu, 30 Jul 2020 07:38:24 +0000
Subject: Re: [PATCH] vgacon: fix out of bounds write to the scrollback buffer
Message-Id: <008a3a1d-1908-6aea-0fae-e15b4eddff02@kernel.org>
List-Id: <linux-fbdev.vger.kernel.org>
References: <20200729130710.GA13262@openwall.com>
 <b764c575-70be-80dd-6718-e84370a7b2b3@nsfocus.com>
 <659f8dcf-7802-1ca1-1372-eb7fefd4d8f4@kernel.org>
In-Reply-To: <659f8dcf-7802-1ca1-1372-eb7fefd4d8f4@kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="gb2312"
Content-Transfer-Encoding: base64
To: =?UTF-8?B?5byg5LqR5rW3?= <zhangyunhai@nsfocus.com>, Solar Designer <solar@openwall.com>
Cc: Linux Fbdev development list <linux-fbdev@vger.kernel.org>, Kyungtae Kim <kt0755@gmail.com>, b.zolnierkie@samsung.com, Greg KH <greg@kroah.com>, Linux kernel mailing list <linux-kernel@vger.kernel.org>, DRI devel <dri-devel@lists.freedesktop.org>, Anthony Liguori <aliguori@amazon.com>, Yang Yingliang <yangyingliang@huawei.com>, xiao.zhang@windriver.com, Linus Torvalds <torvalds@linux-foundation.org>, "Srivatsa S. Bhat" <srivatsa@csail.mit.edu>

T24gMzAuIDA3LiAyMCwgODo0NiwgSmlyaSBTbGFieSB3cm90ZToKPiBIaSwgT1RPSCwgeW91IHNo
b3VsZCBoYXZlIENDZWQgYWxsIHRoZSAocHVibGljKSBsaXN0cy4KPiAKPiBPbiAzMC4gMDcuIDIw
LCA0OjUwLCDVxdTGuqMgd3JvdGU6Cj4+IFpoYW5nIFhpYW8gcG9pbnRzIG91dCB0aGF0IHRoZSBj
aGVjayBzaG91bGQgdXNlID4gaW5zdGVhZCBvZiA+PSwKPj4gb3RoZXJ3aXNlIHRoZSBsYXN0IGxp
bmUgd2lsbCBiZSBza2lwLgo+PiBJIGFncmVlIHdpdGggdGhhdCwgc28gSSBtb2RpZnkgdGhlIHBh
dGNoLgo+PiBDb3VsZCB5b3UgcGxlYXNlIHZlcmlmeSB0aGF0IGl0IGlzIHN0aWxsIGNvcnJlY3Qg
YW5kIHN1ZmZpY2llbnQ/Cj4gCj4gSU1PLCB5ZXMsIGNvcnJlY3QgLS0gSSB3YXMgdGhpbmtpbmcg
YWJvdXQgdGhpcyB5ZXN0ZXJkYXkgdG9vLiBKdXN0IGFuCj4gZXhhbXBsZTogaHlwb3RoZXRpY2Fs
bHksIGlmIHdlIGhhZDoKPiBzaXplX3JvdyA9IDEKPiB0YWlsID0gMjkKPiBzaXplID0gMzAKPiAK
PiBkYXRhWzI5XSB3b3VsZCBiZSB0aGUgbGFzdCBhY2Nlc3NpYmxlIG1lbWJlci4gV3JpdGluZyB0
byBkYXRhICsgdGFpbCAoYXMKPiAiMjkgKyAxID4gMzAiIGRvZXNuJ3QgaG9sZCwgc28gdGhlIG1v
ZGlmaWVkIGNoZWNrIHdvdWxkIHBhc3MpLCBpLmUuCj4gZGF0YVsyOV0gaXMgc3RpbGwgT0suIFNv
IHllcywgPiBpcyBPSywgPj0gd291bGQgd2FzdGUgc3BhY2UgYW5kIHdvdWxkIGJlCj4gYWN0dWFs
bHkgaW5jb3JyZWN0Lgo+IAo+PiBCVFcsIFpoYW5nIFhpYW8gYWxzbyBwb2ludHMgb3V0IHRoYXQg
dGhlIGNoZWNrIGFmdGVyIHRoZSBtZW1jcHkgY2FuIGJlCj4+IHJlbW92ZS4KPj4gSSBhbHNvIHRo
aW5rIHRoYXQgd2FzIHJpZ2h0LCBidXQgdmdhY29uX3Njcm9sbGJhY2tfY3VyLT50YWlsIG1heSBr
ZWVwCj4+IHRoZSB2YWx1ZSB2Z2Fjb25fc2Nyb2xsYmFja19jdXItPnNpemUgaW4gc29tZSBjYXNl
LiBUaGF0IGlzIG5vdCBhCj4+IHByb2JsZW0gaW4gdmdhY29uX3Njcm9sbGJhY2tfdXBkYXRlIGJl
Y2F1c2Ugb2YgdGhlIGNoZWNrIGJlZm9yZSB0aGUKPj4gbWVtY3B5LiBIb3dldmVyLCB0aGF0IG1h
eSBicmVhayBzb21lIG90aGVyIGNvZGUgd2hpY2ggYXNzdW1lcyB0aGF0Cj4+IHZnYWNvbl9zY3Jv
bGxiYWNrX2N1ci0+dGFpbCB3b24ndCBiZSB2Z2Fjb25fc2Nyb2xsYmFja19jdXItPnNpemUuIEkg
ZG8KPj4gbm90IGtub3cgaWYgdGhlcmUgYXJlIHN1Y2ggY29kZSwgYW5kIGlmIGl0IGlzIHRoZSBj
b2RlIGFjdHVhbGx5ICBzaG91bGQKPj4gY2hlY2sgaXQgdG9vLiBCdXQgSSBzdGlsbCBub3QgcmVt
b3ZlIHRoZSBjaGVjayBpbiB0aGUgcGF0Y2ggdG8gbWFrZSBzdXJlCj4+IGl0IHdvbid0IGJyZWFr
cyBvdGhlciBjb2RlLgo+IAo+IEFzIEkgd3JvdGUgYWJvdXQgdGhpcyB5ZXN0ZXJkYXk6Cj4gPT4g
SSBhbSBhbHNvIG5vdCBzdXJlIHRoZSB0ZXN0IEkgd2FzIHBvaW50aW5nIG91dCBvbiB0aGUgdG9w
IG9mIHRoaXMKPiBtZXNzYWdlIHdvdWxkIGJlIG9mIGFueSB1c2UgYWZ0ZXIgdGhlIGNoYW5nZS4g
QnV0IG1heWJlIGxlYXZlIHRoZSBjb2RlCj4gcmVzdCBpbiBwZWFjZS4KPiA9PiAKPiBJIHdvdWxk
IGxldCBpdCBhcyBpcyBpbiB0aGlzIHBhcnRpY3VsYXIgY29kZS4gRXNwZWNpYWxseSBiZWNhdXNl
Cj4gdmdhY29uX3Njcm9sbGRlbHRhIHRha2VzIC0+dGFpbCBpbnRvIGNvbnNpZGVyYXRpb24gYW5k
IEkgd2FzIHRvbyBsYXp5IHRvCj4gc3R1ZHkgdGhlIGNvZGUgdGhlcmUuIEJ1dCBpZiB5b3UgYXJl
IHdpbGxpbmcgdG8gc3R1ZHkgdGhlIGNvZGUgdGhlcmUgYW5kCj4gY29uZmlybSB0aGUgY2hlY2sg
aXMgc3VwZXJmbHVvdXMsIGZlZWwgZnJlZSB0byByZW1vdmUgaXQuIFBlcmhhcHMgaW4gYQo+IHNl
cGFyYXRlIHBhdGNoLiBJIHdhcyBhY3R1YWxseSB0ZXN0aW5nIHdpdGggdGhlIGNoZWNrIHJlbW92
ZWQgYW5kIGRpZG4ndAo+IGhpdCBhbnkgaXNzdWUgKHdoaWNoIG1lYW5zLCBpbiBmYWN0LCBleGFj
dGx5IG5vdGhpbmcpLgo+IAo+PiBGcm9tIGFkMTQzZWRlMjRmZjRlNjEyOTJjYzljOTYwMDAxMDBh
YWNkOTcyNTkgTW9uIFNlcCAxNyAwMDowMDowMCAyMDAxCj4+IEZyb206IFl1bmhhaSBaaGFuZyA8
emhhbmd5dW5oYWlAbnNmb2N1cy5jb20+Cj4+IERhdGU6IFR1ZSwgMjggSnVsIDIwMjAgMDk6NTg6
MDMgKzA4MDAKPj4gU3ViamVjdDogW1BBVENIXSBGaXggZm9yIG1pc3NpbmcgY2hlY2sgaW4gdmdh
Y29uIHNjcm9sbGJhY2sgaGFuZGxpbmcKPj4KPj4gdmdhY29uX3Njcm9sbGJhY2tfdXBkYXRlKCkg
YWx3YXlzIGxlZnQgZW5ib3VnaCByb29tIGluIHRoZSBzY3JvbGxiYWNrCj4gCj4gImxlYXZlcyBl
bm91Z2giCj4gCj4+IGJ1ZmZlciBmb3IgdGhlIG5leHQgY2FsbCwgYnV0IGlmIHRoZSBjb25zb2xl
IHNpemUgY2hhbmdlZCB0aGF0IHJvb20KPj4gbWlnaHQgbm90IGFjdHVhbGx5IGJlIGVub3VnaCwg
YW5kIHNvIHdlIG5lZWQgdG8gcmUtY2hlY2suCj4gCj4gQWxzbywgY291bGQgeW91IGFkZCByZWFz
b25pbmcgd2h5IHlvdSBhcmUgYWRkaW5nIHRoZSBjaGVjayB0byB0aGUgbG9vcAo+IGFuZCBub3Qg
b3V0c2lkZSAoZm9yIGluc3RhbmNlLCB1c2UgeW91ciByZWFzb25pbmcgd2l0aCBudW1iZXJzIG9y
IENTSSBNCj4gYXMgYW4gZXhhbXBsZSkuCj4gCj4gQ291bGQgeW91IGFkZCBhIHNhbXBsZSBvdXRw
dXQgaGVyZSwgc29tZXRoaW5nIGxpa2UgSSBoYWQ6Cj4gPT4gICAgIFRoaXMgbGVhZHMgdG8gcmFu
ZG9tIGNyYXNoZXMgb3IgS0FTQU4gcmVwb3J0cyBsaWtlOgo+ICAgICBCVUc6IEtBU0FOOiBzbGFi
LW91dC1vZi1ib3VuZHMgaW4gdmdhY29uX3Njcm9sbCsweDU3YS8weDhlZAo+ID0+IAo+IEl0J3Mg
dGhlbiBlYXNpZXIgdG8gZ29vZ2xlIGZvciB3aGVuIHRoaXMgaGFwcGVucyB0byBzb21lb25lIHdo
byBydW5zCj4gbm9uLXBhdGNoZWQga2VybmVscy4KPiAKPj4gVGhpcyBmaXhlcyBDVkUtMjAyMC0x
NDMzMS4KPj4KPj4gUmVwb3J0ZWQtYW5kLWRlYnVnZ2VkLWJ5OiDVxdTGuqMgPHpoYW5neXVuaGFp
QG5zZm9jdXMuY29tPgo+PiBSZXBvcnRlZC1hbmQtZGVidWdnZWQtYnk6IFlhbmcgWWluZ2xpYW5n
IDx5YW5neWluZ2xpYW5nQGh1YXdlaS5jb20+Cj4+IFJlcG9ydGVkLWJ5OiBLeXVuZ3RhZSBLaW0g
PGt0MDc1NUBnbWFpbC5jb20+Cj4+IEZpeGVzOiAxNWJkYWI5NTljOWIgKFtQQVRDSF0gdmdhY29u
OiBBZGQgc3VwcG9ydCBmb3Igc29mdCBzY3JvbGxiYWNrKQo+PiBDYzogTGludXMgVG9ydmFsZHMg
PHRvcnZhbGRzQGxpbnV4LWZvdW5kYXRpb24ub3JnPgo+PiBDYzogR3JlZyBLSCA8Z3JlZ0Brcm9h
aC5jb20+Cj4+IENjOiBTb2xhciBEZXNpZ25lciA8c29sYXJAb3BlbndhbGwuY29tPgo+PiBDYzog
IlNyaXZhdHNhIFMuIEJoYXQiIDxzcml2YXRzYUBjc2FpbC5taXQuZWR1Pgo+PiBDYzogQW50aG9u
eSBMaWd1b3JpIDxhbGlndW9yaUBhbWF6b24uY29tPgo+PiBDYzogWWFuZyBZaW5nbGlhbmcgPHlh
bmd5aW5nbGlhbmdAaHVhd2VpLmNvbT4KPj4gQ2M6IEJhcnRsb21pZWogWm9sbmllcmtpZXdpY3og
PGIuem9sbmllcmtpZUBzYW1zdW5nLmNvbT4KPiAKPiBPaCwgYW5kIHdlIHNob3VsZDoKPiBDYzog
c3RhYmxlQHZnZXIua2VybmVsLm9yZwo+IAo+PiBTaWduZWQtb2ZmLWJ5OiBZdW5oYWkgWmhhbmcg
PHpoYW5neXVuaGFpQG5zZm9jdXMuY29tPgo+PiAtLS0KPj4gIGRyaXZlcnMvdmlkZW8vY29uc29s
ZS92Z2Fjb24uYyB8IDQgKysrKwo+PiAgMSBmaWxlIGNoYW5nZWQsIDQgaW5zZXJ0aW9ucygrKQo+
Pgo+PiBkaWZmIC0tZ2l0IGEvZHJpdmVycy92aWRlby9jb25zb2xlL3ZnYWNvbi5jIGIvZHJpdmVy
cy92aWRlby9jb25zb2xlL3ZnYWNvbi5jCj4+IGluZGV4IDk5OGIwZGUxODEyZi4uMzdiNTcxMWNk
OTU4IDEwMDY0NAo+PiAtLS0gYS9kcml2ZXJzL3ZpZGVvL2NvbnNvbGUvdmdhY29uLmMKPj4gKysr
IGIvZHJpdmVycy92aWRlby9jb25zb2xlL3ZnYWNvbi5jCj4+IEBAIC0yNTEsNiArMjUxLDEwIEBA
IHN0YXRpYyB2b2lkIHZnYWNvbl9zY3JvbGxiYWNrX3VwZGF0ZShzdHJ1Y3QgdmNfZGF0YSAqYywg
aW50IHQsIGludCBjb3VudCkKPj4gIAlwID0gKHZvaWQgKikgKGMtPnZjX29yaWdpbiArIHQgKiBj
LT52Y19zaXplX3Jvdyk7Cj4+ICAKPj4gIAl3aGlsZSAoY291bnQtLSkgewo+PiArCQlpZiAoKHZn
YWNvbl9zY3JvbGxiYWNrX2N1ci0+dGFpbCArIGMtPnZjX3NpemVfcm93KSA+IAoKQW5kIGdpdCBj
b21wbGFpbnMgaGVyZToKLmdpdC9yZWJhc2UtYXBwbHkvcGF0Y2g6MTM6IHRyYWlsaW5nIHdoaXRl
c3BhY2UuCiAgICAgICAgICAgICAgICBpZiAoKHZnYWNvbl9zY3JvbGxiYWNrX2N1ci0+dGFpbCAr
IGMtPnZjX3NpemVfcm93KSA+Cndhcm5pbmc6IDEgbGluZSBhZGRzIHdoaXRlc3BhY2UgZXJyb3Jz
LgoKVGhlcmUgaXMgYSBzcGFjZSBhdCB0aGUgRU9MLgoKPj4gKwkJICAgIHZnYWNvbl9zY3JvbGxi
YWNrX2N1ci0+c2l6ZSkKPj4gKwkJCXZnYWNvbl9zY3JvbGxiYWNrX2N1ci0+dGFpbCA9IDA7Cj4+
ICsKPj4gIAkJc2NyX21lbWNweXcodmdhY29uX3Njcm9sbGJhY2tfY3VyLT5kYXRhICsKPj4gIAkJ
CSAgICB2Z2Fjb25fc2Nyb2xsYmFja19jdXItPnRhaWwsCj4+ICAJCQkgICAgcCwgYy0+dmNfc2l6
ZV9yb3cpOwo+IAo+IHRoYW5rcywKPiAKCgotLSAKanM=