From: Helge Deller <deller@gmx.de>
To: Daniel Vetter <daniel@ffwll.ch>
Cc: linux-fbdev@vger.kernel.org, daniel.vetter@ffwll.ch,
dri-devel@lists.freedesktop.org
Subject: Re: [PATCH v2 1/4] fbcon: Disallow setting font bigger than screen size
Date: Sat, 25 Jun 2022 16:53:25 +0200 [thread overview]
Message-ID: <feee43e4-fad3-b8c8-852b-ab85804416b6@gmx.de> (raw)
In-Reply-To: <YrcDgjpgeqSZtSOE@phenom.ffwll.local>
On 6/25/22 14:45, Daniel Vetter wrote:
> On Sat, Jun 25, 2022 at 02:24:59PM +0200, Helge Deller wrote:
>> Prevent that users set a font size which is bigger than the physical screen.
>> It's unlikely this may happen (because screens are usually much larger than the
>> fonts and each font char is limited to 32x32 pixels), but it may happen on
>> smaller screens/LCD displays.
>>
>> Signed-off-by: Helge Deller <deller@gmx.de>
>> Cc: stable@vger.kernel.org # v4.14+
>> ---
>> drivers/video/fbdev/core/fbcon.c | 5 +++++
>> 1 file changed, 5 insertions(+)
>>
>> diff --git a/drivers/video/fbdev/core/fbcon.c b/drivers/video/fbdev/core/fbcon.c
>> index c4e91715ef00..e162d5e753e5 100644
>> --- a/drivers/video/fbdev/core/fbcon.c
>> +++ b/drivers/video/fbdev/core/fbcon.c
>> @@ -2469,6 +2469,11 @@ static int fbcon_set_font(struct vc_data *vc, struct console_font *font,
>> if (charcount != 256 && charcount != 512)
>> return -EINVAL;
>>
>> + /* font bigger than screen resolution ? */
>> + if (font->width > FBCON_SWAP(info->var.rotate, info->var.xres, info->var.yres) ||
>> + font->height > FBCON_SWAP(info->var.rotate, info->var.yres, info->var.xres))
>> + return -EINVAL;
>
> Reviewed-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Thanks!
> Maybe as a safety follow up patch, we have a few copies of the below:
>
> cols = FBCON_SWAP(ops->rotate, info->var.xres, info->var.yres);
> rows = FBCON_SWAP(ops->rotate, info->var.yres, info->var.xres);
> cols /= vc->vc_font.width;
> rows /= vc->vc_font.height;
>
> Might be good to extract that into a helper and also add
>
> WARN_ON(!cols);
> WARN_ON(!rows);
That's not needed then.
The checks I added above will ensure that cols and rows are both greater than 0.
> to make sure we really didn't screw this up and give syzkaller et all an
> easier time finding bugs - it doesn't need to discover the full exploit,
> only needs to get to this here.
>
> Also maybe even check that cols/rows is within reasons, like smaller than
> BIT(24) or so (so that we have a bunch of headroom for overflows).
Not needed either.
cols and rows is the screen size divided by an value between 1-32 (the max
font size). So, since screen size is already the higest limit, cols&rows
will always be smaller than screen size (and > 0).
Helge
next prev parent reply other threads:[~2022-06-25 14:53 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-06-25 12:24 [PATCH v2 0/4] fbcon: Fixes for screen resolution changes Helge Deller
2022-06-25 12:24 ` [PATCH v2 1/4] fbcon: Disallow setting font bigger than screen size Helge Deller
2022-06-25 12:45 ` Daniel Vetter
2022-06-25 14:53 ` Helge Deller [this message]
2022-06-25 22:27 ` Daniel Vetter
2022-06-25 22:32 ` Daniel Vetter
2022-06-25 12:25 ` [PATCH v2 2/4] fbcon: Add fbcon_modechange_possible() check Helge Deller
2022-06-25 12:55 ` Daniel Vetter
2022-06-25 15:14 ` Helge Deller
2022-06-25 22:31 ` Daniel Vetter
2022-06-25 12:25 ` [PATCH v2 3/4] fbmem: Fix input parameter checks for user-provided screen resolution changes Helge Deller
2022-06-25 12:56 ` Daniel Vetter
2022-06-25 13:00 ` Daniel Vetter
2022-06-25 15:36 ` Helge Deller
2022-06-25 15:19 ` Helge Deller
2022-06-25 12:25 ` [PATCH v2 4/4] fbmem: Catch possible driver bugs regarding too small virtual screen size Helge Deller
2022-06-25 13:03 ` Daniel Vetter
2022-06-25 15:38 ` Helge Deller
-- strict thread matches above, loose matches on Subject: below --
2022-07-01 20:22 [PATCH v2 0/4] fbcon: Fixes for screen resolution changes - round 2 Helge Deller
2022-07-01 20:22 ` [PATCH v2 1/4] fbcon: Disallow setting font bigger than screen size Helge Deller
2022-07-01 20:23 [PATCH v2 0/4] fbcon: Fixes for screen resolution changes - round 2 Helge Deller
2022-07-01 20:23 ` [PATCH v2 1/4] fbcon: Disallow setting font bigger than screen size Helge Deller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=feee43e4-fad3-b8c8-852b-ab85804416b6@gmx.de \
--to=deller@gmx.de \
--cc=daniel.vetter@ffwll.ch \
--cc=daniel@ffwll.ch \
--cc=dri-devel@lists.freedesktop.org \
--cc=linux-fbdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).