From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Shile Zhang <shile.zhang@linux.alibaba.com>,
Fredrik Noring <noring@nocrew.org>,
Daniel Vetter <daniel.vetter@ffwll.ch>,
Mukesh Ojha <mojha@codeaurora.org>,
Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>,
Sasha Levin <sashal@kernel.org>,
dri-devel@lists.freedesktop.org, linux-fbdev@vger.kernel.org
Subject: [PATCH AUTOSEL 4.4 46/56] fbdev: fix divide error in fb_var_to_videomode
Date: Sat, 1 Jun 2019 09:25:50 -0400 [thread overview]
Message-ID: <20190601132600.27427-46-sashal@kernel.org> (raw)
In-Reply-To: <20190601132600.27427-1-sashal@kernel.org>
From: Shile Zhang <shile.zhang@linux.alibaba.com>
[ Upstream commit cf84807f6dd0be5214378e66460cfc9187f532f9 ]
To fix following divide-by-zero error found by Syzkaller:
divide error: 0000 [#1] SMP PTI
CPU: 7 PID: 8447 Comm: test Kdump: loaded Not tainted 4.19.24-8.al7.x86_64 #1
Hardware name: Alibaba Cloud Alibaba Cloud ECS, BIOS rel-1.12.0-0-ga698c8995f-prebuilt.qemu.org 04/01/2014
RIP: 0010:fb_var_to_videomode+0xae/0xc0
Code: 04 44 03 46 78 03 4e 7c 44 03 46 68 03 4e 70 89 ce d1 ee 69 c0 e8 03 00 00 f6 c2 01 0f 45 ce 83 e2 02 8d 34 09 0f 45 ce 31 d2 <41> f7 f0 31 d2 f7 f1 89 47 08 f3 c3 66 0f 1f 44 00 00 0f 1f 44 00
RSP: 0018:ffffb7e189347bf0 EFLAGS: 00010246
RAX: 00000000e1692410 RBX: ffffb7e189347d60 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffb7e189347c10
RBP: ffff99972a091c00 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000100
R13: 0000000000010000 R14: 00007ffd66baf6d0 R15: 0000000000000000
FS: 00007f2054d11740(0000) GS:ffff99972fbc0000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f205481fd20 CR3: 00000004288a0001 CR4: 00000000001606a0
Call Trace:
fb_set_var+0x257/0x390
? lookup_fast+0xbb/0x2b0
? fb_open+0xc0/0x140
? chrdev_open+0xa6/0x1a0
do_fb_ioctl+0x445/0x5a0
do_vfs_ioctl+0x92/0x5f0
? __alloc_fd+0x3d/0x160
ksys_ioctl+0x60/0x90
__x64_sys_ioctl+0x16/0x20
do_syscall_64+0x5b/0x190
entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x7f20548258d7
Code: 44 00 00 48 8b 05 b9 15 2d 00 64 c7 00 26 00 00 00 48 c7 c0 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 89 15 2d 00 f7 d8 64 89 01 48
It can be triggered easily with following test code:
#include <linux/fb.h>
#include <fcntl.h>
#include <sys/ioctl.h>
int main(void)
{
struct fb_var_screeninfo var = {.activate = 0x100, .pixclock = 60};
int fd = open("/dev/fb0", O_RDWR);
if (fd < 0)
return 1;
if (ioctl(fd, FBIOPUT_VSCREENINFO, &var))
return 1;
return 0;
}
Signed-off-by: Shile Zhang <shile.zhang@linux.alibaba.com>
Cc: Fredrik Noring <noring@nocrew.org>
Cc: Daniel Vetter <daniel.vetter@ffwll.ch>
Reviewed-by: Mukesh Ojha <mojha@codeaurora.org>
Signed-off-by: Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/video/fbdev/core/modedb.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/video/fbdev/core/modedb.c b/drivers/video/fbdev/core/modedb.c
index de119f11b78f9..455a15f701720 100644
--- a/drivers/video/fbdev/core/modedb.c
+++ b/drivers/video/fbdev/core/modedb.c
@@ -933,6 +933,9 @@ void fb_var_to_videomode(struct fb_videomode *mode,
if (var->vmode & FB_VMODE_DOUBLE)
vtotal *= 2;
+ if (!htotal || !vtotal)
+ return;
+
hfreq = pixclock/htotal;
mode->refresh = hfreq/vtotal;
}
--
2.20.1
next prev parent reply other threads:[~2019-06-01 13:28 UTC|newest]
Thread overview: 63+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-06-01 13:25 [PATCH AUTOSEL 4.4 01/56] fs/fat/file.c: issue flush after the writeback of FAT Sasha Levin
2019-06-01 13:25 ` [PATCH AUTOSEL 4.4 02/56] sysctl: return -EINVAL if val violates minmax Sasha Levin
2019-06-01 13:25 ` [PATCH AUTOSEL 4.4 03/56] ipc: prevent lockup on alloc_msg and free_msg Sasha Levin
2019-06-01 13:25 ` [PATCH AUTOSEL 4.4 04/56] hugetlbfs: on restore reserve error path retain subpool reservation Sasha Levin
2019-06-01 13:25 ` [PATCH AUTOSEL 4.4 05/56] mm/cma.c: fix crash on CMA allocation if bitmap allocation fails Sasha Levin
2019-06-01 13:25 ` [PATCH AUTOSEL 4.4 06/56] mm/cma_debug.c: fix the break condition in cma_maxchunk_get() Sasha Levin
2019-06-01 13:25 ` [PATCH AUTOSEL 4.4 07/56] kernel/sys.c: prctl: fix false positive in validate_prctl_map() Sasha Levin
2019-06-01 13:25 ` [PATCH AUTOSEL 4.4 08/56] mfd: intel-lpss: Set the device in reset state when init Sasha Levin
2019-06-01 13:25 ` [PATCH AUTOSEL 4.4 09/56] mfd: twl6040: Fix device init errors for ACCCTL register Sasha Levin
2019-06-01 13:25 ` [PATCH AUTOSEL 4.4 10/56] perf/x86/intel: Allow PEBS multi-entry in watermark mode Sasha Levin
2019-06-01 13:25 ` [PATCH AUTOSEL 4.4 11/56] drm/bridge: adv7511: Fix low refresh rate selection Sasha Levin
2019-06-01 13:25 ` [PATCH AUTOSEL 4.4 12/56] NFS4: Fix v4.0 client state corruption when mount Sasha Levin
2019-06-01 13:25 ` [PATCH AUTOSEL 4.4 13/56] ntp: Allow TAI-UTC offset to be set to zero Sasha Levin
2019-06-01 13:25 ` [PATCH AUTOSEL 4.4 14/56] f2fs: fix to avoid panic in do_recover_data() Sasha Levin
2019-06-01 13:25 ` [PATCH AUTOSEL 4.4 15/56] f2fs: fix to do sanity check on valid block count of segment Sasha Levin
2019-06-01 13:25 ` [PATCH AUTOSEL 4.4 16/56] tracing: Fix partial reading of trace event's id file Sasha Levin
2019-06-01 13:25 ` [PATCH AUTOSEL 4.4 17/56] uml: fix a boot splat wrt use of cpu_all_mask Sasha Levin
2019-06-01 13:25 ` [PATCH AUTOSEL 4.4 18/56] mips: Make sure dt memory regions are valid Sasha Levin
2019-06-01 13:25 ` [PATCH AUTOSEL 4.4 19/56] iommu/vt-d: Set intel_iommu_gfx_mapped correctly Sasha Levin
2019-06-01 13:25 ` [PATCH AUTOSEL 4.4 20/56] ALSA: hda - Register irq handler after the chip initialization Sasha Levin
2019-06-01 13:25 ` [PATCH AUTOSEL 4.4 21/56] nvmem: core: fix read buffer in place Sasha Levin
2019-06-01 13:25 ` [PATCH AUTOSEL 4.4 22/56] stm class: Fix channel free in stm output free path Sasha Levin
2019-06-01 13:25 ` [PATCH AUTOSEL 4.4 23/56] fuse: honor RLIMIT_FSIZE in fuse_file_fallocate Sasha Levin
2019-06-05 20:24 ` Liu Bo
2019-06-01 13:25 ` [PATCH AUTOSEL 4.4 24/56] fuse: require /dev/fuse reads to have enough buffer capacity Sasha Levin
2019-06-01 13:25 ` [PATCH AUTOSEL 4.4 25/56] fuse: retrieve: cap requested size to negotiated max_write Sasha Levin
2019-06-01 13:25 ` [PATCH AUTOSEL 4.4 26/56] nfsd: allow fh_want_write to be called twice Sasha Levin
2019-06-01 13:25 ` [PATCH AUTOSEL 4.4 27/56] PCI: Mark Atheros AR9462 to avoid bus reset Sasha Levin
2019-06-01 13:25 ` [PATCH AUTOSEL 4.4 28/56] media: ov6650: Fix sensor possibly not detected on probe Sasha Levin
2019-06-01 13:25 ` [PATCH AUTOSEL 4.4 29/56] x86/PCI: Fix PCI IRQ routing table memory leak Sasha Levin
2019-06-01 13:25 ` [PATCH AUTOSEL 4.4 30/56] platform/chrome: cros_ec_proto: check for NULL transfer function Sasha Levin
2019-06-01 13:25 ` [PATCH AUTOSEL 4.4 31/56] soc: mediatek: pwrap: Zero initialize rdata in pwrap_init_cipher Sasha Levin
2019-06-01 13:25 ` [PATCH AUTOSEL 4.4 32/56] clk: rockchip: Turn on "aclk_dmac1" for suspend on rk3288 Sasha Levin
2019-06-01 13:25 ` [PATCH AUTOSEL 4.4 33/56] fbdev: fix WARNING in __alloc_pages_nodemask bug Sasha Levin
2019-06-01 13:25 ` [PATCH AUTOSEL 4.4 34/56] iommu/tegra-smmu: Fix invalid ASID bits on Tegra30/114 Sasha Levin
2019-06-01 13:25 ` [PATCH AUTOSEL 4.4 35/56] ARM: dts: imx6sx: Specify IMX6SX_CLK_IPG as "ahb" clock to SDMA Sasha Levin
2019-06-01 13:25 ` [PATCH AUTOSEL 4.4 36/56] ARM: dts: imx6sx: Specify IMX6SX_CLK_IPG as "ipg" " Sasha Levin
2019-06-01 13:25 ` [PATCH AUTOSEL 4.4 37/56] ARM: dts: imx6qdl: Specify IMX6QDL_CLK_IPG " Sasha Levin
2019-06-01 13:25 ` [PATCH AUTOSEL 4.4 38/56] md: add mddev->pers to avoid potential NULL pointer dereference Sasha Levin
2019-06-01 13:25 ` [PATCH AUTOSEL 4.4 39/56] PCI: rpadlpar: Fix leaked device_node references in add/remove paths Sasha Levin
2019-06-01 13:25 ` [PATCH AUTOSEL 4.4 40/56] PCI: rcar: Fix a potential NULL pointer dereference Sasha Levin
2019-06-01 13:25 ` [PATCH AUTOSEL 4.4 41/56] fbdev: sm712fb: fix crashes and garbled display during DPMS modesetting Sasha Levin
2019-06-01 13:25 ` [PATCH AUTOSEL 4.4 42/56] fbdev: sm712fb: fix boot screen glitch when sm712fb replaces VGA Sasha Levin
2019-06-01 13:25 ` [PATCH AUTOSEL 4.4 43/56] video: hgafb: fix potential NULL pointer dereference Sasha Levin
2019-06-01 13:25 ` [PATCH AUTOSEL 4.4 44/56] video: imsttfb: fix potential NULL pointer dereferences Sasha Levin
2019-06-01 16:19 ` Greg Kroah-Hartman
2019-06-01 23:53 ` Finn Thain
2019-06-02 14:11 ` Sasha Levin
2019-06-01 13:25 ` [PATCH AUTOSEL 4.4 45/56] fbdev: sm712fb: fix brightness control on reboot, don't set SR30 Sasha Levin
2019-06-01 13:25 ` Sasha Levin [this message]
2019-06-01 13:25 ` [PATCH AUTOSEL 4.4 47/56] fbdev: sm712fb: fix white screen of death on reboot, don't set CR3B-CR3F Sasha Levin
2019-06-01 13:25 ` [PATCH AUTOSEL 4.4 48/56] fbdev: sm712fb: fix crashes during framebuffer writes by correctly mapping VRAM Sasha Levin
2019-06-01 13:25 ` [PATCH AUTOSEL 4.4 49/56] PCI: xilinx: Check for __get_free_pages() failure Sasha Levin
2019-06-01 13:25 ` [PATCH AUTOSEL 4.4 50/56] tty: pty: Fix race condition between release_one_tty and pty_write Sasha Levin
2019-06-01 16:17 ` Greg Kroah-Hartman
2019-06-01 16:18 ` Greg Kroah-Hartman
2019-06-11 16:25 ` Sasha Levin
2019-06-01 13:25 ` [PATCH AUTOSEL 4.4 51/56] gpio: gpio-omap: add check for off wake capable gpios Sasha Levin
2019-06-01 13:25 ` [PATCH AUTOSEL 4.4 52/56] dmaengine: idma64: Use actual device for DMA transfers Sasha Levin
2019-06-01 13:25 ` [PATCH AUTOSEL 4.4 53/56] pwm: tiehrpwm: Update shadow register for disabling PWMs Sasha Levin
2019-06-01 13:25 ` [PATCH AUTOSEL 4.4 54/56] ARM: dts: exynos: Always enable necessary APIO_1V8 and ABB_1V8 regulators on Arndale Octa Sasha Levin
2019-06-01 13:25 ` [PATCH AUTOSEL 4.4 55/56] pwm: Fix deadlock warning when removing PWM device Sasha Levin
2019-06-01 13:26 ` [PATCH AUTOSEL 4.4 56/56] ARM: exynos: Fix undefined instruction during Exynos5422 resume Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190601132600.27427-46-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=b.zolnierkie@samsung.com \
--cc=daniel.vetter@ffwll.ch \
--cc=dri-devel@lists.freedesktop.org \
--cc=linux-fbdev@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mojha@codeaurora.org \
--cc=noring@nocrew.org \
--cc=shile.zhang@linux.alibaba.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox