mirror
/
linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
linux/drivers/video/fbdev/core
History
Tetsuo Handa a6a00d7e8f fbcon: Use kzalloc() in fbcon_prepare_logo() 
A kernel built with syzbot's config file reported that

  scr_memcpyw(q, save, array3_size(logo_lines, new_cols, 2))

causes uninitialized "save" to be copied.

  ----------
  [drm] Initialized vgem 1.0.0 20120112 for vgem on minor 0
  [drm] Initialized vkms 1.0.0 20180514 for vkms on minor 1
  Console: switching to colour frame buffer device 128x48
  =====================================================
  BUG: KMSAN: uninit-value in do_update_region+0x4b8/0xba0
   do_update_region+0x4b8/0xba0
   update_region+0x40d/0x840
   fbcon_switch+0x3364/0x35e0
   redraw_screen+0xae3/0x18a0
   do_bind_con_driver+0x1cb3/0x1df0
   do_take_over_console+0x11cb/0x13f0
   fbcon_fb_registered+0xacc/0xfd0
   register_framebuffer+0x1179/0x1320
   __drm_fb_helper_initial_config_and_unlock+0x23ad/0x2b40
   drm_fbdev_client_hotplug+0xbea/0xda0
   drm_fbdev_generic_setup+0x65e/0x9d0
   vkms_init+0x9f3/0xc76
   (...snipped...)

  Uninit was stored to memory at:
   fbcon_prepare_logo+0x143b/0x1940
   fbcon_init+0x2c1b/0x31c0
   visual_init+0x3e7/0x820
   do_bind_con_driver+0x14a4/0x1df0
   do_take_over_console+0x11cb/0x13f0
   fbcon_fb_registered+0xacc/0xfd0
   register_framebuffer+0x1179/0x1320
   __drm_fb_helper_initial_config_and_unlock+0x23ad/0x2b40
   drm_fbdev_client_hotplug+0xbea/0xda0
   drm_fbdev_generic_setup+0x65e/0x9d0
   vkms_init+0x9f3/0xc76
   (...snipped...)

  Uninit was created at:
   __kmem_cache_alloc_node+0xb69/0x1020
   __kmalloc+0x379/0x680
   fbcon_prepare_logo+0x704/0x1940
   fbcon_init+0x2c1b/0x31c0
   visual_init+0x3e7/0x820
   do_bind_con_driver+0x14a4/0x1df0
   do_take_over_console+0x11cb/0x13f0
   fbcon_fb_registered+0xacc/0xfd0
   register_framebuffer+0x1179/0x1320
   __drm_fb_helper_initial_config_and_unlock+0x23ad/0x2b40
   drm_fbdev_client_hotplug+0xbea/0xda0
   drm_fbdev_generic_setup+0x65e/0x9d0
   vkms_init+0x9f3/0xc76
   (...snipped...)

  CPU: 2 PID: 1 Comm: swapper/0 Not tainted 6.1.0-rc4-00356-g8f2975c2bb4c #924
  Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006
  ----------

Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Link: https://patchwork.freedesktop.org/patch/msgid/cad03d25-0ea0-32c4-8173-fd1895314bce@I-love.SAKURA.ne.jp
 		2022-11-22 15:48:02 +01:00
..
Makefile
bitblit.c Revert "fbdev: Garbage collect fbdev scrolling acceleration, part 1 (from TODO list)" 2022-02-02 15:14:56 +01:00
cfbcopyarea.c
cfbfillrect.c
cfbimgblt.c fbdev: Fix cfb_imageblit() for arbitrary image widths 2022-03-25 09:55:54 +10:00
fb_cmdline.c
fb_ddc.c
fb_defio.c fbdev: Rename pagelist to pagereflist for deferred I/O 2022-05-03 16:04:22 +02:00
fb_draw.h
fb_notify.c video: fbdev: core: Fix kernel-doc warnings in fbmon + fb_notify 2020-12-08 18:31:56 +01:00
fb_sys_fops.c
fbcmap.c fbdev: zero-fill colormap in fbcmap.c 2021-04-10 11:12:08 +02:00
fbcon.c fbcon: Use kzalloc() in fbcon_prepare_logo() 2022-11-22 15:48:02 +01:00
fbcon.h fbcon: Replace FBCON_FLAGS_INIT with a boolean 2022-04-07 16:52:13 +02:00
fbcon_ccw.c fbcon: Add option to enable legacy hardware acceleration 2022-02-02 15:16:26 +01:00
fbcon_cw.c fbcon: Add option to enable legacy hardware acceleration 2022-02-02 15:16:26 +01:00
fbcon_rotate.c fbcon: Drop EXPORT_SYMBOL 2020-11-17 11:00:43 +01:00
fbcon_rotate.h fbcon: Add option to enable legacy hardware acceleration 2022-02-02 15:16:26 +01:00
fbcon_ud.c fbcon: Add option to enable legacy hardware acceleration 2022-02-02 15:16:26 +01:00
fbcvt.c video: fbdev: fbcvt.c: fix printing in fb_cvt_print_name() 2022-01-30 21:19:22 +01:00
fbmem.c fbdev: Make registered_fb[] private to fbmem.c 2022-07-27 09:40:18 +02:00
fbmon.c video: fbdev: core: Fix kernel-doc warnings in fbmon + fb_notify 2020-12-08 18:31:56 +01:00
fbsysfs.c fbdev: fbcon: Destroy mutex on freeing struct fb_info 2022-08-24 21:47:08 +02:00
modedb.c
softcursor.c fbcon: Drop EXPORT_SYMBOL 2020-11-17 11:00:43 +01:00
svgalib.c
syscopyarea.c
sysfillrect.c fbdev: Improve performance of sys_fillrect() 2022-03-02 20:20:34 +01:00
sysimgblt.c fbdev: Fix sys_imageblit() for arbitrary image widths 2022-03-25 09:55:52 +10:00
tileblit.c Revert "fbdev: Garbage collect fbdev scrolling acceleration, part 1 (from TODO list)" 2022-02-02 15:14:56 +01:00