[SRU Focal PATCH 3/3] fbmem: Check virtual screen sizes in fb_set_var()

Cengiz Can cengiz.can at canonical.com
Fri Aug 5 10:09:43 UTC 2022


From: Helge Deller <deller at gmx.de>

commit 6c11df58fd1ac0aefcb3b227f72769272b939e56 upstream.

Verify that the fbdev or drm driver correctly adjusted the virtual
screen sizes. On failure report the failing driver and reject the screen
size change.

Signed-off-by: Helge Deller <deller at gmx.de>
Reviewed-by: Geert Uytterhoeven <geert at linux-m68k.org>
Cc: stable at vger.kernel.org # v5.4+
Signed-off-by: Greg Kroah-Hartman <gregkh at linuxfoundation.org>
CVE-2021-33655
(cherry picked from commit 997d86cd3e39251f75c2302b538e74b4e8c9e8f7 linux-5.4.y)
Signed-off-by: Cengiz Can <cengiz.can at canonical.com>
---
 drivers/video/fbdev/core/fbmem.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/drivers/video/fbdev/core/fbmem.c b/drivers/video/fbdev/core/fbmem.c
index e976542326552..d3baff9db0c85 100644
--- a/drivers/video/fbdev/core/fbmem.c
+++ b/drivers/video/fbdev/core/fbmem.c
@@ -1014,6 +1014,16 @@ fb_set_var(struct fb_info *info, struct fb_var_screeninfo *var)
 	if (ret)
 		return ret;
 
+	/* verify that virtual resolution >= physical resolution */
+	if (var->xres_virtual < var->xres ||
+	    var->yres_virtual < var->yres) {
+		pr_warn("WARNING: fbcon: Driver '%s' missed to adjust virtual screen size (%ux%u vs. %ux%u)\n",
+			info->fix.id,
+			var->xres_virtual, var->yres_virtual,
+			var->xres, var->yres);
+		return -EINVAL;
+	}
+
 	if ((var->activate & FB_ACTIVATE_MASK) != FB_ACTIVATE_NOW)
 		return 0;
 
-- 
2.34.1




More information about the kernel-team mailing list