Minki/linux
1
0
Fork 1
mirror of https://github.com/torvalds/linux.git synced 2024-11-22 12:11:40 +00:00
Code Issues Packages Projects Releases Wiki Activity
A mirror of the official Linux kernel repository just in case
1,306,609 Commits 7 Branches 862 Tags 6.4 GiB
C 97.6%
Assembly 1%
Shell 0.5%
Python 0.3%
Makefile 0.3%
5b97eebcce
Go to file
Qianqiang Liu 5b97eebcce fbcon: Fix a NULL pointer dereference issue in fbcon_putcs 
syzbot has found a NULL pointer dereference bug in fbcon.
Here is the simplified C reproducer:

struct param {
	uint8_t type;
	struct tiocl_selection ts;
};

int main()
{
	struct fb_con2fbmap con2fb;
	struct param param;

	int fd = open("/dev/fb1", 0, 0);

	con2fb.console = 0x19;
	con2fb.framebuffer = 0;
	ioctl(fd, FBIOPUT_CON2FBMAP, &con2fb);

	param.type = 2;
	param.ts.xs = 0; param.ts.ys = 0;
	param.ts.xe = 0; param.ts.ye = 0;
	param.ts.sel_mode = 0;

	int fd1 = open("/dev/tty1", O_RDWR, 0);
	ioctl(fd1, TIOCLINUX, &param);

	con2fb.console = 1;
	con2fb.framebuffer = 0;
	ioctl(fd, FBIOPUT_CON2FBMAP, &con2fb);

	return 0;
}

After calling ioctl(fd1, TIOCLINUX, &param), the subsequent ioctl(fd, FBIOPUT_CON2FBMAP, &con2fb)
causes the kernel to follow a different execution path:

 set_con2fb_map
  -> con2fb_init_display
   -> fbcon_set_disp
    -> redraw_screen
     -> hide_cursor
      -> clear_selection
       -> highlight
        -> invert_screen
         -> do_update_region
          -> fbcon_putcs
           -> ops->putcs

Since ops->putcs is a NULL pointer, this leads to a kernel panic.
To prevent this, we need to call set_blitting_type() within set_con2fb_map()
to properly initialize ops->putcs.

Reported-by: syzbot+3d613ae53c031502687a@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=3d613ae53c031502687a
Tested-by: syzbot+3d613ae53c031502687a@syzkaller.appspotmail.com
Signed-off-by: Qianqiang Liu <qianqiang.liu@163.com>
Signed-off-by: Helge Deller <deller@gmx.de>
2024-09-26 18:20:27 +02:00
arch i2c-for-6.12-rc1 2024-09-23 14:34:19 -07:00
block vfs-6.12.blocksize 2024-09-20 17:53:17 -07:00
certs kbuild: use $(src) instead of $(srctree)/$(src) for source directory 2024-05-10 04:34:52 +09:00
crypto crypto: aegis128 - Fix indentation issue in crypto_aegis128_process_crypt() 2024-09-13 18:26:52 +08:00
Documentation media updates for v6.12-rc1 2024-09-23 15:27:58 -07:00
drivers fbcon: Fix a NULL pointer dereference issue in fbcon_putcs 2024-09-26 18:20:27 +02:00
fs NFSD 6.12 Release Notes 2024-09-23 12:01:45 -07:00
include media updates for v6.12-rc1 2024-09-23 15:27:58 -07:00
init sched_ext: Initial pull request for v6.12 2024-09-21 09:44:57 -07:00
io_uring struct fd layout change (and conversion to accessor helpers) 2024-09-23 09:35:36 -07:00
ipc struct fd layout change (and conversion to accessor helpers) 2024-09-23 09:35:36 -07:00
kernel pci-v6.12-changes 2024-09-23 12:47:06 -07:00
lib The core clk framework is left largely untouched this time around except for 2024-09-23 15:01:48 -07:00
LICENSES LICENSES: add 0BSD license text 2024-09-01 20:43:24 -07:00
mm \n 2024-09-23 10:49:28 -07:00
net NFSD 6.12 Release Notes 2024-09-23 12:01:45 -07:00
rust Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2024-09-05 20:37:20 -07:00
samples bpf-next-6.12 2024-09-21 09:27:50 -07:00
scripts bpf-next-6.12 2024-09-21 09:27:50 -07:00
security struct fd layout change (and conversion to accessor helpers) 2024-09-23 09:35:36 -07:00
sound firewire updates for v6.12 2024-09-23 12:55:27 -07:00
tools pci-v6.12-changes 2024-09-23 12:47:06 -07:00
usr initramfs: shorten cmd_initfs in usr/Makefile 2024-07-16 01:07:52 +09:00
virt struct fd layout change (and conversion to accessor helpers) 2024-09-23 09:35:36 -07:00
.clang-format Docs: Move clang-format from process/ to dev-tools/ 2024-06-26 16:36:00 -06:00
.cocciconfig
.editorconfig .editorconfig: remove trim_trailing_whitespace option 2024-06-13 16:47:52 +02:00
.get_maintainer.ignore Add Jeff Kirsher to .get_maintainer.ignore 2024-03-08 11:36:54 +00:00
.gitattributes .gitattributes: set diff driver for Rust source code files 2023-05-31 17:48:25 +02:00
.gitignore .gitignore: add .gcda files 2024-08-09 13:18:46 +01:00
.mailmap NFSD 6.12 Release Notes 2024-09-23 12:01:45 -07:00
.rustfmt.toml rust: add .rustfmt.toml 2022-09-28 09:02:20 +02:00
COPYING COPYING: state that all contributions really are covered by this file 2020-02-10 13:32:20 -08:00
CREDITS MAINTAINERS: Mark powerpc spufs as orphaned 2024-08-19 21:27:56 +10:00
Kbuild Kbuild updates for v6.1 2022-10-10 12:00:45 -07:00
Kconfig kbuild: ensure full rebuild when the compiler is updated 2020-05-12 13:28:33 +09:00
MAINTAINERS media updates for v6.12-rc1 2024-09-23 15:27:58 -07:00
Makefile Linux 6.11 2024-09-15 16:57:56 +02:00
README README: Fix spelling 2024-03-18 03:36:32 -06:00

README 

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the reStructuredText markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.