mirror of
https://git.proxmox.com/git/mirror_ubuntu-kernels.git
synced 2025-11-13 18:25:48 +00:00
6735b4632d
syzbot has reported an issue in the framebuffer layer, where a malicious user may overflow our built-in font data buffers. In order to perform a reliable range check, subsystems need to know `FONTDATAMAX` for each built-in font. Unfortunately, our font descriptor, `struct console_font` does not contain `FONTDATAMAX`, and is part of the UAPI, making it infeasible to modify it. For user-provided fonts, the framebuffer layer resolves this issue by reserving four extra words at the beginning of data buffers. Later, whenever a function needs to access them, it simply uses the following macros: Recently we have gathered all the above macros to <linux/font.h>. Let us do the same thing for built-in fonts, prepend four extra words (including `FONTDATAMAX`) to their data buffers, so that subsystems can use these macros for all fonts, no matter built-in or user-provided. This patch depends on patch "fbdev, newport_con: Move FONT_EXTRA_WORDS macros into linux/font.h". Cc: stable@vger.kernel.org Link: https://syzkaller.appspot.com/bug?id=08b8be45afea11888776f897895aef9ad1c3ecfd Signed-off-by: Peilin Ye <yepeilin.cs@gmail.com> Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Daniel Vetter <daniel.vetter@ffwll.ch> Link: https://patchwork.freedesktop.org/patch/msgid/ef18af00c35fb3cc826048a5f70924ed6ddce95b.1600953813.git.yepeilin.cs@gmail.com |
||
|---|---|---|
| .. | ||
| font_6x10.c | ||
| font_6x11.c | ||
| font_7x14.c | ||
| font_8x8.c | ||
| font_8x16.c | ||
| font_10x18.c | ||
| font_acorn_8x8.c | ||
| font_mini_4x6.c | ||
| font_pearl_8x8.c | ||
| font_sun8x16.c | ||
| font_sun12x22.c | ||
| font_ter16x32.c | ||
| fonts.c | ||
| Kconfig | ||
| Makefile | ||