Tetsuo Handa
d9b53caf01
fbcon: Use kzalloc() in fbcon_prepare_logo() ...
[ Upstream commit a6a00d7e8ffd78d1cdb7a43f1278f081038c638f ]
A kernel built with syzbot's config file reported that
scr_memcpyw(q, save, array3_size(logo_lines, new_cols, 2))
causes uninitialized "save" to be copied.
----------
[drm] Initialized vgem 1.0.0 20120112 for vgem on minor 0
[drm] Initialized vkms 1.0.0 20180514 for vkms on minor 1
Console: switching to colour frame buffer device 128x48
=====================================================
BUG: KMSAN: uninit-value in do_update_region+0x4b8/0xba0
do_update_region+0x4b8/0xba0
update_region+0x40d/0x840
fbcon_switch+0x3364/0x35e0
redraw_screen+0xae3/0x18a0
do_bind_con_driver+0x1cb3/0x1df0
do_take_over_console+0x11cb/0x13f0
fbcon_fb_registered+0xacc/0xfd0
register_framebuffer+0x1179/0x1320
__drm_fb_helper_initial_config_and_unlock+0x23ad/0x2b40
drm_fbdev_client_hotplug+0xbea/0xda0
drm_fbdev_generic_setup+0x65e/0x9d0
vkms_init+0x9f3/0xc76
(...snipped...)
Uninit was stored to memory at:
fbcon_prepare_logo+0x143b/0x1940
fbcon_init+0x2c1b/0x31c0
visual_init+0x3e7/0x820
do_bind_con_driver+0x14a4/0x1df0
do_take_over_console+0x11cb/0x13f0
fbcon_fb_registered+0xacc/0xfd0
register_framebuffer+0x1179/0x1320
__drm_fb_helper_initial_config_and_unlock+0x23ad/0x2b40
drm_fbdev_client_hotplug+0xbea/0xda0
drm_fbdev_generic_setup+0x65e/0x9d0
vkms_init+0x9f3/0xc76
(...snipped...)
Uninit was created at:
__kmem_cache_alloc_node+0xb69/0x1020
__kmalloc+0x379/0x680
fbcon_prepare_logo+0x704/0x1940
fbcon_init+0x2c1b/0x31c0
visual_init+0x3e7/0x820
do_bind_con_driver+0x14a4/0x1df0
do_take_over_console+0x11cb/0x13f0
fbcon_fb_registered+0xacc/0xfd0
register_framebuffer+0x1179/0x1320
__drm_fb_helper_initial_config_and_unlock+0x23ad/0x2b40
drm_fbdev_client_hotplug+0xbea/0xda0
drm_fbdev_generic_setup+0x65e/0x9d0
vkms_init+0x9f3/0xc76
(...snipped...)
CPU: 2 PID: 1 Comm: swapper/0 Not tainted 6.1.0-rc4-00356-g8f2975c2bb4c #924
Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006
----------
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Link: https://patchwork.freedesktop.org/patch/msgid/cad03d25-0ea0-32c4-8173-fd1895314bce@I-love.SAKURA.ne.jp
Signed-off-by: Sasha Levin <sashal@kernel.org>
2022-12-14 11:31:54 +01:00
2020-09-18 14:45:44 +02:00
2022-12-14 11:31:54 +01:00
2020-09-08 13:33:10 +02:00
2020-05-06 19:29:10 +02:00
2020-01-30 08:04:01 -08:00
2021-09-18 13:40:22 +02:00
2022-04-08 14:40:05 +02:00
2020-04-08 12:09:15 +02:00
2020-08-23 17:36:59 -05:00
2022-04-08 14:40:33 +02:00
2020-08-23 17:36:59 -05:00
2022-04-08 14:40:35 +02:00
2021-09-18 13:40:22 +02:00
2020-09-08 13:33:15 +02:00
2022-08-21 15:16:10 +02:00
2020-01-06 09:45:59 +01:00
2020-09-14 18:11:40 +02:00
2020-01-03 14:27:43 +01:00
2020-08-23 17:36:59 -05:00
2019-06-19 17:09:55 +02:00
2022-08-21 15:16:10 +02:00
2020-07-10 16:17:20 +02:00
2020-08-23 17:36:59 -05:00
2022-08-21 15:16:13 +02:00
2021-09-18 13:40:22 +02:00
2022-04-08 14:39:56 +02:00
2022-04-08 14:40:06 +02:00
2019-12-05 10:57:53 +02:00
2019-06-03 16:00:08 +02:00
2019-12-05 10:57:53 +02:00
2019-12-05 10:57:53 +02:00
2019-12-05 10:57:53 +02:00
2020-03-09 11:12:19 +01:00
2020-01-30 08:04:01 -08:00
2019-12-05 10:57:53 +02:00
2019-12-05 10:57:53 +02:00
2020-01-15 17:31:50 +01:00
2022-09-15 11:32:03 +02:00
2022-04-08 14:40:34 +02:00
2019-12-05 10:57:53 +02:00
2019-12-05 10:57:53 +02:00
2022-04-08 14:40:06 +02:00
2019-05-30 11:26:32 -07:00
2020-09-08 13:33:16 +02:00
2019-06-19 17:09:55 +02:00
2020-07-10 16:17:28 +02:00
2019-12-05 10:57:53 +02:00
2020-08-20 06:26:22 +02:00
2020-07-20 11:47:29 +02:00
2019-12-05 10:57:53 +02:00
2019-12-05 10:57:53 +02:00
2020-08-23 17:36:59 -05:00
2020-02-19 10:58:22 -08:00
2021-10-13 10:04:28 +02:00
2019-12-05 10:57:53 +02:00
2020-07-20 11:47:29 +02:00
2020-08-23 17:36:59 -05:00
2019-12-05 10:57:53 +02:00
2021-05-26 12:06:57 +02:00
2020-06-09 09:39:13 -07:00
2020-06-17 10:57:41 -07:00
2022-06-14 18:32:38 +02:00
2022-09-23 14:16:58 +02:00
2021-05-26 12:06:54 +02:00
2021-07-14 16:56:15 +02:00
2021-03-04 11:37:36 +01:00
2019-12-05 10:57:53 +02:00
2020-07-20 11:47:29 +02:00
2020-10-15 10:46:16 -07:00
2019-12-05 10:57:53 +02:00
2020-07-20 11:47:29 +02:00
2020-04-12 22:09:35 +02:00
2020-07-10 16:17:24 +02:00
2020-01-03 14:27:49 +01:00
2020-08-23 17:36:59 -05:00
2019-12-05 10:57:53 +02:00
2019-12-05 10:57:53 +02:00
2022-09-05 10:28:56 +02:00
2020-07-16 12:35:15 -07:00
2020-01-30 08:04:01 -08:00
2020-01-30 08:04:01 -08:00
2020-01-30 08:04:01 -08:00
2020-08-04 07:37:23 +02:00
2020-08-05 19:47:22 +02:00
2022-09-23 14:17:00 +02:00
2020-08-23 17:36:59 -05:00
2020-08-23 17:36:59 -05:00
2019-08-26 10:02:02 +02:00
2020-06-09 09:39:13 -07:00
2020-04-17 15:50:12 +02:00
2020-08-20 17:48:12 +02:00
2020-08-20 17:48:12 +02:00
2020-08-23 17:36:59 -05:00
2022-08-21 15:16:13 +02:00
2020-08-23 17:36:59 -05:00
2020-04-17 15:50:11 +02:00
2020-01-30 08:04:01 -08:00
2020-08-23 17:36:59 -05:00
2019-06-12 20:28:11 +02:00
2019-12-05 10:57:53 +02:00
2019-12-05 10:57:53 +02:00
2020-08-23 17:36:59 -05:00
2022-04-08 14:40:36 +02:00
2022-11-03 23:57:49 +09:00
2020-09-08 13:33:03 +02:00
2020-09-08 13:33:24 +02:00
2022-06-09 10:20:49 +02:00
2022-11-10 18:14:21 +01:00
2019-12-05 10:57:53 +02:00
2019-12-05 10:57:53 +02:00
2019-12-05 10:57:53 +02:00
2019-12-05 10:57:53 +02:00
2020-08-23 17:36:59 -05:00
2020-09-08 13:33:25 +02:00
2019-12-05 10:57:53 +02:00
2020-01-30 08:04:01 -08:00
2022-05-09 09:05:00 +02:00
2020-06-21 09:58:55 +02:00
2020-05-06 21:04:45 +02:00
2019-05-30 11:26:32 -07:00
2020-04-17 15:50:14 +02:00
2019-12-05 10:57:53 +02:00
2022-01-20 09:17:50 +01:00
2020-04-17 15:50:08 +02:00
2019-06-05 17:36:37 +02:00
2022-08-21 15:16:13 +02:00
2022-04-08 14:40:33 +02:00
2019-06-19 17:09:55 +02:00
2019-06-05 17:36:37 +02:00
2020-03-02 16:32:04 +01:00
2019-06-05 17:36:37 +02:00
2020-08-23 17:36:59 -05:00
2019-12-05 10:57:53 +02:00
d9b53caf01