summaryrefslogtreecommitdiffstats
path: root/fs/ceph
diff options
context:
space:
mode:
authorPeilin Ye <yepeilin.cs@gmail.com>2020-09-24 09:42:22 -0400
committerDaniel Vetter <daniel.vetter@ffwll.ch>2020-09-25 10:28:51 +0200
commit6735b4632def0640dbdf4eb9f99816aca18c4f16 (patch)
tree825c601e20be625422c729dbd83442034c1e25a0 /fs/ceph
parentbb0890b4cd7f8203e3aa99c6d0f062d6acdaad27 (diff)
downloadlinux-stable-6735b4632def0640dbdf4eb9f99816aca18c4f16.tar.gz
linux-stable-6735b4632def0640dbdf4eb9f99816aca18c4f16.tar.bz2
linux-stable-6735b4632def0640dbdf4eb9f99816aca18c4f16.zip
Fonts: Support FONT_EXTRA_WORDS macros for built-in fonts
syzbot has reported an issue in the framebuffer layer, where a malicious user may overflow our built-in font data buffers. In order to perform a reliable range check, subsystems need to know `FONTDATAMAX` for each built-in font. Unfortunately, our font descriptor, `struct console_font` does not contain `FONTDATAMAX`, and is part of the UAPI, making it infeasible to modify it. For user-provided fonts, the framebuffer layer resolves this issue by reserving four extra words at the beginning of data buffers. Later, whenever a function needs to access them, it simply uses the following macros: Recently we have gathered all the above macros to <linux/font.h>. Let us do the same thing for built-in fonts, prepend four extra words (including `FONTDATAMAX`) to their data buffers, so that subsystems can use these macros for all fonts, no matter built-in or user-provided. This patch depends on patch "fbdev, newport_con: Move FONT_EXTRA_WORDS macros into linux/font.h". Cc: stable@vger.kernel.org Link: https://syzkaller.appspot.com/bug?id=08b8be45afea11888776f897895aef9ad1c3ecfd Signed-off-by: Peilin Ye <yepeilin.cs@gmail.com> Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Daniel Vetter <daniel.vetter@ffwll.ch> Link: https://patchwork.freedesktop.org/patch/msgid/ef18af00c35fb3cc826048a5f70924ed6ddce95b.1600953813.git.yepeilin.cs@gmail.com
Diffstat (limited to 'fs/ceph')
0 files changed, 0 insertions, 0 deletions