diff options
author | Peilin Ye <yepeilin.cs@gmail.com> | 2020-09-24 09:42:22 -0400 |
---|---|---|
committer | Daniel Vetter <daniel.vetter@ffwll.ch> | 2020-09-25 10:28:51 +0200 |
commit | 6735b4632def0640dbdf4eb9f99816aca18c4f16 (patch) | |
tree | 825c601e20be625422c729dbd83442034c1e25a0 /samples/seccomp | |
parent | bb0890b4cd7f8203e3aa99c6d0f062d6acdaad27 (diff) | |
download | linux-stable-6735b4632def0640dbdf4eb9f99816aca18c4f16.tar.gz linux-stable-6735b4632def0640dbdf4eb9f99816aca18c4f16.tar.bz2 linux-stable-6735b4632def0640dbdf4eb9f99816aca18c4f16.zip |
Fonts: Support FONT_EXTRA_WORDS macros for built-in fonts
syzbot has reported an issue in the framebuffer layer, where a malicious
user may overflow our built-in font data buffers.
In order to perform a reliable range check, subsystems need to know
`FONTDATAMAX` for each built-in font. Unfortunately, our font descriptor,
`struct console_font` does not contain `FONTDATAMAX`, and is part of the
UAPI, making it infeasible to modify it.
For user-provided fonts, the framebuffer layer resolves this issue by
reserving four extra words at the beginning of data buffers. Later,
whenever a function needs to access them, it simply uses the following
macros:
Recently we have gathered all the above macros to <linux/font.h>. Let us
do the same thing for built-in fonts, prepend four extra words (including
`FONTDATAMAX`) to their data buffers, so that subsystems can use these
macros for all fonts, no matter built-in or user-provided.
This patch depends on patch "fbdev, newport_con: Move FONT_EXTRA_WORDS
macros into linux/font.h".
Cc: stable@vger.kernel.org
Link: https://syzkaller.appspot.com/bug?id=08b8be45afea11888776f897895aef9ad1c3ecfd
Signed-off-by: Peilin Ye <yepeilin.cs@gmail.com>
Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Link: https://patchwork.freedesktop.org/patch/msgid/ef18af00c35fb3cc826048a5f70924ed6ddce95b.1600953813.git.yepeilin.cs@gmail.com
Diffstat (limited to 'samples/seccomp')
0 files changed, 0 insertions, 0 deletions