lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <3d455074-bd51-51a0-7692-a0b4ca961355@suse.de>
Date:   Thu, 20 Apr 2023 14:59:17 +0200
From:   Thomas Zimmermann <tzimmermann@...e.de>
To:     Geert Uytterhoeven <geert@...ux-m68k.org>
Cc:     Lucas De Marchi <lucas.demarchi@...el.com>,
        linux-fbdev@...r.kernel.org, Li Yi <liyi@...ngson.cn>,
        Helge Deller <deller@....de>, linux-kernel@...r.kernel.org,
        Sui Jingfeng <15330273260@....cn>,
        loongson-kernel@...ts.loongnix.cn, dri-devel@...ts.freedesktop.org
Subject: Re: [PATCH v5] drm/fbdev-generic: prohibit potential out-of-bounds
 access

Hi

Am 20.04.23 um 14:25 schrieb Geert Uytterhoeven:
> Hi Thomas,
> 
> On Thu, Apr 20, 2023 at 1:10 PM Thomas Zimmermann <tzimmermann@...e.de> wrote:
>> Am 20.04.23 um 12:04 schrieb Sui Jingfeng:
>>> What will happen if the 'screen_size' is not page_size aligned and mmap
>>> will mapping in the granularity of pages ?
>>
>> You need to map at page granularity. If screen_size is not page-size
>> aligned, there's this trailing buffer that is accessible, but cannot be
>> displayed. But userspace has no direct way of knowing that, so let's
>> ignore that problem for now.
> 
> Userspace can know, if fb_fix_screeninfo.smem_{start,len} match
> the actual offset and size.

Can you elaborate? How can userspace detect/compute the actually usable 
space?

 From grep'ing fbdev drivers, smem_len appears to be a multiple of the 
pagesize. (?) screen_size is not exported and line_length in the fixed 
portion. Or can line_length change between modes? In that case it should 
be (yres_virtual * line_length), right?

Best regards
Thomas


> 
> Gr{oetje,eeting}s,
> 
>                          Geert
> 

-- 
Thomas Zimmermann
Graphics Driver Developer
SUSE Software Solutions Germany GmbH
Frankenstrasse 146, 90461 Nuernberg, Germany
GF: Ivo Totev, Andrew Myers, Andrew McDonald, Boudien Moerman
HRB 36809 (AG Nuernberg)

Download attachment "OpenPGP_signature" of type "application/pgp-signature" (841 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ