korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2024-11-15 16:24:13 +08:00
Code Issues Packages Projects Releases Wiki Activity
1802146901
linux/drivers
History
Nam Cao 1802146901 fbdev: fix incorrect address computation in deferred IO 
commit 78d9161d2b upstream.

With deferred IO enabled, a page fault happens when data is written to the
framebuffer device. Then driver determines which page is being updated by
calculating the offset of the written virtual address within the virtual
memory area, and uses this offset to get the updated page within the
internal buffer. This page is later copied to hardware (thus the name
"deferred IO").

This offset calculation is only correct if the virtual memory area is
mapped to the beginning of the internal buffer. Otherwise this is wrong.
For example, if users do:
    mmap(ptr, 4096, PROT_WRITE, MAP_FIXED | MAP_SHARED, fd, 0xff000);

Then the virtual memory area will mapped at offset 0xff000 within the
internal buffer. This offset 0xff000 is not accounted for, and wrong page
is updated.

Correct the calculation by using vmf->pgoff instead. With this change, the
variable "offset" will no longer hold the exact offset value, but it is
rounded down to multiples of PAGE_SIZE. But this is still correct, because
this variable is only used to calculate the page offset.

Reported-by: Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com>
Closes: https://lore.kernel.org/linux-fbdev/271372d6-e665-4e7f-b088-dee5f4ab341a@oracle.com
Fixes: 56c134f7f1 ("fbdev: Track deferred-I/O pages in pageref struct")
Cc: <stable@vger.kernel.org>
Signed-off-by: Nam Cao <namcao@linutronix.de>
Reviewed-by: Thomas Zimmermann <tzimmermann@suse.de>
Tested-by: Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com>
Signed-off-by: Thomas Zimmermann <tzimmermann@suse.de>
Link: https://patchwork.freedesktop.org/patch/msgid/20240423115053.4490-1-namcao@linutronix.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2024-05-02 16:35:31 +02:00
..
accel accel/ivpu: Fix deadlock in context_xa 2024-04-17 11:23:37 +02:00
accessibility speakup: Avoid crash on very long word 2024-04-27 17:13:01 +02:00
acpi ACPI: CPPC: Fix access width used for PCC registers 2024-05-02 16:35:30 +02:00
amba
android binder: check offset alignment in binder_get_object() 2024-04-27 17:12:58 +02:00
ata ata: libata-scsi: Fix ata_scsi_dev_rescan() error path 2024-04-17 11:23:23 +02:00
atm atm: idt77252: fix a memleak in open_card_ubr0 2024-02-03 12:46:13 +00:00
auxdisplay drm-next for 6.8: 2024-01-12 11:32:19 -08:00
base base/node / ACPI: Enumerate node access class for 'struct access_coordinate' 2024-04-17 11:23:29 +02:00
bcma
block aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts 2024-03-26 18:16:29 -04:00
bluetooth Bluetooth: qca: fix NULL-deref on non-serdev setup 2024-05-02 16:35:26 +02:00
bus bus: mhi: host: Add MHI_PM_SYS_ERR_FAIL state 2024-04-13 13:10:08 +02:00
cache cache: ax45mp_cache: Align end size to cache boundary in ax45mp_dma_cache_wback() 2024-02-21 16:24:10 +00:00
cdrom
cdx cdx: Unlock on error path in rescan_store() 2024-01-04 17:01:14 +01:00
char random: handle creditable entropy from atomic process context 2024-04-27 17:12:48 +02:00
clk clk: mediatek: mt7988-infracfg: fix clocks for 2nd PCIe port 2024-04-27 17:12:56 +02:00
clocksource clocksource/drivers/arm_global_timer: Fix maximum prescaler value 2024-04-03 15:32:32 +02:00
comedi comedi: vmk80xx: fix incomplete endpoint checking 2024-04-27 17:12:58 +02:00
connector connector/cn_proc: revert "connector: Fix proc_event_num_listeners count not cleared" 2024-02-13 11:15:44 +01:00
counter counter: fix privdata alignment 2024-02-16 18:51:00 -05:00
cpufreq cpufreq: Don't unregister cpufreq cooling on CPU hotplug 2024-04-13 13:10:01 +02:00
cpuidle cpuidle: Avoid potential overflow in integer multiplication 2024-04-13 13:09:58 +02:00
crypto crypto: iaa - Fix async_disable descriptor leak 2024-04-13 13:10:07 +02:00
cxl cxl/core: Fix potential payload size confusion in cxl_mem_get_poison() 2024-05-02 16:35:16 +02:00
dax New code for 6.8: 2024-01-10 08:45:22 -08:00
dca
devfreq PM / devfreq: Synchronize devfreq_monitor_[start/stop] 2023-12-19 07:58:27 +09:00
dio
dma dmaengine: xilinx: xdma: Fix synchronization issue 2024-05-02 16:35:29 +02:00
dma-buf dma-buf: Fix NULL pointer dereference in sanitycheck() 2024-04-10 16:37:54 +02:00
dpll dpll: fix dpll_pin_on_pin_register() for multiple parent pins 2024-05-02 16:35:22 +02:00
edac Driver core changes for 6.8-rc1 2024-01-18 09:48:40 -08:00
eisa
extcon
firewire firewire: ohci: prevent leak of left-over IRQ on unbind 2024-03-06 22:35:22 +09:00
firmware firmware: arm_scmi: Make raw debugfs entries non-seekable 2024-04-17 11:23:26 +02:00
fpga Char/Misc and other Driver changes for 6.8-rc1 2024-01-17 16:47:17 -08:00
fsi
gnss TTY/Serial changes for 6.8-rc1 2024-01-18 11:37:24 -08:00
gpio gpio: tegra186: Fix tegra186_gpio_is_accessible() check 2024-05-02 16:35:17 +02:00
gpu drm/amdkfd: Fix eviction fence handling 2024-05-02 16:35:29 +02:00
greybus TTY/Serial changes for 6.8-rc1 2024-01-18 11:37:24 -08:00
hid HID: i2c-hid: Revert to await reset ACK before reading report descriptor 2024-05-02 16:35:27 +02:00
hsi
hte
hv x86/hyperv: Use per cpu initial stack for vtl context 2024-03-26 18:17:30 -04:00
hwmon hwmon: (amc6821) add of_match table 2024-04-03 15:32:16 +02:00
hwspinlock
hwtracing hwtracing: hisi_ptt: Move type check to the beginning of hisi_ptt_pmu_event_init() 2024-03-26 18:17:30 -04:00
i2c i2c: designware: Fix RX FIFO depth define on Wangxun 10Gb NIC 2024-04-13 13:10:06 +02:00
i3c i3c: dw: Disable IBI IRQ depends on hot-join and SIR enabling 2024-03-26 18:17:24 -04:00
idle Power management updates for 6.8-rc1 2024-01-09 16:32:11 -08:00
iio iio: adc: rockchip_saradc: use mask for write_enable bitfield 2024-04-03 15:32:08 +02:00
infiniband RDMA/mlx5: Fix port number for counter query in multi-port configuration 2024-04-27 17:12:53 +02:00
input Input: xpad - add support for Snakebyte GAMEPADs 2024-04-13 13:10:08 +02:00
interconnect interconnect: Don't access req_list while it's being manipulated 2024-04-27 17:12:56 +02:00
iommu iommufd: Add missing IOMMUFD_DRIVER kconfig for the selftest 2024-04-27 17:12:54 +02:00
ipack TTY/Serial changes for 6.8-rc1 2024-01-18 11:37:24 -08:00
irqchip irqchip/gic-v3-its: Prevent double free on error 2024-05-02 16:35:30 +02:00
isdn
leds leds: trigger: netdev: Fix kernel panic on interface rename trig notify 2024-04-03 15:32:15 +02:00
macintosh
mailbox mediatek: add CMDQ support for mt8188 2024-01-17 15:39:32 -08:00
mcb mcb: core: fix kernel-doc warnings 2023-12-15 17:07:05 +01:00
md raid1: fix use-after-free for original bio in raid1_write_request() 2024-04-17 11:23:24 +02:00
media media: cec: core: remove length check of Timer Status 2024-04-17 11:23:25 +02:00
memory memory: tegra: Correct DLA client names 2024-03-26 18:16:46 -04:00
memstick
message
mfd mfd: intel-lpss: Introduce QUIRK_CLOCK_DIVIDER_UNITY for XPS 9530 2024-04-03 15:32:35 +02:00
misc eeprom: at24: fix memory corruption race condition 2024-05-02 16:35:28 +02:00
mmc mmc: sdhci-of-dwcmshc: th1520: Increase tuning loop count to 128 2024-05-02 16:35:26 +02:00
most
mtd mtd: rawnand: qcom: Fix broken OP_RESET_DEVICE command in qcom_misc_cmd_type_exec() 2024-05-02 16:35:26 +02:00
mux mux: mmio: use reg property when parent device is not a syscon 2024-01-04 17:01:14 +01:00
net macsec: Detect if Rx skb is macsec-related for offloading devices that update md_dst 2024-05-02 16:35:31 +02:00
nfc NFC: trf7970a: disable all regulators on removal 2024-05-02 16:35:16 +02:00
ntb NTB: fix possible name leak in ntb_register_device() 2024-03-26 18:17:06 -04:00
nubus nubus: Make nubus_bus_type static and constant 2024-01-03 13:33:59 +01:00
nvdimm virtio: features, fixes 2024-01-18 16:44:03 -08:00
nvme drivers/nvme: Add quirks for device 126f:2262 2024-04-13 13:10:10 +02:00
nvmem nvmem: meson-efuse: fix function pointer type mismatch 2024-04-03 15:32:16 +02:00
of of: module: prevent NULL pointer dereference in vsnprintf() 2024-04-10 16:38:19 +02:00
opp OPP: debugfs: Fix warning around icc_get_name() 2024-03-26 18:16:56 -04:00
parisc parisc/power: Fix power soft-off button emulation on qemu 2024-01-07 22:59:16 +01:00
parport parport: parport_serial: Add Brainboxes device IDs and geometry 2023-12-15 19:54:56 +01:00
pci PCI: hv: Fix ring buffer size calculation 2024-04-03 15:32:18 +02:00
pcmcia pcmcia: xxs1500_ss: Convert to platform remove callback returning void 2023-12-15 17:07:28 +01:00
peci
perf drivers/perf: hisi: Enable HiSilicon Erratum 162700402 quirk for HIP09 2024-04-13 13:10:07 +02:00
phy phy: tegra: xusb: Add API to retrieve the port number of phy 2024-04-03 15:32:16 +02:00
pinctrl pinctrl: renesas: checker: Limit cfg reg enum checks to provided IDs 2024-04-13 13:10:03 +02:00
platform platform/x86/amd/pmc: Extend Framework 13 quirk to more BIOSes 2024-04-27 17:12:55 +02:00
pmdomain pmdomain: imx8mp-blk-ctrl: imx8mp_blk: Add fdcc clock to hdmimix domain 2024-04-13 13:09:59 +02:00
pnp More ACPI updates for 6.8-rc1 2024-01-17 14:37:40 -08:00
power power: supply: mm8013: fix "not charging" detection 2024-03-26 18:17:17 -04:00
powercap powercap: intel_rapl_tpmi: Fix System Domain probing 2024-04-03 15:32:04 +02:00
pps
ps3
ptp Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2024-01-04 18:06:46 -08:00
pwm pwm: img: fix pwm clock lookup 2024-04-03 15:32:35 +02:00
rapidio rapidio/tsi721: fix kernel-doc warnings 2023-12-20 15:02:57 -08:00
ras
regulator regulator: userspace-consumer: add module device table 2024-03-26 18:16:50 -04:00
remoteproc remoteproc: virtio: Fix wdg cannot recovery remote processor 2024-04-03 15:32:01 +02:00
reset SoC: driver updates for 6.8 2024-01-11 11:31:46 -08:00
rpmsg rpmsg: virtio: Free driver_override when rpmsg_remove() 2023-12-18 10:56:03 -07:00
rtc rtc: max31335: fix interrupt status reg 2024-03-26 18:17:30 -04:00
s390 s390/cio: fix race condition during online processing 2024-04-27 17:12:54 +02:00
sbus
scsi scsi: core: Fix handling of SCMD_FAIL_IF_RECOVERING 2024-04-27 17:12:48 +02:00
sh maple: make maple_bus_type static and const 2024-01-04 14:37:17 +01:00
siox
slimbus slimbus: core: Remove usage of the deprecated ida_simple_xx() API 2024-04-03 15:32:16 +02:00
soc soc: mediatek: mtk-svs: Append "-thermal" to thermal zone names 2024-05-02 16:35:16 +02:00
soundwire ASoC: Intel: common: DMI remap for rebranded Intel NUC M15 (LAPRC710) laptops 2024-04-13 13:10:04 +02:00
spi spi: mchp-pci1xxx: Fix a possible null pointer dereference in pci1xxx_spi_probe 2024-04-10 16:38:13 +02:00
spmi spmi: mediatek: add device id check 2023-12-15 17:27:04 +01:00
ssb
staging staging: vc04_services: fix information leak in create_component() 2024-04-03 15:32:45 +02:00
target scsi: target: pscsi: Fix bio_put() for error case 2024-02-15 14:44:07 -05:00
tc
tee tee: optee: Fix kernel panic caused by incorrect error handling 2024-03-04 09:49:03 +01:00
thermal thermal/debugfs: Add missing count increment to thermal_debug_tz_trip_up() 2024-04-27 17:12:55 +02:00
thunderbolt thunderbolt: Reset only non-USB4 host routers in resume 2024-04-27 17:13:04 +02:00
tty serial: core: Fix missing shutdown and startup for serial base port 2024-04-27 17:12:59 +02:00
ufs scsi: ufs: qcom: Add missing interconnect bandwidth values for Gear 5 2024-04-27 17:12:49 +02:00
uio uio: Fix use-after-free in uio_open 2024-01-04 17:03:47 +01:00
usb usb: xhci: correct return value in case of STS_HCE 2024-05-02 16:35:23 +02:00
vdpa vdpa/mlx5: Allow CVQ size changes 2024-03-26 18:17:35 -04:00
vfio vfio/pds: Make sure migration file isn't accessed after reset 2024-04-03 15:32:44 +02:00
vhost vhost: Add smp_rmb() in vhost_enable_notify() 2024-04-17 11:23:39 +02:00
video fbdev: fix incorrect address computation in deferred IO 2024-05-02 16:35:31 +02:00
virt Revert "vmgenid: emit uevent when VMGENID updates" 2024-04-27 17:12:48 +02:00
virtio virtio: reenable config if freezing device failed 2024-04-03 15:32:25 +02:00
w1 w1: ds2433: add support for ds28ec20 eeprom 2023-12-20 09:25:25 +01:00
watchdog watchdog: stm32_iwdg: initialize default timeout 2024-03-26 18:17:25 -04:00
xen x86/xen: attempt to inflate the memory balloon on PVH 2024-04-13 13:10:10 +02:00
zorro
Kconfig
Makefile fbdev/intelfb: Remove driver 2024-01-12 12:38:37 +01:00