Hi Rusin,
Thank you for your timely response. I tested that this bug is not
reproducible in v6.2-rc5 yesterday.
On 1/31/23 03:54, Zack Rusin wrote:
On Tue, 2023-01-31 at 00:36 +0800, Keyu Tao wrote:
!! External Email
Hi vmwgfx maintainers,
An out-of-bound access in vmwgfx specific
Hi vmwgfx maintainers,
An out-of-bound access in vmwgfx specific framebuffer implementation can
be easily triggered by fbterm (a framebuffer terminal emulator) when it
is going to scroll screen.
With some debugging, it seems that vmw_fb_dirty_flush() cannot handle
the vinfo.yoffset correctly
Continued testing and found that this bug:
- Not reproducible in current Linux 6.2-rcX mainline
- Reproducible in Linux 6.1.7-1 (bookworm kernel package)
The git history of drivers/gpu/drm/vmwgfx shows that the offending
function `vmw_fb_dirty_flush()` in file vmwgfx_fb.c has been removed by
c
);
dst_ptr += par->set_fb->pitches[0];
src_ptr += info->fix.line_length;
}
// ...
```
(so it is a out-of-bound read for real?)
On 1/25/23 18:18, Keyu Tao wrote:
Source: linux
Severity: normal
X-Debbugs-Cc: taok...@outlook.com
Dear Maintainer
Source: linux
Severity: normal
X-Debbugs-Cc: taok...@outlook.com
Dear Maintainer,
It seems that fbterm triggers an out-of-bound memory write (memcpy) when vmwgfx
loads.
Dmesg oops message:
[ 214.780971] BUG: unable to handle page fault for address: ae3dc1171000
[ 214.781348] #PF: supervi
5 matches
Mail list logo
