video: fbdev: fix divide error in fbcon_switch

This patch fixes the issue due to:

[   89.572883] divide_error: 0000 [#1] SMP KASAN PTI
[   89.572897] CPU: 3 PID: 16083 Comm: repro Not tainted 5.9.0-rc7.20200930.rc1.allarch-19-g3e32d0d.syzk #5
[   89.572902] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 0.5.1 01/01/2011
[   89.572934] RIP: 0010:cirrusfb_check_var+0x84/0x1260

The error happens when the pixels value is calculated before performing the sanity checks on bits_per_pixel.
A bits_per_pixel set to zero causes divide by zero error.

This patch moves the calculation after the sanity check.

Signed-off-by: Saeed Mirzamohammadi <saeed.mirzamohammadi@oracle.com>
Tested-by: Saeed Mirzamohammadi <saeed.mirzamohammadi@oracle.com>
Reviewed-by: Thomas Zimemrmann <tzimmermann@suse.de>
Signed-off-by: Thomas Zimmermann <tzimmermann@suse.de>
Link: https://patchwork.freedesktop.org/patch/msgid/20201021235758.59993-1-saeed.mirzamohammadi@oracle.com

diff --git a/drivers/video/fbdev/cirrusfb.c b/drivers/video/fbdev/cirrusfb.c
index 15a9ee7..e902717 100644 (file)
--- a/drivers/video/fbdev/cirrusfb.c
+++ b/drivers/video/fbdev/cirrusfb.c
@@ -531,7 +531,7 @@ static int cirrusfb_check_var(struct fb_var_screeninfo *var,
 {
        int yres;
        /* memory size in pixels */
-       unsigned pixels = info->screen_size * 8 / var->bits_per_pixel;
+       unsigned int pixels;
        struct cirrusfb_info *cinfo = info->par;
 
        switch (var->bits_per_pixel) {
@@ -573,6 +573,7 @@ static int cirrusfb_check_var(struct fb_var_screeninfo *var,
                return -EINVAL;
        }
 
+       pixels = info->screen_size * 8 / var->bits_per_pixel;
        if (var->xres_virtual < var->xres)
                var->xres_virtual = var->xres;
        /* use highest possible virtual resolution */