Patch "fbmem: Reject FB_ACTIVATE_KD_TEXT from userspace" has been added to the 5.15-stable tree
This is a note to let you know that I've just added the patch titled fbmem: Reject FB_ACTIVATE_KD_TEXT from userspace to the 5.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: fbmem-reject-fb_activate_kd_text-from-userspace.patch and it can be found in the queue-5.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let know about it. >From 6fd33ac7916689b8f051a185defe4dd515b0 Mon Sep 17 00:00:00 2001 From: Daniel Vetter Date: Tue, 4 Apr 2023 21:39:34 +0200 Subject: fbmem: Reject FB_ACTIVATE_KD_TEXT from userspace MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit From: Daniel Vetter commit 6fd33ac7916689b8f051a185defe4dd515b0 upstream. This is an oversight from dc5bdb68b5b3 ("drm/fb-helper: Fix vt restore") - I failed to realize that nasty userspace could set this. It's not pretty to mix up kernel-internal and userspace uapi flags like this, but since the entire fb_var_screeninfo structure is uapi we'd need to either add a new parameter to the ->fb_set_par callback and fb_set_par() function, which has a _lot_ of users. Or some other fairly ugly side-channel int fb_info. Neither is a pretty prospect. Instead just correct the issue at hand by filtering out this kernel-internal flag in the ioctl handling code. Reviewed-by: Javier Martinez Canillas Acked-by: Maarten Lankhorst Signed-off-by: Daniel Vetter Fixes: dc5bdb68b5b3 ("drm/fb-helper: Fix vt restore") Cc: Alex Deucher Cc: shl...@fastmail.com Cc: Michel Dänzer Cc: Noralf Trønnes Cc: Thomas Zimmermann Cc: Daniel Vetter Cc: Maarten Lankhorst Cc: Maxime Ripard Cc: David Airlie Cc: Daniel Vetter Cc: dri-devel@lists.freedesktop.org Cc: # v5.7+ Cc: Bartlomiej Zolnierkiewicz Cc: Geert Uytterhoeven Cc: Nathan Chancellor Cc: Qiujun Huang Cc: Peter Rosin Cc: linux-fb...@vger.kernel.org Cc: Helge Deller Cc: Sam Ravnborg Cc: Geert Uytterhoeven Cc: Samuel Thibault Cc: Tetsuo Handa Cc: Shigeru Yoshida Link: https://patchwork.freedesktop.org/patch/msgid/20230404193934.472457-1-daniel.vet...@ffwll.ch Signed-off-by: Greg Kroah-Hartman --- drivers/video/fbdev/core/fbmem.c |2 ++ 1 file changed, 2 insertions(+) --- a/drivers/video/fbdev/core/fbmem.c +++ b/drivers/video/fbdev/core/fbmem.c @@ -1119,6 +1119,8 @@ static long do_fb_ioctl(struct fb_info * case FBIOPUT_VSCREENINFO: if (copy_from_user(, argp, sizeof(var))) return -EFAULT; + /* only for kernel-internal use */ + var.activate &= ~FB_ACTIVATE_KD_TEXT; console_lock(); lock_fb_info(info); ret = fbcon_modechange_possible(info, ); Patches currently in stable-queue which might be from daniel.vet...@ffwll.ch are queue-5.15/fbmem-reject-fb_activate_kd_text-from-userspace.patch
Patch "fbmem: Reject FB_ACTIVATE_KD_TEXT from userspace" has been added to the 5.10-stable tree
This is a note to let you know that I've just added the patch titled fbmem: Reject FB_ACTIVATE_KD_TEXT from userspace to the 5.10-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: fbmem-reject-fb_activate_kd_text-from-userspace.patch and it can be found in the queue-5.10 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let know about it. >From 6fd33ac7916689b8f051a185defe4dd515b0 Mon Sep 17 00:00:00 2001 From: Daniel Vetter Date: Tue, 4 Apr 2023 21:39:34 +0200 Subject: fbmem: Reject FB_ACTIVATE_KD_TEXT from userspace MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit From: Daniel Vetter commit 6fd33ac7916689b8f051a185defe4dd515b0 upstream. This is an oversight from dc5bdb68b5b3 ("drm/fb-helper: Fix vt restore") - I failed to realize that nasty userspace could set this. It's not pretty to mix up kernel-internal and userspace uapi flags like this, but since the entire fb_var_screeninfo structure is uapi we'd need to either add a new parameter to the ->fb_set_par callback and fb_set_par() function, which has a _lot_ of users. Or some other fairly ugly side-channel int fb_info. Neither is a pretty prospect. Instead just correct the issue at hand by filtering out this kernel-internal flag in the ioctl handling code. Reviewed-by: Javier Martinez Canillas Acked-by: Maarten Lankhorst Signed-off-by: Daniel Vetter Fixes: dc5bdb68b5b3 ("drm/fb-helper: Fix vt restore") Cc: Alex Deucher Cc: shl...@fastmail.com Cc: Michel Dänzer Cc: Noralf Trønnes Cc: Thomas Zimmermann Cc: Daniel Vetter Cc: Maarten Lankhorst Cc: Maxime Ripard Cc: David Airlie Cc: Daniel Vetter Cc: dri-devel@lists.freedesktop.org Cc: # v5.7+ Cc: Bartlomiej Zolnierkiewicz Cc: Geert Uytterhoeven Cc: Nathan Chancellor Cc: Qiujun Huang Cc: Peter Rosin Cc: linux-fb...@vger.kernel.org Cc: Helge Deller Cc: Sam Ravnborg Cc: Geert Uytterhoeven Cc: Samuel Thibault Cc: Tetsuo Handa Cc: Shigeru Yoshida Link: https://patchwork.freedesktop.org/patch/msgid/20230404193934.472457-1-daniel.vet...@ffwll.ch Signed-off-by: Greg Kroah-Hartman --- drivers/video/fbdev/core/fbmem.c |2 ++ 1 file changed, 2 insertions(+) --- a/drivers/video/fbdev/core/fbmem.c +++ b/drivers/video/fbdev/core/fbmem.c @@ -1117,6 +1117,8 @@ static long do_fb_ioctl(struct fb_info * case FBIOPUT_VSCREENINFO: if (copy_from_user(, argp, sizeof(var))) return -EFAULT; + /* only for kernel-internal use */ + var.activate &= ~FB_ACTIVATE_KD_TEXT; console_lock(); lock_fb_info(info); ret = fbcon_modechange_possible(info, ); Patches currently in stable-queue which might be from daniel.vet...@ffwll.ch are queue-5.10/fbmem-reject-fb_activate_kd_text-from-userspace.patch
Patch "fbmem: Reject FB_ACTIVATE_KD_TEXT from userspace" has been added to the 6.1-stable tree
This is a note to let you know that I've just added the patch titled fbmem: Reject FB_ACTIVATE_KD_TEXT from userspace to the 6.1-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: fbmem-reject-fb_activate_kd_text-from-userspace.patch and it can be found in the queue-6.1 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let know about it. >From 6fd33ac7916689b8f051a185defe4dd515b0 Mon Sep 17 00:00:00 2001 From: Daniel Vetter Date: Tue, 4 Apr 2023 21:39:34 +0200 Subject: fbmem: Reject FB_ACTIVATE_KD_TEXT from userspace MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit From: Daniel Vetter commit 6fd33ac7916689b8f051a185defe4dd515b0 upstream. This is an oversight from dc5bdb68b5b3 ("drm/fb-helper: Fix vt restore") - I failed to realize that nasty userspace could set this. It's not pretty to mix up kernel-internal and userspace uapi flags like this, but since the entire fb_var_screeninfo structure is uapi we'd need to either add a new parameter to the ->fb_set_par callback and fb_set_par() function, which has a _lot_ of users. Or some other fairly ugly side-channel int fb_info. Neither is a pretty prospect. Instead just correct the issue at hand by filtering out this kernel-internal flag in the ioctl handling code. Reviewed-by: Javier Martinez Canillas Acked-by: Maarten Lankhorst Signed-off-by: Daniel Vetter Fixes: dc5bdb68b5b3 ("drm/fb-helper: Fix vt restore") Cc: Alex Deucher Cc: shl...@fastmail.com Cc: Michel Dänzer Cc: Noralf Trønnes Cc: Thomas Zimmermann Cc: Daniel Vetter Cc: Maarten Lankhorst Cc: Maxime Ripard Cc: David Airlie Cc: Daniel Vetter Cc: dri-devel@lists.freedesktop.org Cc: # v5.7+ Cc: Bartlomiej Zolnierkiewicz Cc: Geert Uytterhoeven Cc: Nathan Chancellor Cc: Qiujun Huang Cc: Peter Rosin Cc: linux-fb...@vger.kernel.org Cc: Helge Deller Cc: Sam Ravnborg Cc: Geert Uytterhoeven Cc: Samuel Thibault Cc: Tetsuo Handa Cc: Shigeru Yoshida Link: https://patchwork.freedesktop.org/patch/msgid/20230404193934.472457-1-daniel.vet...@ffwll.ch Signed-off-by: Greg Kroah-Hartman --- drivers/video/fbdev/core/fbmem.c |2 ++ 1 file changed, 2 insertions(+) --- a/drivers/video/fbdev/core/fbmem.c +++ b/drivers/video/fbdev/core/fbmem.c @@ -1116,6 +1116,8 @@ static long do_fb_ioctl(struct fb_info * case FBIOPUT_VSCREENINFO: if (copy_from_user(, argp, sizeof(var))) return -EFAULT; + /* only for kernel-internal use */ + var.activate &= ~FB_ACTIVATE_KD_TEXT; console_lock(); lock_fb_info(info); ret = fbcon_modechange_possible(info, ); Patches currently in stable-queue which might be from daniel.vet...@ffwll.ch are queue-6.1/fbmem-reject-fb_activate_kd_text-from-userspace.patch
Patch "fbmem: Reject FB_ACTIVATE_KD_TEXT from userspace" has been added to the 6.2-stable tree
This is a note to let you know that I've just added the patch titled fbmem: Reject FB_ACTIVATE_KD_TEXT from userspace to the 6.2-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: fbmem-reject-fb_activate_kd_text-from-userspace.patch and it can be found in the queue-6.2 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let know about it. >From 6fd33ac7916689b8f051a185defe4dd515b0 Mon Sep 17 00:00:00 2001 From: Daniel Vetter Date: Tue, 4 Apr 2023 21:39:34 +0200 Subject: fbmem: Reject FB_ACTIVATE_KD_TEXT from userspace MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit From: Daniel Vetter commit 6fd33ac7916689b8f051a185defe4dd515b0 upstream. This is an oversight from dc5bdb68b5b3 ("drm/fb-helper: Fix vt restore") - I failed to realize that nasty userspace could set this. It's not pretty to mix up kernel-internal and userspace uapi flags like this, but since the entire fb_var_screeninfo structure is uapi we'd need to either add a new parameter to the ->fb_set_par callback and fb_set_par() function, which has a _lot_ of users. Or some other fairly ugly side-channel int fb_info. Neither is a pretty prospect. Instead just correct the issue at hand by filtering out this kernel-internal flag in the ioctl handling code. Reviewed-by: Javier Martinez Canillas Acked-by: Maarten Lankhorst Signed-off-by: Daniel Vetter Fixes: dc5bdb68b5b3 ("drm/fb-helper: Fix vt restore") Cc: Alex Deucher Cc: shl...@fastmail.com Cc: Michel Dänzer Cc: Noralf Trønnes Cc: Thomas Zimmermann Cc: Daniel Vetter Cc: Maarten Lankhorst Cc: Maxime Ripard Cc: David Airlie Cc: Daniel Vetter Cc: dri-devel@lists.freedesktop.org Cc: # v5.7+ Cc: Bartlomiej Zolnierkiewicz Cc: Geert Uytterhoeven Cc: Nathan Chancellor Cc: Qiujun Huang Cc: Peter Rosin Cc: linux-fb...@vger.kernel.org Cc: Helge Deller Cc: Sam Ravnborg Cc: Geert Uytterhoeven Cc: Samuel Thibault Cc: Tetsuo Handa Cc: Shigeru Yoshida Link: https://patchwork.freedesktop.org/patch/msgid/20230404193934.472457-1-daniel.vet...@ffwll.ch Signed-off-by: Greg Kroah-Hartman --- drivers/video/fbdev/core/fbmem.c |2 ++ 1 file changed, 2 insertions(+) --- a/drivers/video/fbdev/core/fbmem.c +++ b/drivers/video/fbdev/core/fbmem.c @@ -1117,6 +1117,8 @@ static long do_fb_ioctl(struct fb_info * case FBIOPUT_VSCREENINFO: if (copy_from_user(, argp, sizeof(var))) return -EFAULT; + /* only for kernel-internal use */ + var.activate &= ~FB_ACTIVATE_KD_TEXT; console_lock(); lock_fb_info(info); ret = fbcon_modechange_possible(info, ); Patches currently in stable-queue which might be from daniel.vet...@ffwll.ch are queue-6.2/fbmem-reject-fb_activate_kd_text-from-userspace.patch
Re: [PATCH] fbmem: Reject FB_ACTIVATE_KD_TEXT from userspace
Hi Daniel, On Tue, Apr 11, 2023 at 3:44 PM Daniel Vetter wrote: > On Tue, Apr 04, 2023 at 09:39:34PM +0200, Daniel Vetter wrote: > > This is an oversight from dc5bdb68b5b3 ("drm/fb-helper: Fix vt > > restore") - I failed to realize that nasty userspace could set this. > > > > It's not pretty to mix up kernel-internal and userspace uapi flags > > like this, but since the entire fb_var_screeninfo structure is uapi > > we'd need to either add a new parameter to the ->fb_set_par callback > > and fb_set_par() function, which has a _lot_ of users. Or some other > > fairly ugly side-channel int fb_info. Neither is a pretty prospect. > > > > Instead just correct the issue at hand by filtering out this > > kernel-internal flag in the ioctl handling code. > > > > Signed-off-by: Daniel Vetter > > Fixes: dc5bdb68b5b3 ("drm/fb-helper: Fix vt restore") > An Ack on this (or a better idea) would be great, so I can stuff it into > -fixes. I don't understand what the original commit this fixes is doing anyway... > > --- a/drivers/video/fbdev/core/fbmem.c > > +++ b/drivers/video/fbdev/core/fbmem.c > > @@ -1116,6 +1116,8 @@ static long do_fb_ioctl(struct fb_info *info, > > unsigned int cmd, > > case FBIOPUT_VSCREENINFO: > > if (copy_from_user(, argp, sizeof(var))) > > return -EFAULT; > > + /* only for kernel-internal use */ > > + var.activate &= ~FB_ACTIVATE_KD_TEXT; > > console_lock(); > > lock_fb_info(info); > > ret = fbcon_modechange_possible(info, ); Perhaps FB_ACTIVATE_KD_TEXT should be removed (marked as reserved) from include/uapi/linux/fb.h, too? Gr{oetje,eeting}s, Geert -- Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- ge...@linux-m68k.org In personal conversations with technical people, I call myself a hacker. But when I'm talking to journalists I just say "programmer" or something like that. -- Linus Torvalds
Re: [PATCH] fbmem: Reject FB_ACTIVATE_KD_TEXT from userspace
On Tue, Apr 11, 2023 at 04:03:24PM +0200, Javier Martinez Canillas wrote: > Daniel Vetter writes: > > > This is an oversight from dc5bdb68b5b3 ("drm/fb-helper: Fix vt > > restore") - I failed to realize that nasty userspace could set this. > > > > It's not pretty to mix up kernel-internal and userspace uapi flags > > like this, but since the entire fb_var_screeninfo structure is uapi > > we'd need to either add a new parameter to the ->fb_set_par callback > > and fb_set_par() function, which has a _lot_ of users. Or some other > > fairly ugly side-channel int fb_info. Neither is a pretty prospect. > > > > Instead just correct the issue at hand by filtering out this > > kernel-internal flag in the ioctl handling code. > > > > Signed-off-by: Daniel Vetter > > Fixes: dc5bdb68b5b3 ("drm/fb-helper: Fix vt restore") > > [..] > > > diff --git a/drivers/video/fbdev/core/fbmem.c > > b/drivers/video/fbdev/core/fbmem.c > > index 875541ff185b..3fd95a79e4c3 100644 > > --- a/drivers/video/fbdev/core/fbmem.c > > +++ b/drivers/video/fbdev/core/fbmem.c > > @@ -1116,6 +1116,8 @@ static long do_fb_ioctl(struct fb_info *info, > > unsigned int cmd, > > case FBIOPUT_VSCREENINFO: > > if (copy_from_user(, argp, sizeof(var))) > > return -EFAULT; > > + /* only for kernel-internal use */ > > + var.activate &= ~FB_ACTIVATE_KD_TEXT; > > console_lock(); > > I don't have a better idea on how to fix this and as you said the whole > struct fb_var_screeninfo is an uAPI anyways... > > Reviewed-by: Javier Martinez Canillas Thanks for taking a look, merged to drm-misc-fixes. > > -- > Best regards, > > Javier Martinez Canillas > Core Platforms > Red Hat > -- Daniel Vetter Software Engineer, Intel Corporation http://blog.ffwll.ch
Re: [PATCH] fbmem: Reject FB_ACTIVATE_KD_TEXT from userspace
Daniel Vetter writes: > This is an oversight from dc5bdb68b5b3 ("drm/fb-helper: Fix vt > restore") - I failed to realize that nasty userspace could set this. > > It's not pretty to mix up kernel-internal and userspace uapi flags > like this, but since the entire fb_var_screeninfo structure is uapi > we'd need to either add a new parameter to the ->fb_set_par callback > and fb_set_par() function, which has a _lot_ of users. Or some other > fairly ugly side-channel int fb_info. Neither is a pretty prospect. > > Instead just correct the issue at hand by filtering out this > kernel-internal flag in the ioctl handling code. > > Signed-off-by: Daniel Vetter > Fixes: dc5bdb68b5b3 ("drm/fb-helper: Fix vt restore") [..] > diff --git a/drivers/video/fbdev/core/fbmem.c > b/drivers/video/fbdev/core/fbmem.c > index 875541ff185b..3fd95a79e4c3 100644 > --- a/drivers/video/fbdev/core/fbmem.c > +++ b/drivers/video/fbdev/core/fbmem.c > @@ -1116,6 +1116,8 @@ static long do_fb_ioctl(struct fb_info *info, unsigned > int cmd, > case FBIOPUT_VSCREENINFO: > if (copy_from_user(, argp, sizeof(var))) > return -EFAULT; > + /* only for kernel-internal use */ > + var.activate &= ~FB_ACTIVATE_KD_TEXT; > console_lock(); I don't have a better idea on how to fix this and as you said the whole struct fb_var_screeninfo is an uAPI anyways... Reviewed-by: Javier Martinez Canillas -- Best regards, Javier Martinez Canillas Core Platforms Red Hat
Re: [PATCH] fbmem: Reject FB_ACTIVATE_KD_TEXT from userspace
On 2023-04-11 15:44, Daniel Vetter wrote: On Tue, Apr 04, 2023 at 09:39:34PM +0200, Daniel Vetter wrote: This is an oversight from dc5bdb68b5b3 ("drm/fb-helper: Fix vt restore") - I failed to realize that nasty userspace could set this. It's not pretty to mix up kernel-internal and userspace uapi flags like this, but since the entire fb_var_screeninfo structure is uapi we'd need to either add a new parameter to the ->fb_set_par callback and fb_set_par() function, which has a _lot_ of users. Or some other fairly ugly side-channel int fb_info. Neither is a pretty prospect. Instead just correct the issue at hand by filtering out this kernel-internal flag in the ioctl handling code. Signed-off-by: Daniel Vetter Fixes: dc5bdb68b5b3 ("drm/fb-helper: Fix vt restore") Cc: Alex Deucher Cc: shl...@fastmail.com Cc: Michel Dänzer Cc: Noralf Trønnes Cc: Thomas Zimmermann Cc: Daniel Vetter Cc: Maarten Lankhorst Cc: Maxime Ripard Cc: David Airlie Cc: Daniel Vetter Cc: dri-devel@lists.freedesktop.org Cc: # v5.7+ Cc: Bartlomiej Zolnierkiewicz Cc: Geert Uytterhoeven Cc: Nathan Chancellor Cc: Qiujun Huang Cc: Peter Rosin Cc: linux-fb...@vger.kernel.org Cc: Helge Deller Cc: Sam Ravnborg Cc: Geert Uytterhoeven Cc: Samuel Thibault Cc: Tetsuo Handa Cc: Shigeru Yoshida An Ack on this (or a better idea) would be great, so I can stuff it into -fixes. Acked-by: Maarten Lankhorst
Re: [PATCH] fbmem: Reject FB_ACTIVATE_KD_TEXT from userspace
On Tue, Apr 04, 2023 at 09:39:34PM +0200, Daniel Vetter wrote: > This is an oversight from dc5bdb68b5b3 ("drm/fb-helper: Fix vt > restore") - I failed to realize that nasty userspace could set this. > > It's not pretty to mix up kernel-internal and userspace uapi flags > like this, but since the entire fb_var_screeninfo structure is uapi > we'd need to either add a new parameter to the ->fb_set_par callback > and fb_set_par() function, which has a _lot_ of users. Or some other > fairly ugly side-channel int fb_info. Neither is a pretty prospect. > > Instead just correct the issue at hand by filtering out this > kernel-internal flag in the ioctl handling code. > > Signed-off-by: Daniel Vetter > Fixes: dc5bdb68b5b3 ("drm/fb-helper: Fix vt restore") > Cc: Alex Deucher > Cc: shl...@fastmail.com > Cc: Michel Dänzer > Cc: Noralf Trønnes > Cc: Thomas Zimmermann > Cc: Daniel Vetter > Cc: Maarten Lankhorst > Cc: Maxime Ripard > Cc: David Airlie > Cc: Daniel Vetter > Cc: dri-devel@lists.freedesktop.org > Cc: # v5.7+ > Cc: Bartlomiej Zolnierkiewicz > Cc: Geert Uytterhoeven > Cc: Nathan Chancellor > Cc: Qiujun Huang > Cc: Peter Rosin > Cc: linux-fb...@vger.kernel.org > Cc: Helge Deller > Cc: Sam Ravnborg > Cc: Geert Uytterhoeven > Cc: Samuel Thibault > Cc: Tetsuo Handa > Cc: Shigeru Yoshida An Ack on this (or a better idea) would be great, so I can stuff it into -fixes. Thanks, Daniel > --- > drivers/video/fbdev/core/fbmem.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/drivers/video/fbdev/core/fbmem.c > b/drivers/video/fbdev/core/fbmem.c > index 875541ff185b..3fd95a79e4c3 100644 > --- a/drivers/video/fbdev/core/fbmem.c > +++ b/drivers/video/fbdev/core/fbmem.c > @@ -1116,6 +1116,8 @@ static long do_fb_ioctl(struct fb_info *info, unsigned > int cmd, > case FBIOPUT_VSCREENINFO: > if (copy_from_user(, argp, sizeof(var))) > return -EFAULT; > + /* only for kernel-internal use */ > + var.activate &= ~FB_ACTIVATE_KD_TEXT; > console_lock(); > lock_fb_info(info); > ret = fbcon_modechange_possible(info, ); > -- > 2.40.0 > -- Daniel Vetter Software Engineer, Intel Corporation http://blog.ffwll.ch
[PATCH] fbmem: Reject FB_ACTIVATE_KD_TEXT from userspace
This is an oversight from dc5bdb68b5b3 ("drm/fb-helper: Fix vt restore") - I failed to realize that nasty userspace could set this. It's not pretty to mix up kernel-internal and userspace uapi flags like this, but since the entire fb_var_screeninfo structure is uapi we'd need to either add a new parameter to the ->fb_set_par callback and fb_set_par() function, which has a _lot_ of users. Or some other fairly ugly side-channel int fb_info. Neither is a pretty prospect. Instead just correct the issue at hand by filtering out this kernel-internal flag in the ioctl handling code. Signed-off-by: Daniel Vetter Fixes: dc5bdb68b5b3 ("drm/fb-helper: Fix vt restore") Cc: Alex Deucher Cc: shl...@fastmail.com Cc: Michel Dänzer Cc: Noralf Trønnes Cc: Thomas Zimmermann Cc: Daniel Vetter Cc: Maarten Lankhorst Cc: Maxime Ripard Cc: David Airlie Cc: Daniel Vetter Cc: dri-devel@lists.freedesktop.org Cc: # v5.7+ Cc: Bartlomiej Zolnierkiewicz Cc: Geert Uytterhoeven Cc: Nathan Chancellor Cc: Qiujun Huang Cc: Peter Rosin Cc: linux-fb...@vger.kernel.org Cc: Helge Deller Cc: Sam Ravnborg Cc: Geert Uytterhoeven Cc: Samuel Thibault Cc: Tetsuo Handa Cc: Shigeru Yoshida --- drivers/video/fbdev/core/fbmem.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/video/fbdev/core/fbmem.c b/drivers/video/fbdev/core/fbmem.c index 875541ff185b..3fd95a79e4c3 100644 --- a/drivers/video/fbdev/core/fbmem.c +++ b/drivers/video/fbdev/core/fbmem.c @@ -1116,6 +1116,8 @@ static long do_fb_ioctl(struct fb_info *info, unsigned int cmd, case FBIOPUT_VSCREENINFO: if (copy_from_user(, argp, sizeof(var))) return -EFAULT; + /* only for kernel-internal use */ + var.activate &= ~FB_ACTIVATE_KD_TEXT; console_lock(); lock_fb_info(info); ret = fbcon_modechange_possible(info, ); -- 2.40.0