Patch "fbmem: Reject FB_ACTIVATE_KD_TEXT from userspace" has been added to the 5.15-stable tree
This is a note to let you know that I've just added the patch titled
fbmem: Reject FB_ACTIVATE_KD_TEXT from userspace
to the 5.15-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
fbmem-reject-fb_activate_kd_text-from-userspace.patch
and it can be found in the queue-5.15 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let know about it.
>From 6fd33ac7916689b8f051a185defe4dd515b0 Mon Sep 17 00:00:00 2001
From: Daniel Vetter
Date: Tue, 4 Apr 2023 21:39:34 +0200
Subject: fbmem: Reject FB_ACTIVATE_KD_TEXT from userspace
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
From: Daniel Vetter
commit 6fd33ac7916689b8f051a185defe4dd515b0 upstream.
This is an oversight from dc5bdb68b5b3 ("drm/fb-helper: Fix vt
restore") - I failed to realize that nasty userspace could set this.
It's not pretty to mix up kernel-internal and userspace uapi flags
like this, but since the entire fb_var_screeninfo structure is uapi
we'd need to either add a new parameter to the ->fb_set_par callback
and fb_set_par() function, which has a _lot_ of users. Or some other
fairly ugly side-channel int fb_info. Neither is a pretty prospect.
Instead just correct the issue at hand by filtering out this
kernel-internal flag in the ioctl handling code.
Reviewed-by: Javier Martinez Canillas
Acked-by: Maarten Lankhorst
Signed-off-by: Daniel Vetter
Fixes: dc5bdb68b5b3 ("drm/fb-helper: Fix vt restore")
Cc: Alex Deucher
Cc: shl...@fastmail.com
Cc: Michel Dänzer
Cc: Noralf Trønnes
Cc: Thomas Zimmermann
Cc: Daniel Vetter
Cc: Maarten Lankhorst
Cc: Maxime Ripard
Cc: David Airlie
Cc: Daniel Vetter
Cc: dri-devel@lists.freedesktop.org
Cc: # v5.7+
Cc: Bartlomiej Zolnierkiewicz
Cc: Geert Uytterhoeven
Cc: Nathan Chancellor
Cc: Qiujun Huang
Cc: Peter Rosin
Cc: linux-fb...@vger.kernel.org
Cc: Helge Deller
Cc: Sam Ravnborg
Cc: Geert Uytterhoeven
Cc: Samuel Thibault
Cc: Tetsuo Handa
Cc: Shigeru Yoshida
Link:
https://patchwork.freedesktop.org/patch/msgid/20230404193934.472457-1-daniel.vet...@ffwll.ch
Signed-off-by: Greg Kroah-Hartman
---
drivers/video/fbdev/core/fbmem.c |2 ++
1 file changed, 2 insertions(+)
--- a/drivers/video/fbdev/core/fbmem.c
+++ b/drivers/video/fbdev/core/fbmem.c
@@ -1119,6 +1119,8 @@ static long do_fb_ioctl(struct fb_info *
case FBIOPUT_VSCREENINFO:
if (copy_from_user(, argp, sizeof(var)))
return -EFAULT;
+ /* only for kernel-internal use */
+ var.activate &= ~FB_ACTIVATE_KD_TEXT;
console_lock();
lock_fb_info(info);
ret = fbcon_modechange_possible(info, );
Patches currently in stable-queue which might be from daniel.vet...@ffwll.ch are
queue-5.15/fbmem-reject-fb_activate_kd_text-from-userspace.patch
Patch "fbmem: Reject FB_ACTIVATE_KD_TEXT from userspace" has been added to the 5.10-stable tree
This is a note to let you know that I've just added the patch titled
fbmem: Reject FB_ACTIVATE_KD_TEXT from userspace
to the 5.10-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
fbmem-reject-fb_activate_kd_text-from-userspace.patch
and it can be found in the queue-5.10 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let know about it.
>From 6fd33ac7916689b8f051a185defe4dd515b0 Mon Sep 17 00:00:00 2001
From: Daniel Vetter
Date: Tue, 4 Apr 2023 21:39:34 +0200
Subject: fbmem: Reject FB_ACTIVATE_KD_TEXT from userspace
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
From: Daniel Vetter
commit 6fd33ac7916689b8f051a185defe4dd515b0 upstream.
This is an oversight from dc5bdb68b5b3 ("drm/fb-helper: Fix vt
restore") - I failed to realize that nasty userspace could set this.
It's not pretty to mix up kernel-internal and userspace uapi flags
like this, but since the entire fb_var_screeninfo structure is uapi
we'd need to either add a new parameter to the ->fb_set_par callback
and fb_set_par() function, which has a _lot_ of users. Or some other
fairly ugly side-channel int fb_info. Neither is a pretty prospect.
Instead just correct the issue at hand by filtering out this
kernel-internal flag in the ioctl handling code.
Reviewed-by: Javier Martinez Canillas
Acked-by: Maarten Lankhorst
Signed-off-by: Daniel Vetter
Fixes: dc5bdb68b5b3 ("drm/fb-helper: Fix vt restore")
Cc: Alex Deucher
Cc: shl...@fastmail.com
Cc: Michel Dänzer
Cc: Noralf Trønnes
Cc: Thomas Zimmermann
Cc: Daniel Vetter
Cc: Maarten Lankhorst
Cc: Maxime Ripard
Cc: David Airlie
Cc: Daniel Vetter
Cc: dri-devel@lists.freedesktop.org
Cc: # v5.7+
Cc: Bartlomiej Zolnierkiewicz
Cc: Geert Uytterhoeven
Cc: Nathan Chancellor
Cc: Qiujun Huang
Cc: Peter Rosin
Cc: linux-fb...@vger.kernel.org
Cc: Helge Deller
Cc: Sam Ravnborg
Cc: Geert Uytterhoeven
Cc: Samuel Thibault
Cc: Tetsuo Handa
Cc: Shigeru Yoshida
Link:
https://patchwork.freedesktop.org/patch/msgid/20230404193934.472457-1-daniel.vet...@ffwll.ch
Signed-off-by: Greg Kroah-Hartman
---
drivers/video/fbdev/core/fbmem.c |2 ++
1 file changed, 2 insertions(+)
--- a/drivers/video/fbdev/core/fbmem.c
+++ b/drivers/video/fbdev/core/fbmem.c
@@ -1117,6 +1117,8 @@ static long do_fb_ioctl(struct fb_info *
case FBIOPUT_VSCREENINFO:
if (copy_from_user(, argp, sizeof(var)))
return -EFAULT;
+ /* only for kernel-internal use */
+ var.activate &= ~FB_ACTIVATE_KD_TEXT;
console_lock();
lock_fb_info(info);
ret = fbcon_modechange_possible(info, );
Patches currently in stable-queue which might be from daniel.vet...@ffwll.ch are
queue-5.10/fbmem-reject-fb_activate_kd_text-from-userspace.patch
Patch "fbmem: Reject FB_ACTIVATE_KD_TEXT from userspace" has been added to the 6.1-stable tree
This is a note to let you know that I've just added the patch titled
fbmem: Reject FB_ACTIVATE_KD_TEXT from userspace
to the 6.1-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
fbmem-reject-fb_activate_kd_text-from-userspace.patch
and it can be found in the queue-6.1 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let know about it.
>From 6fd33ac7916689b8f051a185defe4dd515b0 Mon Sep 17 00:00:00 2001
From: Daniel Vetter
Date: Tue, 4 Apr 2023 21:39:34 +0200
Subject: fbmem: Reject FB_ACTIVATE_KD_TEXT from userspace
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
From: Daniel Vetter
commit 6fd33ac7916689b8f051a185defe4dd515b0 upstream.
This is an oversight from dc5bdb68b5b3 ("drm/fb-helper: Fix vt
restore") - I failed to realize that nasty userspace could set this.
It's not pretty to mix up kernel-internal and userspace uapi flags
like this, but since the entire fb_var_screeninfo structure is uapi
we'd need to either add a new parameter to the ->fb_set_par callback
and fb_set_par() function, which has a _lot_ of users. Or some other
fairly ugly side-channel int fb_info. Neither is a pretty prospect.
Instead just correct the issue at hand by filtering out this
kernel-internal flag in the ioctl handling code.
Reviewed-by: Javier Martinez Canillas
Acked-by: Maarten Lankhorst
Signed-off-by: Daniel Vetter
Fixes: dc5bdb68b5b3 ("drm/fb-helper: Fix vt restore")
Cc: Alex Deucher
Cc: shl...@fastmail.com
Cc: Michel Dänzer
Cc: Noralf Trønnes
Cc: Thomas Zimmermann
Cc: Daniel Vetter
Cc: Maarten Lankhorst
Cc: Maxime Ripard
Cc: David Airlie
Cc: Daniel Vetter
Cc: dri-devel@lists.freedesktop.org
Cc: # v5.7+
Cc: Bartlomiej Zolnierkiewicz
Cc: Geert Uytterhoeven
Cc: Nathan Chancellor
Cc: Qiujun Huang
Cc: Peter Rosin
Cc: linux-fb...@vger.kernel.org
Cc: Helge Deller
Cc: Sam Ravnborg
Cc: Geert Uytterhoeven
Cc: Samuel Thibault
Cc: Tetsuo Handa
Cc: Shigeru Yoshida
Link:
https://patchwork.freedesktop.org/patch/msgid/20230404193934.472457-1-daniel.vet...@ffwll.ch
Signed-off-by: Greg Kroah-Hartman
---
drivers/video/fbdev/core/fbmem.c |2 ++
1 file changed, 2 insertions(+)
--- a/drivers/video/fbdev/core/fbmem.c
+++ b/drivers/video/fbdev/core/fbmem.c
@@ -1116,6 +1116,8 @@ static long do_fb_ioctl(struct fb_info *
case FBIOPUT_VSCREENINFO:
if (copy_from_user(, argp, sizeof(var)))
return -EFAULT;
+ /* only for kernel-internal use */
+ var.activate &= ~FB_ACTIVATE_KD_TEXT;
console_lock();
lock_fb_info(info);
ret = fbcon_modechange_possible(info, );
Patches currently in stable-queue which might be from daniel.vet...@ffwll.ch are
queue-6.1/fbmem-reject-fb_activate_kd_text-from-userspace.patch
Patch "fbmem: Reject FB_ACTIVATE_KD_TEXT from userspace" has been added to the 6.2-stable tree
This is a note to let you know that I've just added the patch titled
fbmem: Reject FB_ACTIVATE_KD_TEXT from userspace
to the 6.2-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
fbmem-reject-fb_activate_kd_text-from-userspace.patch
and it can be found in the queue-6.2 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let know about it.
>From 6fd33ac7916689b8f051a185defe4dd515b0 Mon Sep 17 00:00:00 2001
From: Daniel Vetter
Date: Tue, 4 Apr 2023 21:39:34 +0200
Subject: fbmem: Reject FB_ACTIVATE_KD_TEXT from userspace
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
From: Daniel Vetter
commit 6fd33ac7916689b8f051a185defe4dd515b0 upstream.
This is an oversight from dc5bdb68b5b3 ("drm/fb-helper: Fix vt
restore") - I failed to realize that nasty userspace could set this.
It's not pretty to mix up kernel-internal and userspace uapi flags
like this, but since the entire fb_var_screeninfo structure is uapi
we'd need to either add a new parameter to the ->fb_set_par callback
and fb_set_par() function, which has a _lot_ of users. Or some other
fairly ugly side-channel int fb_info. Neither is a pretty prospect.
Instead just correct the issue at hand by filtering out this
kernel-internal flag in the ioctl handling code.
Reviewed-by: Javier Martinez Canillas
Acked-by: Maarten Lankhorst
Signed-off-by: Daniel Vetter
Fixes: dc5bdb68b5b3 ("drm/fb-helper: Fix vt restore")
Cc: Alex Deucher
Cc: shl...@fastmail.com
Cc: Michel Dänzer
Cc: Noralf Trønnes
Cc: Thomas Zimmermann
Cc: Daniel Vetter
Cc: Maarten Lankhorst
Cc: Maxime Ripard
Cc: David Airlie
Cc: Daniel Vetter
Cc: dri-devel@lists.freedesktop.org
Cc: # v5.7+
Cc: Bartlomiej Zolnierkiewicz
Cc: Geert Uytterhoeven
Cc: Nathan Chancellor
Cc: Qiujun Huang
Cc: Peter Rosin
Cc: linux-fb...@vger.kernel.org
Cc: Helge Deller
Cc: Sam Ravnborg
Cc: Geert Uytterhoeven
Cc: Samuel Thibault
Cc: Tetsuo Handa
Cc: Shigeru Yoshida
Link:
https://patchwork.freedesktop.org/patch/msgid/20230404193934.472457-1-daniel.vet...@ffwll.ch
Signed-off-by: Greg Kroah-Hartman
---
drivers/video/fbdev/core/fbmem.c |2 ++
1 file changed, 2 insertions(+)
--- a/drivers/video/fbdev/core/fbmem.c
+++ b/drivers/video/fbdev/core/fbmem.c
@@ -1117,6 +1117,8 @@ static long do_fb_ioctl(struct fb_info *
case FBIOPUT_VSCREENINFO:
if (copy_from_user(, argp, sizeof(var)))
return -EFAULT;
+ /* only for kernel-internal use */
+ var.activate &= ~FB_ACTIVATE_KD_TEXT;
console_lock();
lock_fb_info(info);
ret = fbcon_modechange_possible(info, );
Patches currently in stable-queue which might be from daniel.vet...@ffwll.ch are
queue-6.2/fbmem-reject-fb_activate_kd_text-from-userspace.patch
Re: [PATCH] fbmem: Reject FB_ACTIVATE_KD_TEXT from userspace
Hi Daniel,
On Tue, Apr 11, 2023 at 3:44 PM Daniel Vetter wrote:
> On Tue, Apr 04, 2023 at 09:39:34PM +0200, Daniel Vetter wrote:
> > This is an oversight from dc5bdb68b5b3 ("drm/fb-helper: Fix vt
> > restore") - I failed to realize that nasty userspace could set this.
> >
> > It's not pretty to mix up kernel-internal and userspace uapi flags
> > like this, but since the entire fb_var_screeninfo structure is uapi
> > we'd need to either add a new parameter to the ->fb_set_par callback
> > and fb_set_par() function, which has a _lot_ of users. Or some other
> > fairly ugly side-channel int fb_info. Neither is a pretty prospect.
> >
> > Instead just correct the issue at hand by filtering out this
> > kernel-internal flag in the ioctl handling code.
> >
> > Signed-off-by: Daniel Vetter
> > Fixes: dc5bdb68b5b3 ("drm/fb-helper: Fix vt restore")
> An Ack on this (or a better idea) would be great, so I can stuff it into
> -fixes.
I don't understand what the original commit this fixes is doing anyway...
> > --- a/drivers/video/fbdev/core/fbmem.c
> > +++ b/drivers/video/fbdev/core/fbmem.c
> > @@ -1116,6 +1116,8 @@ static long do_fb_ioctl(struct fb_info *info,
> > unsigned int cmd,
> > case FBIOPUT_VSCREENINFO:
> > if (copy_from_user(, argp, sizeof(var)))
> > return -EFAULT;
> > + /* only for kernel-internal use */
> > + var.activate &= ~FB_ACTIVATE_KD_TEXT;
> > console_lock();
> > lock_fb_info(info);
> > ret = fbcon_modechange_possible(info, );
Perhaps FB_ACTIVATE_KD_TEXT should be removed (marked as
reserved) from include/uapi/linux/fb.h, too?
Gr{oetje,eeting}s,
Geert
--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- ge...@linux-m68k.org
In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
-- Linus Torvalds
Re: [PATCH] fbmem: Reject FB_ACTIVATE_KD_TEXT from userspace
On Tue, Apr 11, 2023 at 04:03:24PM +0200, Javier Martinez Canillas wrote:
> Daniel Vetter writes:
>
> > This is an oversight from dc5bdb68b5b3 ("drm/fb-helper: Fix vt
> > restore") - I failed to realize that nasty userspace could set this.
> >
> > It's not pretty to mix up kernel-internal and userspace uapi flags
> > like this, but since the entire fb_var_screeninfo structure is uapi
> > we'd need to either add a new parameter to the ->fb_set_par callback
> > and fb_set_par() function, which has a _lot_ of users. Or some other
> > fairly ugly side-channel int fb_info. Neither is a pretty prospect.
> >
> > Instead just correct the issue at hand by filtering out this
> > kernel-internal flag in the ioctl handling code.
> >
> > Signed-off-by: Daniel Vetter
> > Fixes: dc5bdb68b5b3 ("drm/fb-helper: Fix vt restore")
>
> [..]
>
> > diff --git a/drivers/video/fbdev/core/fbmem.c
> > b/drivers/video/fbdev/core/fbmem.c
> > index 875541ff185b..3fd95a79e4c3 100644
> > --- a/drivers/video/fbdev/core/fbmem.c
> > +++ b/drivers/video/fbdev/core/fbmem.c
> > @@ -1116,6 +1116,8 @@ static long do_fb_ioctl(struct fb_info *info,
> > unsigned int cmd,
> > case FBIOPUT_VSCREENINFO:
> > if (copy_from_user(, argp, sizeof(var)))
> > return -EFAULT;
> > + /* only for kernel-internal use */
> > + var.activate &= ~FB_ACTIVATE_KD_TEXT;
> > console_lock();
>
> I don't have a better idea on how to fix this and as you said the whole
> struct fb_var_screeninfo is an uAPI anyways...
>
> Reviewed-by: Javier Martinez Canillas
Thanks for taking a look, merged to drm-misc-fixes.
>
> --
> Best regards,
>
> Javier Martinez Canillas
> Core Platforms
> Red Hat
>
--
Daniel Vetter
Software Engineer, Intel Corporation
http://blog.ffwll.ch
Re: [PATCH] fbmem: Reject FB_ACTIVATE_KD_TEXT from userspace
Daniel Vetter writes:
> This is an oversight from dc5bdb68b5b3 ("drm/fb-helper: Fix vt
> restore") - I failed to realize that nasty userspace could set this.
>
> It's not pretty to mix up kernel-internal and userspace uapi flags
> like this, but since the entire fb_var_screeninfo structure is uapi
> we'd need to either add a new parameter to the ->fb_set_par callback
> and fb_set_par() function, which has a _lot_ of users. Or some other
> fairly ugly side-channel int fb_info. Neither is a pretty prospect.
>
> Instead just correct the issue at hand by filtering out this
> kernel-internal flag in the ioctl handling code.
>
> Signed-off-by: Daniel Vetter
> Fixes: dc5bdb68b5b3 ("drm/fb-helper: Fix vt restore")
[..]
> diff --git a/drivers/video/fbdev/core/fbmem.c
> b/drivers/video/fbdev/core/fbmem.c
> index 875541ff185b..3fd95a79e4c3 100644
> --- a/drivers/video/fbdev/core/fbmem.c
> +++ b/drivers/video/fbdev/core/fbmem.c
> @@ -1116,6 +1116,8 @@ static long do_fb_ioctl(struct fb_info *info, unsigned
> int cmd,
> case FBIOPUT_VSCREENINFO:
> if (copy_from_user(, argp, sizeof(var)))
> return -EFAULT;
> + /* only for kernel-internal use */
> + var.activate &= ~FB_ACTIVATE_KD_TEXT;
> console_lock();
I don't have a better idea on how to fix this and as you said the whole
struct fb_var_screeninfo is an uAPI anyways...
Reviewed-by: Javier Martinez Canillas
--
Best regards,
Javier Martinez Canillas
Core Platforms
Red Hat
Re: [PATCH] fbmem: Reject FB_ACTIVATE_KD_TEXT from userspace
On 2023-04-11 15:44, Daniel Vetter wrote:
On Tue, Apr 04, 2023 at 09:39:34PM +0200, Daniel Vetter wrote:
This is an oversight from dc5bdb68b5b3 ("drm/fb-helper: Fix vt
restore") - I failed to realize that nasty userspace could set this.
It's not pretty to mix up kernel-internal and userspace uapi flags
like this, but since the entire fb_var_screeninfo structure is uapi
we'd need to either add a new parameter to the ->fb_set_par callback
and fb_set_par() function, which has a _lot_ of users. Or some other
fairly ugly side-channel int fb_info. Neither is a pretty prospect.
Instead just correct the issue at hand by filtering out this
kernel-internal flag in the ioctl handling code.
Signed-off-by: Daniel Vetter
Fixes: dc5bdb68b5b3 ("drm/fb-helper: Fix vt restore")
Cc: Alex Deucher
Cc: shl...@fastmail.com
Cc: Michel Dänzer
Cc: Noralf Trønnes
Cc: Thomas Zimmermann
Cc: Daniel Vetter
Cc: Maarten Lankhorst
Cc: Maxime Ripard
Cc: David Airlie
Cc: Daniel Vetter
Cc: dri-devel@lists.freedesktop.org
Cc: # v5.7+
Cc: Bartlomiej Zolnierkiewicz
Cc: Geert Uytterhoeven
Cc: Nathan Chancellor
Cc: Qiujun Huang
Cc: Peter Rosin
Cc: linux-fb...@vger.kernel.org
Cc: Helge Deller
Cc: Sam Ravnborg
Cc: Geert Uytterhoeven
Cc: Samuel Thibault
Cc: Tetsuo Handa
Cc: Shigeru Yoshida
An Ack on this (or a better idea) would be great, so I can stuff it into
-fixes.
Acked-by: Maarten Lankhorst
Re: [PATCH] fbmem: Reject FB_ACTIVATE_KD_TEXT from userspace
On Tue, Apr 04, 2023 at 09:39:34PM +0200, Daniel Vetter wrote:
> This is an oversight from dc5bdb68b5b3 ("drm/fb-helper: Fix vt
> restore") - I failed to realize that nasty userspace could set this.
>
> It's not pretty to mix up kernel-internal and userspace uapi flags
> like this, but since the entire fb_var_screeninfo structure is uapi
> we'd need to either add a new parameter to the ->fb_set_par callback
> and fb_set_par() function, which has a _lot_ of users. Or some other
> fairly ugly side-channel int fb_info. Neither is a pretty prospect.
>
> Instead just correct the issue at hand by filtering out this
> kernel-internal flag in the ioctl handling code.
>
> Signed-off-by: Daniel Vetter
> Fixes: dc5bdb68b5b3 ("drm/fb-helper: Fix vt restore")
> Cc: Alex Deucher
> Cc: shl...@fastmail.com
> Cc: Michel Dänzer
> Cc: Noralf Trønnes
> Cc: Thomas Zimmermann
> Cc: Daniel Vetter
> Cc: Maarten Lankhorst
> Cc: Maxime Ripard
> Cc: David Airlie
> Cc: Daniel Vetter
> Cc: dri-devel@lists.freedesktop.org
> Cc: # v5.7+
> Cc: Bartlomiej Zolnierkiewicz
> Cc: Geert Uytterhoeven
> Cc: Nathan Chancellor
> Cc: Qiujun Huang
> Cc: Peter Rosin
> Cc: linux-fb...@vger.kernel.org
> Cc: Helge Deller
> Cc: Sam Ravnborg
> Cc: Geert Uytterhoeven
> Cc: Samuel Thibault
> Cc: Tetsuo Handa
> Cc: Shigeru Yoshida
An Ack on this (or a better idea) would be great, so I can stuff it into
-fixes.
Thanks, Daniel
> ---
> drivers/video/fbdev/core/fbmem.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/drivers/video/fbdev/core/fbmem.c
> b/drivers/video/fbdev/core/fbmem.c
> index 875541ff185b..3fd95a79e4c3 100644
> --- a/drivers/video/fbdev/core/fbmem.c
> +++ b/drivers/video/fbdev/core/fbmem.c
> @@ -1116,6 +1116,8 @@ static long do_fb_ioctl(struct fb_info *info, unsigned
> int cmd,
> case FBIOPUT_VSCREENINFO:
> if (copy_from_user(, argp, sizeof(var)))
> return -EFAULT;
> + /* only for kernel-internal use */
> + var.activate &= ~FB_ACTIVATE_KD_TEXT;
> console_lock();
> lock_fb_info(info);
> ret = fbcon_modechange_possible(info, );
> --
> 2.40.0
>
--
Daniel Vetter
Software Engineer, Intel Corporation
http://blog.ffwll.ch
[PATCH] fbmem: Reject FB_ACTIVATE_KD_TEXT from userspace
This is an oversight from dc5bdb68b5b3 ("drm/fb-helper: Fix vt
restore") - I failed to realize that nasty userspace could set this.
It's not pretty to mix up kernel-internal and userspace uapi flags
like this, but since the entire fb_var_screeninfo structure is uapi
we'd need to either add a new parameter to the ->fb_set_par callback
and fb_set_par() function, which has a _lot_ of users. Or some other
fairly ugly side-channel int fb_info. Neither is a pretty prospect.
Instead just correct the issue at hand by filtering out this
kernel-internal flag in the ioctl handling code.
Signed-off-by: Daniel Vetter
Fixes: dc5bdb68b5b3 ("drm/fb-helper: Fix vt restore")
Cc: Alex Deucher
Cc: shl...@fastmail.com
Cc: Michel Dänzer
Cc: Noralf Trønnes
Cc: Thomas Zimmermann
Cc: Daniel Vetter
Cc: Maarten Lankhorst
Cc: Maxime Ripard
Cc: David Airlie
Cc: Daniel Vetter
Cc: dri-devel@lists.freedesktop.org
Cc: # v5.7+
Cc: Bartlomiej Zolnierkiewicz
Cc: Geert Uytterhoeven
Cc: Nathan Chancellor
Cc: Qiujun Huang
Cc: Peter Rosin
Cc: linux-fb...@vger.kernel.org
Cc: Helge Deller
Cc: Sam Ravnborg
Cc: Geert Uytterhoeven
Cc: Samuel Thibault
Cc: Tetsuo Handa
Cc: Shigeru Yoshida
---
drivers/video/fbdev/core/fbmem.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/video/fbdev/core/fbmem.c b/drivers/video/fbdev/core/fbmem.c
index 875541ff185b..3fd95a79e4c3 100644
--- a/drivers/video/fbdev/core/fbmem.c
+++ b/drivers/video/fbdev/core/fbmem.c
@@ -1116,6 +1116,8 @@ static long do_fb_ioctl(struct fb_info *info, unsigned
int cmd,
case FBIOPUT_VSCREENINFO:
if (copy_from_user(, argp, sizeof(var)))
return -EFAULT;
+ /* only for kernel-internal use */
+ var.activate &= ~FB_ACTIVATE_KD_TEXT;
console_lock();
lock_fb_info(info);
ret = fbcon_modechange_possible(info, );
--
2.40.0
