linux-fbdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH AUTOSEL 5.12 5/5] tty: vt: always invoke vc->vc_sw->con_resize callback
       [not found] <20210518010940.1485417-1-sashal@kernel.org>
@ 2021-05-18  1:09 ` Sasha Levin
  2021-05-18  1:35   ` Linus Torvalds
  0 siblings, 1 reply; 6+ messages in thread
From: Sasha Levin @ 2021-05-18  1:09 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Tetsuo Handa, syzbot, Linus Torvalds, Sasha Levin, dri-devel,
	linux-fbdev

From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>

[ Upstream commit ffb324e6f874121f7dce5bdae5e05d02baae7269 ]

syzbot is reporting OOB write at vga16fb_imageblit() [1], for
resize_screen() from ioctl(VT_RESIZE) returns 0 without checking whether
requested rows/columns fit the amount of memory reserved for the graphical
screen if current mode is KD_GRAPHICS.

----------
  #include <sys/types.h>
  #include <sys/stat.h>
  #include <fcntl.h>
  #include <sys/ioctl.h>
  #include <linux/kd.h>
  #include <linux/vt.h>

  int main(int argc, char *argv[])
  {
        const int fd = open("/dev/char/4:1", O_RDWR);
        struct vt_sizes vt = { 0x4100, 2 };

        ioctl(fd, KDSETMODE, KD_GRAPHICS);
        ioctl(fd, VT_RESIZE, &vt);
        ioctl(fd, KDSETMODE, KD_TEXT);
        return 0;
  }
----------

Allow framebuffer drivers to return -EINVAL, by moving vc->vc_mode !=
KD_GRAPHICS check from resize_screen() to fbcon_resize().

Link: https://syzkaller.appspot.com/bug?extid=1f29e126cf461c4de3b3 [1]
Reported-by: syzbot <syzbot+1f29e126cf461c4de3b3@syzkaller.appspotmail.com>
Suggested-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Tested-by: syzbot <syzbot+1f29e126cf461c4de3b3@syzkaller.appspotmail.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/tty/vt/vt.c              | 2 +-
 drivers/video/fbdev/core/fbcon.c | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/tty/vt/vt.c b/drivers/tty/vt/vt.c
index 0cc360da5426..53cbf2c3f033 100644
--- a/drivers/tty/vt/vt.c
+++ b/drivers/tty/vt/vt.c
@@ -1171,7 +1171,7 @@ static inline int resize_screen(struct vc_data *vc, int width, int height,
 	/* Resizes the resolution of the display adapater */
 	int err = 0;
 
-	if (vc->vc_mode != KD_GRAPHICS && vc->vc_sw->con_resize)
+	if (vc->vc_sw->con_resize)
 		err = vc->vc_sw->con_resize(vc, width, height, user);
 
 	return err;
diff --git a/drivers/video/fbdev/core/fbcon.c b/drivers/video/fbdev/core/fbcon.c
index 3406067985b1..22bb3892f6bd 100644
--- a/drivers/video/fbdev/core/fbcon.c
+++ b/drivers/video/fbdev/core/fbcon.c
@@ -2019,7 +2019,7 @@ static int fbcon_resize(struct vc_data *vc, unsigned int width,
 			return -EINVAL;
 
 		pr_debug("resize now %ix%i\n", var.xres, var.yres);
-		if (con_is_visible(vc)) {
+		if (con_is_visible(vc) && vc->vc_mode == KD_TEXT) {
 			var.activate = FB_ACTIVATE_NOW |
 				FB_ACTIVATE_FORCE;
 			fb_set_var(info, &var);
-- 
2.30.2


^ permalink raw reply related	[flat|nested] 6+ messages in thread
* Re: [PATCH AUTOSEL 5.12 5/5] tty: vt: always invoke vc->vc_sw->con_resize callback
  2021-05-18  1:09 ` [PATCH AUTOSEL 5.12 5/5] tty: vt: always invoke vc->vc_sw->con_resize callback Sasha Levin
@ 2021-05-18  1:35   ` Linus Torvalds
  2021-05-18  5:45     ` Greg KH
  0 siblings, 1 reply; 6+ messages in thread
From: Linus Torvalds @ 2021-05-18  1:35 UTC (permalink / raw)
  To: Sasha Levin
  Cc: Linux Kernel Mailing List, stable, Tetsuo Handa, syzbot,
	dri-devel, Linux Fbdev development list

On Mon, May 17, 2021 at 6:09 PM Sasha Levin <sashal@kernel.org> wrote:
>
> From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
>
> [ Upstream commit ffb324e6f874121f7dce5bdae5e05d02baae7269 ]

So I think the commit is fine, and yes, it should be applied to
stable, but it's one of those "there were three different patches in
as many days to fix the problem, and this is the right one, but maybe
stable should hold off for a while to see that there aren't any
problem reports".

I don't think there will be any problems from this, but while the
patch is tiny, it's conceptually quite a big change to something that
people haven't really touched for a long time.

So use your own judgement, but it might be a good idea to wait a week
before backporting this to see if anything screams.

          Linus

^ permalink raw reply	[flat|nested] 6+ messages in thread
* Re: [PATCH AUTOSEL 5.12 5/5] tty: vt: always invoke vc->vc_sw->con_resize callback
  2021-05-18  1:35   ` Linus Torvalds
@ 2021-05-18  5:45     ` Greg KH
  2021-05-18 13:22       ` Sasha Levin
  2021-05-24 12:00       ` Greg KH
  0 siblings, 2 replies; 6+ messages in thread
From: Greg KH @ 2021-05-18  5:45 UTC (permalink / raw)
  To: Linus Torvalds
  Cc: Sasha Levin, Linux Kernel Mailing List, stable, Tetsuo Handa,
	syzbot, dri-devel, Linux Fbdev development list

On Mon, May 17, 2021 at 06:35:24PM -0700, Linus Torvalds wrote:
> On Mon, May 17, 2021 at 6:09 PM Sasha Levin <sashal@kernel.org> wrote:
> >
> > From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
> >
> > [ Upstream commit ffb324e6f874121f7dce5bdae5e05d02baae7269 ]
> 
> So I think the commit is fine, and yes, it should be applied to
> stable, but it's one of those "there were three different patches in
> as many days to fix the problem, and this is the right one, but maybe
> stable should hold off for a while to see that there aren't any
> problem reports".
> 
> I don't think there will be any problems from this, but while the
> patch is tiny, it's conceptually quite a big change to something that
> people haven't really touched for a long time.
> 
> So use your own judgement, but it might be a good idea to wait a week
> before backporting this to see if anything screams.

I was going to wait a few weeks for this, and the other vt patches that
were marked with cc: stable@ before queueing them up.

thanks,

greg k-h

^ permalink raw reply	[flat|nested] 6+ messages in thread
* Re: [PATCH AUTOSEL 5.12 5/5] tty: vt: always invoke vc->vc_sw->con_resize callback
  2021-05-18  5:45     ` Greg KH
@ 2021-05-18 13:22       ` Sasha Levin
  2021-05-18 13:34         ` Greg KH
  2021-05-24 12:00       ` Greg KH
  1 sibling, 1 reply; 6+ messages in thread
From: Sasha Levin @ 2021-05-18 13:22 UTC (permalink / raw)
  To: Greg KH
  Cc: Linus Torvalds, Linux Kernel Mailing List, stable, Tetsuo Handa,
	syzbot, dri-devel, Linux Fbdev development list

On Tue, May 18, 2021 at 07:45:59AM +0200, Greg KH wrote:
>On Mon, May 17, 2021 at 06:35:24PM -0700, Linus Torvalds wrote:
>> On Mon, May 17, 2021 at 6:09 PM Sasha Levin <sashal@kernel.org> wrote:
>> >
>> > From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
>> >
>> > [ Upstream commit ffb324e6f874121f7dce5bdae5e05d02baae7269 ]
>>
>> So I think the commit is fine, and yes, it should be applied to
>> stable, but it's one of those "there were three different patches in
>> as many days to fix the problem, and this is the right one, but maybe
>> stable should hold off for a while to see that there aren't any
>> problem reports".
>>
>> I don't think there will be any problems from this, but while the
>> patch is tiny, it's conceptually quite a big change to something that
>> people haven't really touched for a long time.
>>
>> So use your own judgement, but it might be a good idea to wait a week
>> before backporting this to see if anything screams.
>
>I was going to wait a few weeks for this, and the other vt patches that
>were marked with cc: stable@ before queueing them up.

I'll drop it from my queue then.

-- 
Thanks,
Sasha

^ permalink raw reply	[flat|nested] 6+ messages in thread
* Re: [PATCH AUTOSEL 5.12 5/5] tty: vt: always invoke vc->vc_sw->con_resize callback
  2021-05-18 13:22       ` Sasha Levin
@ 2021-05-18 13:34         ` Greg KH
  0 siblings, 0 replies; 6+ messages in thread
From: Greg KH @ 2021-05-18 13:34 UTC (permalink / raw)
  To: Sasha Levin
  Cc: Linus Torvalds, Linux Kernel Mailing List, stable, Tetsuo Handa,
	syzbot, dri-devel, Linux Fbdev development list

On Tue, May 18, 2021 at 09:22:48AM -0400, Sasha Levin wrote:
> On Tue, May 18, 2021 at 07:45:59AM +0200, Greg KH wrote:
> > On Mon, May 17, 2021 at 06:35:24PM -0700, Linus Torvalds wrote:
> > > On Mon, May 17, 2021 at 6:09 PM Sasha Levin <sashal@kernel.org> wrote:
> > > >
> > > > From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
> > > >
> > > > [ Upstream commit ffb324e6f874121f7dce5bdae5e05d02baae7269 ]
> > > 
> > > So I think the commit is fine, and yes, it should be applied to
> > > stable, but it's one of those "there were three different patches in
> > > as many days to fix the problem, and this is the right one, but maybe
> > > stable should hold off for a while to see that there aren't any
> > > problem reports".
> > > 
> > > I don't think there will be any problems from this, but while the
> > > patch is tiny, it's conceptually quite a big change to something that
> > > people haven't really touched for a long time.
> > > 
> > > So use your own judgement, but it might be a good idea to wait a week
> > > before backporting this to see if anything screams.
> > 
> > I was going to wait a few weeks for this, and the other vt patches that
> > were marked with cc: stable@ before queueing them up.
> 
> I'll drop it from my queue then.

Thanks!

^ permalink raw reply	[flat|nested] 6+ messages in thread
* Re: [PATCH AUTOSEL 5.12 5/5] tty: vt: always invoke vc->vc_sw->con_resize callback
  2021-05-18  5:45     ` Greg KH
  2021-05-18 13:22       ` Sasha Levin
@ 2021-05-24 12:00       ` Greg KH
  1 sibling, 0 replies; 6+ messages in thread
From: Greg KH @ 2021-05-24 12:00 UTC (permalink / raw)
  To: Linus Torvalds
  Cc: Sasha Levin, Linux Kernel Mailing List, stable, Tetsuo Handa,
	syzbot, dri-devel, Linux Fbdev development list

On Tue, May 18, 2021 at 07:45:59AM +0200, Greg KH wrote:
> On Mon, May 17, 2021 at 06:35:24PM -0700, Linus Torvalds wrote:
> > On Mon, May 17, 2021 at 6:09 PM Sasha Levin <sashal@kernel.org> wrote:
> > >
> > > From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
> > >
> > > [ Upstream commit ffb324e6f874121f7dce5bdae5e05d02baae7269 ]
> > 
> > So I think the commit is fine, and yes, it should be applied to
> > stable, but it's one of those "there were three different patches in
> > as many days to fix the problem, and this is the right one, but maybe
> > stable should hold off for a while to see that there aren't any
> > problem reports".
> > 
> > I don't think there will be any problems from this, but while the
> > patch is tiny, it's conceptually quite a big change to something that
> > people haven't really touched for a long time.
> > 
> > So use your own judgement, but it might be a good idea to wait a week
> > before backporting this to see if anything screams.
> 
> I was going to wait a few weeks for this, and the other vt patches that
> were marked with cc: stable@ before queueing them up.

I have now queued all of these up.

greg k-h

^ permalink raw reply	[flat|nested] 6+ messages in thread
end of thread, other threads:[~2021-05-24 12:01 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
     [not found] <20210518010940.1485417-1-sashal@kernel.org>
2021-05-18  1:09 ` [PATCH AUTOSEL 5.12 5/5] tty: vt: always invoke vc->vc_sw->con_resize callback Sasha Levin
2021-05-18  1:35   ` Linus Torvalds
2021-05-18  5:45     ` Greg KH
2021-05-18 13:22       ` Sasha Levin
2021-05-18 13:34         ` Greg KH
2021-05-24 12:00       ` Greg KH

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).