From patchwork Wed Sep 23 11:39:14 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Pavel Machek X-Patchwork-Id: 1310599 Return-Path: Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6A26DC2D0A8 for ; Wed, 23 Sep 2020 11:39:19 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 2B0CF235FC for ; Wed, 23 Sep 2020 11:39:19 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726548AbgIWLjS (ORCPT ); Wed, 23 Sep 2020 07:39:18 -0400 Received: from jabberwock.ucw.cz ([46.255.230.98]:34882 "EHLO jabberwock.ucw.cz" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726332AbgIWLjR (ORCPT ); Wed, 23 Sep 2020 07:39:17 -0400 Received: by jabberwock.ucw.cz (Postfix, from userid 1017) id 3F1BC1C0BB3; Wed, 23 Sep 2020 13:39:15 +0200 (CEST) Date: Wed, 23 Sep 2020 13:39:14 +0200 From: Pavel Machek To: Linus Torvalds Cc: Linux Kernel Mailing List Subject: fbcon scrollback broken was Re: Linux 5.9-rc6 Message-ID: <20200923113914.GA18149@duo.ucw.cz> References: MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.10.1 (2018-07-13) Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi! > The one thing that does show up in the diffstat is the softscroll > removal (both fbcon and vgacon), and there are people who want to save > that, but we'll see if some maintainer steps up. I'm not willing to > resurrect it in the broken form it was in, so I doubt that will happen > in 5.9, but we'll see what happens. Could you... like try not to make the job harder by merging miriad of "let's kill the documentation" patches? I needed the feature twice already this month, once during fsck, and then five minutes ago, when oops scrolled by me during system shutdown. Unfortunately, shift-pageup was not available to take a look what is going on there. Unfortunately, Greg backported your "fix" to all the stable releases, so resulting damage will not be easy to repair. For the record, making the security problem unexploitable should be as simple as patch below. Unfortunately, Linus' changelog does not exactly tell me what all the known problems are. Willy Tarreau pointed me to https://www.openwall.com/lists/oss-security/2020/09/15/2 , which has some information, but all I can reproduce are transient screen artefacts. If someone has more detailed information, that would be helpful. Best regards, Pavel diff --git a/drivers/tty/vt/vt.c b/drivers/tty/vt/vt.c index 19cd4a4b1939..cb2d3e7eeac8 100644 --- a/drivers/tty/vt/vt.c +++ b/drivers/tty/vt/vt.c @@ -3211,6 +3212,9 @@ int tioclinux(struct tty_struct *tty, unsigned long arg) ret = fg_console; break; case TIOCL_SCROLLCONSOLE: + ret = -EPERM; + break; + if (get_user(lines, (s32 __user *)(p+4))) { ret = -EFAULT; } else {