From: Daniel Vetter <daniel.vetter@ffwll.ch>
To: Intel Graphics Development <intel-gfx@lists.freedesktop.org>
Cc: "Daniel Vetter" <daniel.vetter@ffwll.ch>,
"Daniel Vetter" <daniel.vetter@intel.com>,
"Alex Deucher" <alexander.deucher@amd.com>,
shlomo@fastmail.com, "Michel Dänzer" <michel@daenzer.net>,
"Noralf Trønnes" <noralf@tronnes.org>,
"Thomas Zimmermann" <tzimmermann@suse.de>,
"Maarten Lankhorst" <maarten.lankhorst@linux.intel.com>,
"Maxime Ripard" <mripard@kernel.org>,
"David Airlie" <airlied@linux.ie>,
"Daniel Vetter" <daniel@ffwll.ch>,
dri-devel@lists.freedesktop.org, stable@vger.kernel.org,
"Bartlomiej Zolnierkiewicz" <b.zolnierkie@samsung.com>,
"Geert Uytterhoeven" <geert@linux-m68k.org>,
"Nathan Chancellor" <natechancellor@gmail.com>,
"Qiujun Huang" <hqjagain@gmail.com>,
"Peter Rosin" <peda@axentia.se>,
linux-fbdev@vger.kernel.org, "Helge Deller" <deller@gmx.de>,
"Sam Ravnborg" <sam@ravnborg.org>,
"Geert Uytterhoeven" <geert+renesas@glider.be>,
"Samuel Thibault" <samuel.thibault@ens-lyon.org>,
"Tetsuo Handa" <penguin-kernel@I-love.SAKURA.ne.jp>,
"Shigeru Yoshida" <syoshida@redhat.com>
Subject: [PATCH] fbmem: Reject FB_ACTIVATE_KD_TEXT from userspace
Date: Tue, 4 Apr 2023 21:39:34 +0200 [thread overview]
Message-ID: <20230404193934.472457-1-daniel.vetter@ffwll.ch> (raw)
This is an oversight from dc5bdb68b5b3 ("drm/fb-helper: Fix vt
restore") - I failed to realize that nasty userspace could set this.
It's not pretty to mix up kernel-internal and userspace uapi flags
like this, but since the entire fb_var_screeninfo structure is uapi
we'd need to either add a new parameter to the ->fb_set_par callback
and fb_set_par() function, which has a _lot_ of users. Or some other
fairly ugly side-channel int fb_info. Neither is a pretty prospect.
Instead just correct the issue at hand by filtering out this
kernel-internal flag in the ioctl handling code.
Signed-off-by: Daniel Vetter <daniel.vetter@intel.com>
Fixes: dc5bdb68b5b3 ("drm/fb-helper: Fix vt restore")
Cc: Alex Deucher <alexander.deucher@amd.com>
Cc: shlomo@fastmail.com
Cc: Michel Dänzer <michel@daenzer.net>
Cc: Noralf Trønnes <noralf@tronnes.org>
Cc: Thomas Zimmermann <tzimmermann@suse.de>
Cc: Daniel Vetter <daniel.vetter@intel.com>
Cc: Maarten Lankhorst <maarten.lankhorst@linux.intel.com>
Cc: Maxime Ripard <mripard@kernel.org>
Cc: David Airlie <airlied@linux.ie>
Cc: Daniel Vetter <daniel@ffwll.ch>
Cc: dri-devel@lists.freedesktop.org
Cc: <stable@vger.kernel.org> # v5.7+
Cc: Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>
Cc: Geert Uytterhoeven <geert@linux-m68k.org>
Cc: Nathan Chancellor <natechancellor@gmail.com>
Cc: Qiujun Huang <hqjagain@gmail.com>
Cc: Peter Rosin <peda@axentia.se>
Cc: linux-fbdev@vger.kernel.org
Cc: Helge Deller <deller@gmx.de>
Cc: Sam Ravnborg <sam@ravnborg.org>
Cc: Geert Uytterhoeven <geert+renesas@glider.be>
Cc: Samuel Thibault <samuel.thibault@ens-lyon.org>
Cc: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Cc: Shigeru Yoshida <syoshida@redhat.com>
---
drivers/video/fbdev/core/fbmem.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/video/fbdev/core/fbmem.c b/drivers/video/fbdev/core/fbmem.c
index 875541ff185b..3fd95a79e4c3 100644
--- a/drivers/video/fbdev/core/fbmem.c
+++ b/drivers/video/fbdev/core/fbmem.c
@@ -1116,6 +1116,8 @@ static long do_fb_ioctl(struct fb_info *info, unsigned int cmd,
case FBIOPUT_VSCREENINFO:
if (copy_from_user(&var, argp, sizeof(var)))
return -EFAULT;
+ /* only for kernel-internal use */
+ var.activate &= ~FB_ACTIVATE_KD_TEXT;
console_lock();
lock_fb_info(info);
ret = fbcon_modechange_possible(info, &var);
--
2.40.0
WARNING: multiple messages have this Message-ID (diff)
From: Daniel Vetter <daniel.vetter@ffwll.ch>
To: Intel Graphics Development <intel-gfx@lists.freedesktop.org>
Cc: linux-fbdev@vger.kernel.org,
"Shigeru Yoshida" <syoshida@redhat.com>,
"Geert Uytterhoeven" <geert+renesas@glider.be>,
"David Airlie" <airlied@linux.ie>,
"Daniel Vetter" <daniel.vetter@ffwll.ch>,
dri-devel@lists.freedesktop.org,
"Daniel Vetter" <daniel.vetter@intel.com>,
"Sam Ravnborg" <sam@ravnborg.org>, "Helge Deller" <deller@gmx.de>,
"Tetsuo Handa" <penguin-kernel@I-love.SAKURA.ne.jp>,
"Geert Uytterhoeven" <geert@linux-m68k.org>,
"Samuel Thibault" <samuel.thibault@ens-lyon.org>,
"Thomas Zimmermann" <tzimmermann@suse.de>,
"Bartlomiej Zolnierkiewicz" <b.zolnierkie@samsung.com>,
"Michel Dänzer" <michel@daenzer.net>,
shlomo@fastmail.com,
"Nathan Chancellor" <natechancellor@gmail.com>,
stable@vger.kernel.org, "Noralf Trønnes" <noralf@tronnes.org>,
"Alex Deucher" <alexander.deucher@amd.com>,
"Peter Rosin" <peda@axentia.se>,
"Qiujun Huang" <hqjagain@gmail.com>
Subject: [PATCH] fbmem: Reject FB_ACTIVATE_KD_TEXT from userspace
Date: Tue, 4 Apr 2023 21:39:34 +0200 [thread overview]
Message-ID: <20230404193934.472457-1-daniel.vetter@ffwll.ch> (raw)
This is an oversight from dc5bdb68b5b3 ("drm/fb-helper: Fix vt
restore") - I failed to realize that nasty userspace could set this.
It's not pretty to mix up kernel-internal and userspace uapi flags
like this, but since the entire fb_var_screeninfo structure is uapi
we'd need to either add a new parameter to the ->fb_set_par callback
and fb_set_par() function, which has a _lot_ of users. Or some other
fairly ugly side-channel int fb_info. Neither is a pretty prospect.
Instead just correct the issue at hand by filtering out this
kernel-internal flag in the ioctl handling code.
Signed-off-by: Daniel Vetter <daniel.vetter@intel.com>
Fixes: dc5bdb68b5b3 ("drm/fb-helper: Fix vt restore")
Cc: Alex Deucher <alexander.deucher@amd.com>
Cc: shlomo@fastmail.com
Cc: Michel Dänzer <michel@daenzer.net>
Cc: Noralf Trønnes <noralf@tronnes.org>
Cc: Thomas Zimmermann <tzimmermann@suse.de>
Cc: Daniel Vetter <daniel.vetter@intel.com>
Cc: Maarten Lankhorst <maarten.lankhorst@linux.intel.com>
Cc: Maxime Ripard <mripard@kernel.org>
Cc: David Airlie <airlied@linux.ie>
Cc: Daniel Vetter <daniel@ffwll.ch>
Cc: dri-devel@lists.freedesktop.org
Cc: <stable@vger.kernel.org> # v5.7+
Cc: Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>
Cc: Geert Uytterhoeven <geert@linux-m68k.org>
Cc: Nathan Chancellor <natechancellor@gmail.com>
Cc: Qiujun Huang <hqjagain@gmail.com>
Cc: Peter Rosin <peda@axentia.se>
Cc: linux-fbdev@vger.kernel.org
Cc: Helge Deller <deller@gmx.de>
Cc: Sam Ravnborg <sam@ravnborg.org>
Cc: Geert Uytterhoeven <geert+renesas@glider.be>
Cc: Samuel Thibault <samuel.thibault@ens-lyon.org>
Cc: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Cc: Shigeru Yoshida <syoshida@redhat.com>
---
drivers/video/fbdev/core/fbmem.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/video/fbdev/core/fbmem.c b/drivers/video/fbdev/core/fbmem.c
index 875541ff185b..3fd95a79e4c3 100644
--- a/drivers/video/fbdev/core/fbmem.c
+++ b/drivers/video/fbdev/core/fbmem.c
@@ -1116,6 +1116,8 @@ static long do_fb_ioctl(struct fb_info *info, unsigned int cmd,
case FBIOPUT_VSCREENINFO:
if (copy_from_user(&var, argp, sizeof(var)))
return -EFAULT;
+ /* only for kernel-internal use */
+ var.activate &= ~FB_ACTIVATE_KD_TEXT;
console_lock();
lock_fb_info(info);
ret = fbcon_modechange_possible(info, &var);
--
2.40.0
WARNING: multiple messages have this Message-ID (diff)
From: Daniel Vetter <daniel.vetter@ffwll.ch>
To: Intel Graphics Development <intel-gfx@lists.freedesktop.org>
Cc: linux-fbdev@vger.kernel.org,
"Shigeru Yoshida" <syoshida@redhat.com>,
"Geert Uytterhoeven" <geert+renesas@glider.be>,
"David Airlie" <airlied@linux.ie>,
"Daniel Vetter" <daniel.vetter@ffwll.ch>,
dri-devel@lists.freedesktop.org,
"Daniel Vetter" <daniel.vetter@intel.com>,
"Sam Ravnborg" <sam@ravnborg.org>, "Helge Deller" <deller@gmx.de>,
"Tetsuo Handa" <penguin-kernel@I-love.SAKURA.ne.jp>,
"Geert Uytterhoeven" <geert@linux-m68k.org>,
"Samuel Thibault" <samuel.thibault@ens-lyon.org>,
"Thomas Zimmermann" <tzimmermann@suse.de>,
"Bartlomiej Zolnierkiewicz" <b.zolnierkie@samsung.com>,
"Michel Dänzer" <michel@daenzer.net>,
"Maxime Ripard" <mripard@kernel.org>,
shlomo@fastmail.com,
"Nathan Chancellor" <natechancellor@gmail.com>,
stable@vger.kernel.org, "Noralf Trønnes" <noralf@tronnes.org>,
"Daniel Vetter" <daniel@ffwll.ch>,
"Alex Deucher" <alexander.deucher@amd.com>,
"Peter Rosin" <peda@axentia.se>,
"Qiujun Huang" <hqjagain@gmail.com>
Subject: [Intel-gfx] [PATCH] fbmem: Reject FB_ACTIVATE_KD_TEXT from userspace
Date: Tue, 4 Apr 2023 21:39:34 +0200 [thread overview]
Message-ID: <20230404193934.472457-1-daniel.vetter@ffwll.ch> (raw)
This is an oversight from dc5bdb68b5b3 ("drm/fb-helper: Fix vt
restore") - I failed to realize that nasty userspace could set this.
It's not pretty to mix up kernel-internal and userspace uapi flags
like this, but since the entire fb_var_screeninfo structure is uapi
we'd need to either add a new parameter to the ->fb_set_par callback
and fb_set_par() function, which has a _lot_ of users. Or some other
fairly ugly side-channel int fb_info. Neither is a pretty prospect.
Instead just correct the issue at hand by filtering out this
kernel-internal flag in the ioctl handling code.
Signed-off-by: Daniel Vetter <daniel.vetter@intel.com>
Fixes: dc5bdb68b5b3 ("drm/fb-helper: Fix vt restore")
Cc: Alex Deucher <alexander.deucher@amd.com>
Cc: shlomo@fastmail.com
Cc: Michel Dänzer <michel@daenzer.net>
Cc: Noralf Trønnes <noralf@tronnes.org>
Cc: Thomas Zimmermann <tzimmermann@suse.de>
Cc: Daniel Vetter <daniel.vetter@intel.com>
Cc: Maarten Lankhorst <maarten.lankhorst@linux.intel.com>
Cc: Maxime Ripard <mripard@kernel.org>
Cc: David Airlie <airlied@linux.ie>
Cc: Daniel Vetter <daniel@ffwll.ch>
Cc: dri-devel@lists.freedesktop.org
Cc: <stable@vger.kernel.org> # v5.7+
Cc: Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>
Cc: Geert Uytterhoeven <geert@linux-m68k.org>
Cc: Nathan Chancellor <natechancellor@gmail.com>
Cc: Qiujun Huang <hqjagain@gmail.com>
Cc: Peter Rosin <peda@axentia.se>
Cc: linux-fbdev@vger.kernel.org
Cc: Helge Deller <deller@gmx.de>
Cc: Sam Ravnborg <sam@ravnborg.org>
Cc: Geert Uytterhoeven <geert+renesas@glider.be>
Cc: Samuel Thibault <samuel.thibault@ens-lyon.org>
Cc: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Cc: Shigeru Yoshida <syoshida@redhat.com>
---
drivers/video/fbdev/core/fbmem.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/video/fbdev/core/fbmem.c b/drivers/video/fbdev/core/fbmem.c
index 875541ff185b..3fd95a79e4c3 100644
--- a/drivers/video/fbdev/core/fbmem.c
+++ b/drivers/video/fbdev/core/fbmem.c
@@ -1116,6 +1116,8 @@ static long do_fb_ioctl(struct fb_info *info, unsigned int cmd,
case FBIOPUT_VSCREENINFO:
if (copy_from_user(&var, argp, sizeof(var)))
return -EFAULT;
+ /* only for kernel-internal use */
+ var.activate &= ~FB_ACTIVATE_KD_TEXT;
console_lock();
lock_fb_info(info);
ret = fbcon_modechange_possible(info, &var);
--
2.40.0
next reply other threads:[~2023-04-04 19:39 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-04-04 19:39 Daniel Vetter [this message]
2023-04-04 19:39 ` [Intel-gfx] [PATCH] fbmem: Reject FB_ACTIVATE_KD_TEXT from userspace Daniel Vetter
2023-04-04 19:39 ` Daniel Vetter
2023-04-04 22:10 ` [Intel-gfx] ✗ Fi.CI.CHECKPATCH: warning for " Patchwork
2023-04-04 22:25 ` [Intel-gfx] ✓ Fi.CI.BAT: success " Patchwork
2023-04-05 7:29 ` [Intel-gfx] ✓ Fi.CI.IGT: " Patchwork
2023-04-11 13:44 ` [PATCH] " Daniel Vetter
2023-04-11 13:44 ` [Intel-gfx] " Daniel Vetter
2023-04-11 13:44 ` Daniel Vetter
2023-04-11 13:58 ` Maarten Lankhorst
2023-04-11 13:58 ` Maarten Lankhorst
2023-04-11 13:58 ` [Intel-gfx] " Maarten Lankhorst
2023-04-11 15:57 ` Geert Uytterhoeven
2023-04-11 15:57 ` [Intel-gfx] " Geert Uytterhoeven
2023-04-11 15:57 ` Geert Uytterhoeven
2023-04-11 14:03 ` Javier Martinez Canillas
2023-04-11 14:03 ` [Intel-gfx] " Javier Martinez Canillas
2023-04-11 14:03 ` Javier Martinez Canillas
2023-04-11 14:25 ` Daniel Vetter
2023-04-11 14:25 ` Daniel Vetter
2023-04-11 14:25 ` [Intel-gfx] " Daniel Vetter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230404193934.472457-1-daniel.vetter@ffwll.ch \
--to=daniel.vetter@ffwll.ch \
--cc=airlied@linux.ie \
--cc=alexander.deucher@amd.com \
--cc=b.zolnierkie@samsung.com \
--cc=daniel.vetter@intel.com \
--cc=daniel@ffwll.ch \
--cc=deller@gmx.de \
--cc=dri-devel@lists.freedesktop.org \
--cc=geert+renesas@glider.be \
--cc=geert@linux-m68k.org \
--cc=hqjagain@gmail.com \
--cc=intel-gfx@lists.freedesktop.org \
--cc=linux-fbdev@vger.kernel.org \
--cc=maarten.lankhorst@linux.intel.com \
--cc=michel@daenzer.net \
--cc=mripard@kernel.org \
--cc=natechancellor@gmail.com \
--cc=noralf@tronnes.org \
--cc=peda@axentia.se \
--cc=penguin-kernel@I-love.SAKURA.ne.jp \
--cc=sam@ravnborg.org \
--cc=samuel.thibault@ens-lyon.org \
--cc=shlomo@fastmail.com \
--cc=stable@vger.kernel.org \
--cc=syoshida@redhat.com \
--cc=tzimmermann@suse.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.