From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from gabe.freedesktop.org (gabe.freedesktop.org [131.252.210.177]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id EE279C7619A for ; Sat, 15 Apr 2023 16:14:17 +0000 (UTC) Received: from gabe.freedesktop.org (localhost [127.0.0.1]) by gabe.freedesktop.org (Postfix) with ESMTP id 0E46910E0C4; Sat, 15 Apr 2023 16:14:17 +0000 (UTC) Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by gabe.freedesktop.org (Postfix) with ESMTPS id 8D94610E0C4 for ; Sat, 15 Apr 2023 16:14:15 +0000 (UTC) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id D3D5D616E2; Sat, 15 Apr 2023 16:14:14 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id B573CC433EF; Sat, 15 Apr 2023 16:14:13 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1681575254; bh=S7t8Djs+luJriTIn5zbEOo3pssX11iFK+2oHdZY2xzo=; h=Subject:To:Cc:From:Date:From; b=uhsKaV7DDf1war3JczYhfP+ZnYeX584Z5wQyrt4XtID9uAuZw1r+zhVDbLahguczK xwUL6NGEH+M/V7jt/XJpzx9PB7DG/g2h/eFKMxkJ3OQZ5/FKdk4eY/epFHwNOzmFHx jpfT567cJkflvefd+g4W3RjlnX+0l+rEejn1Xi1A= Subject: Patch "fbmem: Reject FB_ACTIVATE_KD_TEXT from userspace" has been added to the 6.1-stable tree To: airlied@linux.ie, alexander.deucher@amd.com, b.zolnierkie@samsung.com, daniel.vetter@ffwll.ch, daniel.vetter@intel.com, daniel@ffwll.ch, deller@gmx.de, dri-devel@lists.freedesktop.org, geert+renesas@glider.be, geert@linux-m68k.org, gregkh@linuxfoundation.org, hqjagain@gmail.com, javierm@redhat.com, maarten.lankhorst@linux.intel.com, michel@daenzer.net, mripard@kernel.org, natechancellor@gmail.com, noralf@tronnes.org, peda@axentia.se, penguin-kernel@I-love.SAKURA.ne.jp, sam@ravnborg.org, samuel.thibault@ens-lyon.org, shlomo@fastmail.com, syoshida@redhat.com, tzimmermann@suse.de From: Date: Sat, 15 Apr 2023 18:13:03 +0200 Message-ID: <2023041502-universal-crepe-d5cb@gregkh> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-stable: commit X-Patchwork-Hint: ignore X-BeenThere: dri-devel@lists.freedesktop.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Direct Rendering Infrastructure - Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: stable-commits@vger.kernel.org Errors-To: dri-devel-bounces@lists.freedesktop.org Sender: "dri-devel" This is a note to let you know that I've just added the patch titled fbmem: Reject FB_ACTIVATE_KD_TEXT from userspace to the 6.1-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: fbmem-reject-fb_activate_kd_text-from-userspace.patch and it can be found in the queue-6.1 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let know about it. >From 6fd33a3333c7916689b8f051a185defe4dd515b0 Mon Sep 17 00:00:00 2001 From: Daniel Vetter Date: Tue, 4 Apr 2023 21:39:34 +0200 Subject: fbmem: Reject FB_ACTIVATE_KD_TEXT from userspace MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit From: Daniel Vetter commit 6fd33a3333c7916689b8f051a185defe4dd515b0 upstream. This is an oversight from dc5bdb68b5b3 ("drm/fb-helper: Fix vt restore") - I failed to realize that nasty userspace could set this. It's not pretty to mix up kernel-internal and userspace uapi flags like this, but since the entire fb_var_screeninfo structure is uapi we'd need to either add a new parameter to the ->fb_set_par callback and fb_set_par() function, which has a _lot_ of users. Or some other fairly ugly side-channel int fb_info. Neither is a pretty prospect. Instead just correct the issue at hand by filtering out this kernel-internal flag in the ioctl handling code. Reviewed-by: Javier Martinez Canillas Acked-by: Maarten Lankhorst Signed-off-by: Daniel Vetter Fixes: dc5bdb68b5b3 ("drm/fb-helper: Fix vt restore") Cc: Alex Deucher Cc: shlomo@fastmail.com Cc: Michel Dänzer Cc: Noralf Trønnes Cc: Thomas Zimmermann Cc: Daniel Vetter Cc: Maarten Lankhorst Cc: Maxime Ripard Cc: David Airlie Cc: Daniel Vetter Cc: dri-devel@lists.freedesktop.org Cc: # v5.7+ Cc: Bartlomiej Zolnierkiewicz Cc: Geert Uytterhoeven Cc: Nathan Chancellor Cc: Qiujun Huang Cc: Peter Rosin Cc: linux-fbdev@vger.kernel.org Cc: Helge Deller Cc: Sam Ravnborg Cc: Geert Uytterhoeven Cc: Samuel Thibault Cc: Tetsuo Handa Cc: Shigeru Yoshida Link: https://patchwork.freedesktop.org/patch/msgid/20230404193934.472457-1-daniel.vetter@ffwll.ch Signed-off-by: Greg Kroah-Hartman --- drivers/video/fbdev/core/fbmem.c | 2 ++ 1 file changed, 2 insertions(+) --- a/drivers/video/fbdev/core/fbmem.c +++ b/drivers/video/fbdev/core/fbmem.c @@ -1116,6 +1116,8 @@ static long do_fb_ioctl(struct fb_info * case FBIOPUT_VSCREENINFO: if (copy_from_user(&var, argp, sizeof(var))) return -EFAULT; + /* only for kernel-internal use */ + var.activate &= ~FB_ACTIVATE_KD_TEXT; console_lock(); lock_fb_info(info); ret = fbcon_modechange_possible(info, &var); Patches currently in stable-queue which might be from daniel.vetter@ffwll.ch are queue-6.1/fbmem-reject-fb_activate_kd_text-from-userspace.patch