Skip to content

Commit 6fd33a3

Browse files
danvetdanvet
committed
fbmem: Reject FB_ACTIVATE_KD_TEXT from userspace
This is an oversight from dc5bdb6 ("drm/fb-helper: Fix vt restore") - I failed to realize that nasty userspace could set this. It's not pretty to mix up kernel-internal and userspace uapi flags like this, but since the entire fb_var_screeninfo structure is uapi we'd need to either add a new parameter to the ->fb_set_par callback and fb_set_par() function, which has a _lot_ of users. Or some other fairly ugly side-channel int fb_info. Neither is a pretty prospect. Instead just correct the issue at hand by filtering out this kernel-internal flag in the ioctl handling code. Reviewed-by: Javier Martinez Canillas <[email protected]> Acked-by: Maarten Lankhorst <[email protected]> Signed-off-by: Daniel Vetter <[email protected]> Fixes: dc5bdb6 ("drm/fb-helper: Fix vt restore") Cc: Alex Deucher <[email protected]> Cc: [email protected] Cc: Michel Dänzer <[email protected]> Cc: Noralf Trønnes <[email protected]> Cc: Thomas Zimmermann <[email protected]> Cc: Daniel Vetter <[email protected]> Cc: Maarten Lankhorst <[email protected]> Cc: Maxime Ripard <[email protected]> Cc: David Airlie <[email protected]> Cc: Daniel Vetter <[email protected]> Cc: [email protected] Cc: <[email protected]> # v5.7+ Cc: Bartlomiej Zolnierkiewicz <[email protected]> Cc: Geert Uytterhoeven <[email protected]> Cc: Nathan Chancellor <[email protected]> Cc: Qiujun Huang <[email protected]> Cc: Peter Rosin <[email protected]> Cc: [email protected] Cc: Helge Deller <[email protected]> Cc: Sam Ravnborg <[email protected]> Cc: Geert Uytterhoeven <[email protected]> Cc: Samuel Thibault <[email protected]> Cc: Tetsuo Handa <[email protected]> Cc: Shigeru Yoshida <[email protected]> Link: https://patchwork.freedesktop.org/patch/msgid/[email protected]
1 parent 86d8740 commit 6fd33a3

File tree

1 file changed

+2
-0
lines changed

1 file changed

+2
-0
lines changed

drivers/video/fbdev/core/fbmem.c

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1116,6 +1116,8 @@ static long do_fb_ioctl(struct fb_info *info, unsigned int cmd,
11161116
case FBIOPUT_VSCREENINFO:
11171117
if (copy_from_user(&var, argp, sizeof(var)))
11181118
return -EFAULT;
1119+
/* only for kernel-internal use */
1120+
var.activate &= ~FB_ACTIVATE_KD_TEXT;
11191121
console_lock();
11201122
lock_fb_info(info);
11211123
ret = fbcon_modechange_possible(info, &var);

0 commit comments

Comments
 (0)