]> git.ipfire.org Git - people/arne_f/kernel.git/commitdiff
projects / people / arne_f / kernel.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 47b7a50)
vt_ioctl: change VT_RESIZEX ioctl to check for error return from vc_resize()
authorGeorge Kennedy <george.kennedy@oracle.com>
Fri, 31 Jul 2020 16:33:12 +0000 (12:33 -0400)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Thu, 3 Sep 2020 09:22:31 +0000 (11:22 +0200)
commit bc5269ca765057a1b762e79a1cfd267cd7bf1c46 upstream.

vc_resize() can return with an error after failure. Change VT_RESIZEX ioctl
to save struct vc_data values that are modified and restore the original
values in case of error.

Signed-off-by: George Kennedy <george.kennedy@oracle.com>
Cc: stable <stable@vger.kernel.org>
Reported-by: syzbot+38a3699c7eaf165b97a6@syzkaller.appspotmail.com
Link: https://lore.kernel.org/r/1596213192-6635-2-git-send-email-george.kennedy@oracle.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
drivers/tty/vt/vt_ioctl.c patch | blob | blame | history

diff --git a/drivers/tty/vt/vt_ioctl.c b/drivers/tty/vt/vt_ioctl.c
index 699ad55e3ec60f128d3d0cefaa5de204980e4a32..1184105b2a17b0fb2517cf4eb1bf995a86dc591c 100644 (file)
--- a/drivers/tty/vt/vt_ioctl.c
+++ b/drivers/tty/vt/vt_ioctl.c
@@ -893,12 +893,22 @@ int vt_ioctl(struct tty_struct *tty,
                        console_lock();
                        vcp = vc_cons[i].d;
                        if (vcp) {
+                               int ret;
+                               int save_scan_lines = vcp->vc_scan_lines;
+                               int save_font_height = vcp->vc_font.height;
+
                                if (v.v_vlin)
                                        vcp->vc_scan_lines = v.v_vlin;
                                if (v.v_clin)
                                        vcp->vc_font.height = v.v_clin;
                                vcp->vc_resize_user = 1;
-                               vc_resize(vcp, v.v_cols, v.v_rows);
+                               ret = vc_resize(vcp, v.v_cols, v.v_rows);
+                               if (ret) {
+                                       vcp->vc_scan_lines = save_scan_lines;
+                                       vcp->vc_font.height = save_font_height;
+                                       console_unlock();
+                                       return ret;
+                               }
                        }
                        console_unlock();
                }
Arne's tree of linux kernel.