From: Daniel Vetter daniel.vetter@ffwll.ch
commit 6fd33a3333c7916689b8f051a185defe4dd515b0 upstream.
This is an oversight from dc5bdb68b5b3 ("drm/fb-helper: Fix vt restore") - I failed to realize that nasty userspace could set this.
It's not pretty to mix up kernel-internal and userspace uapi flags like this, but since the entire fb_var_screeninfo structure is uapi we'd need to either add a new parameter to the ->fb_set_par callback and fb_set_par() function, which has a _lot_ of users. Or some other fairly ugly side-channel int fb_info. Neither is a pretty prospect.
Instead just correct the issue at hand by filtering out this kernel-internal flag in the ioctl handling code.
Reviewed-by: Javier Martinez Canillas javierm@redhat.com Acked-by: Maarten Lankhorst maarten.lankhorst@linux.intel.com Signed-off-by: Daniel Vetter daniel.vetter@intel.com Fixes: dc5bdb68b5b3 ("drm/fb-helper: Fix vt restore") Cc: Alex Deucher alexander.deucher@amd.com Cc: shlomo@fastmail.com Cc: Michel Dänzer michel@daenzer.net Cc: Noralf Trønnes noralf@tronnes.org Cc: Thomas Zimmermann tzimmermann@suse.de Cc: Daniel Vetter daniel.vetter@intel.com Cc: Maarten Lankhorst maarten.lankhorst@linux.intel.com Cc: Maxime Ripard mripard@kernel.org Cc: David Airlie airlied@linux.ie Cc: Daniel Vetter daniel@ffwll.ch Cc: dri-devel@lists.freedesktop.org Cc: stable@vger.kernel.org # v5.7+ Cc: Bartlomiej Zolnierkiewicz b.zolnierkie@samsung.com Cc: Geert Uytterhoeven geert@linux-m68k.org Cc: Nathan Chancellor natechancellor@gmail.com Cc: Qiujun Huang hqjagain@gmail.com Cc: Peter Rosin peda@axentia.se Cc: linux-fbdev@vger.kernel.org Cc: Helge Deller deller@gmx.de Cc: Sam Ravnborg sam@ravnborg.org Cc: Geert Uytterhoeven geert+renesas@glider.be Cc: Samuel Thibault samuel.thibault@ens-lyon.org Cc: Tetsuo Handa penguin-kernel@I-love.SAKURA.ne.jp Cc: Shigeru Yoshida syoshida@redhat.com Link: https://patchwork.freedesktop.org/patch/msgid/20230404193934.472457-1-daniel... Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org --- drivers/video/fbdev/core/fbmem.c | 2 ++ 1 file changed, 2 insertions(+)
--- a/drivers/video/fbdev/core/fbmem.c +++ b/drivers/video/fbdev/core/fbmem.c @@ -1117,6 +1117,8 @@ static long do_fb_ioctl(struct fb_info * case FBIOPUT_VSCREENINFO: if (copy_from_user(&var, argp, sizeof(var))) return -EFAULT; + /* only for kernel-internal use */ + var.activate &= ~FB_ACTIVATE_KD_TEXT; console_lock(); lock_fb_info(info); ret = fbcon_modechange_possible(info, &var);