Skip to content

Commit 90bfdee

Browse files
committed
tty: make FONTX ioctl use the tty pointer they were actually passed
Some of the font tty ioctl's always used the current foreground VC for their operations. Don't do that then. This fixes a data race on fg_console. Side note: both Michael Ellerman and Jiri Slaby point out that all these ioctls are deprecated, and should probably have been removed long ago, and everything seems to be using the KDFONTOP ioctl instead. In fact, Michael points out that it looks like busybox's loadfont program seems to have switched over to using KDFONTOP exactly _because_ of this bug (ahem.. 12 years ago ;-). Reported-by: Minh Yuan <[email protected]> Acked-by: Michael Ellerman <[email protected]> Acked-by: Jiri Slaby <[email protected]> Cc: Greg KH <[email protected]> Signed-off-by: Linus Torvalds <[email protected]>
1 parent b7cbaf5 commit 90bfdee

File tree

1 file changed

+19
-17
lines changed

1 file changed

+19
-17
lines changed

drivers/tty/vt/vt_ioctl.c

Lines changed: 19 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -484,7 +484,7 @@ static int vt_k_ioctl(struct tty_struct *tty, unsigned int cmd,
484484
return 0;
485485
}
486486

487-
static inline int do_fontx_ioctl(int cmd,
487+
static inline int do_fontx_ioctl(struct vc_data *vc, int cmd,
488488
struct consolefontdesc __user *user_cfd,
489489
struct console_font_op *op)
490490
{
@@ -502,28 +502,28 @@ static inline int do_fontx_ioctl(int cmd,
502502
op->height = cfdarg.charheight;
503503
op->charcount = cfdarg.charcount;
504504
op->data = cfdarg.chardata;
505-
return con_font_op(vc_cons[fg_console].d, op);
506-
case GIO_FONTX: {
505+
return con_font_op(vc, op);
506+
507+
case GIO_FONTX:
507508
op->op = KD_FONT_OP_GET;
508509
op->flags = KD_FONT_FLAG_OLD;
509510
op->width = 8;
510511
op->height = cfdarg.charheight;
511512
op->charcount = cfdarg.charcount;
512513
op->data = cfdarg.chardata;
513-
i = con_font_op(vc_cons[fg_console].d, op);
514+
i = con_font_op(vc, op);
514515
if (i)
515516
return i;
516517
cfdarg.charheight = op->height;
517518
cfdarg.charcount = op->charcount;
518519
if (copy_to_user(user_cfd, &cfdarg, sizeof(struct consolefontdesc)))
519520
return -EFAULT;
520521
return 0;
521-
}
522522
}
523523
return -EINVAL;
524524
}
525525

526-
static int vt_io_fontreset(struct console_font_op *op)
526+
static int vt_io_fontreset(struct vc_data *vc, struct console_font_op *op)
527527
{
528528
int ret;
529529

@@ -537,12 +537,12 @@ static int vt_io_fontreset(struct console_font_op *op)
537537

538538
op->op = KD_FONT_OP_SET_DEFAULT;
539539
op->data = NULL;
540-
ret = con_font_op(vc_cons[fg_console].d, op);
540+
ret = con_font_op(vc, op);
541541
if (ret)
542542
return ret;
543543

544544
console_lock();
545-
con_set_default_unimap(vc_cons[fg_console].d);
545+
con_set_default_unimap(vc);
546546
console_unlock();
547547

548548
return 0;
@@ -584,7 +584,7 @@ static int vt_io_ioctl(struct vc_data *vc, unsigned int cmd, void __user *up,
584584
op.height = 0;
585585
op.charcount = 256;
586586
op.data = up;
587-
return con_font_op(vc_cons[fg_console].d, &op);
587+
return con_font_op(vc, &op);
588588

589589
case GIO_FONT:
590590
op.op = KD_FONT_OP_GET;
@@ -593,7 +593,7 @@ static int vt_io_ioctl(struct vc_data *vc, unsigned int cmd, void __user *up,
593593
op.height = 32;
594594
op.charcount = 256;
595595
op.data = up;
596-
return con_font_op(vc_cons[fg_console].d, &op);
596+
return con_font_op(vc, &op);
597597

598598
case PIO_CMAP:
599599
if (!perm)
@@ -609,13 +609,13 @@ static int vt_io_ioctl(struct vc_data *vc, unsigned int cmd, void __user *up,
609609

610610
fallthrough;
611611
case GIO_FONTX:
612-
return do_fontx_ioctl(cmd, up, &op);
612+
return do_fontx_ioctl(vc, cmd, up, &op);
613613

614614
case PIO_FONTRESET:
615615
if (!perm)
616616
return -EPERM;
617617

618-
return vt_io_fontreset(&op);
618+
return vt_io_fontreset(vc, &op);
619619

620620
case PIO_SCRNMAP:
621621
if (!perm)
@@ -1066,8 +1066,9 @@ struct compat_consolefontdesc {
10661066
};
10671067

10681068
static inline int
1069-
compat_fontx_ioctl(int cmd, struct compat_consolefontdesc __user *user_cfd,
1070-
int perm, struct console_font_op *op)
1069+
compat_fontx_ioctl(struct vc_data *vc, int cmd,
1070+
struct compat_consolefontdesc __user *user_cfd,
1071+
int perm, struct console_font_op *op)
10711072
{
10721073
struct compat_consolefontdesc cfdarg;
10731074
int i;
@@ -1085,15 +1086,16 @@ compat_fontx_ioctl(int cmd, struct compat_consolefontdesc __user *user_cfd,
10851086
op->height = cfdarg.charheight;
10861087
op->charcount = cfdarg.charcount;
10871088
op->data = compat_ptr(cfdarg.chardata);
1088-
return con_font_op(vc_cons[fg_console].d, op);
1089+
return con_font_op(vc, op);
1090+
10891091
case GIO_FONTX:
10901092
op->op = KD_FONT_OP_GET;
10911093
op->flags = KD_FONT_FLAG_OLD;
10921094
op->width = 8;
10931095
op->height = cfdarg.charheight;
10941096
op->charcount = cfdarg.charcount;
10951097
op->data = compat_ptr(cfdarg.chardata);
1096-
i = con_font_op(vc_cons[fg_console].d, op);
1098+
i = con_font_op(vc, op);
10971099
if (i)
10981100
return i;
10991101
cfdarg.charheight = op->height;
@@ -1183,7 +1185,7 @@ long vt_compat_ioctl(struct tty_struct *tty,
11831185
*/
11841186
case PIO_FONTX:
11851187
case GIO_FONTX:
1186-
return compat_fontx_ioctl(cmd, up, perm, &op);
1188+
return compat_fontx_ioctl(vc, cmd, up, perm, &op);
11871189

11881190
case KDFONTOP:
11891191
return compat_kdfontop_ioctl(up, perm, &op, vc);

0 commit comments

Comments
 (0)