| Message ID | 20220923223123.410035-2-cengiz.can@canonical.com |
|---|---|
| State | New |
| Headers | show |
| Series | UBUNTU: SAUCE: fbdev: remove redundant lock_fb_info | expand |
On Sat, Sep 24, 2022 at 01:31:25AM +0300, Cengiz Can wrote: > BugLink: https://bugs.launchpad.net/bugs/1990690 > > One of the fixing commits for CVE-2021-33655, commit 159a96b199b4 > ("fbcon: Prevent that screen size is smaller than font size") > introduced a redundant lock_fb_info line into the ioctl flow in fbmem.c. > > This causes a deadlock when calling FBIOPUT_VSCREENINFO ioctl. > > Remove problematic lock_fb_info call. > > Signed-off-by: Cengiz Can <cengiz.can@canonical.com> I would just ask to replace "redundant" to something else, like "extraneous", but this is just nitpicking. As long as the commit messages says explains that it causes a deadlock, this is fine. Acked-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com> > --- > drivers/video/fbdev/core/fbmem.c | 1 - > 1 file changed, 1 deletion(-) > > diff --git a/drivers/video/fbdev/core/fbmem.c b/drivers/video/fbdev/core/fbmem.c > index 1238cc9f42c03..78adcfa11d010 100644 > --- a/drivers/video/fbdev/core/fbmem.c > +++ b/drivers/video/fbdev/core/fbmem.c > @@ -1150,7 +1150,6 @@ static long do_fb_ioctl(struct fb_info *info, unsigned int cmd, > ret = fb_set_var(info, &var); > info->flags &= ~FBINFO_MISC_USEREVENT; > } > - lock_fb_info(info); > unlock_fb_info(info); > console_unlock(); > if (!ret && copy_to_user(argp, &var, sizeof(var))) > -- > 2.34.1 > > > -- > kernel-team mailing list > kernel-team@lists.ubuntu.com > https://lists.ubuntu.com/mailman/listinfo/kernel-team
diff --git a/drivers/video/fbdev/core/fbmem.c b/drivers/video/fbdev/core/fbmem.c index 1238cc9f42c03..78adcfa11d010 100644 --- a/drivers/video/fbdev/core/fbmem.c +++ b/drivers/video/fbdev/core/fbmem.c @@ -1150,7 +1150,6 @@ static long do_fb_ioctl(struct fb_info *info, unsigned int cmd, ret = fb_set_var(info, &var); info->flags &= ~FBINFO_MISC_USEREVENT; } - lock_fb_info(info); unlock_fb_info(info); console_unlock(); if (!ret && copy_to_user(argp, &var, sizeof(var)))
BugLink: https://bugs.launchpad.net/bugs/1990690 One of the fixing commits for CVE-2021-33655, commit 159a96b199b4 ("fbcon: Prevent that screen size is smaller than font size") introduced a redundant lock_fb_info line into the ioctl flow in fbmem.c. This causes a deadlock when calling FBIOPUT_VSCREENINFO ioctl. Remove problematic lock_fb_info call. Signed-off-by: Cengiz Can <cengiz.can@canonical.com> --- drivers/video/fbdev/core/fbmem.c | 1 - 1 file changed, 1 deletion(-)