Received: by 2002:a25:31c3:0:0:0:0:0 with SMTP id x186csp796036ybx; Tue, 5 Nov 2019 05:46:20 -0800 (PST) X-Google-Smtp-Source: APXvYqxlZoB3TaKsKhl1hTg6Oef4obaOU5y5bGJ+FuHm+mkd1ZrU5AHf1dKnRoGi5qO+n3MMpgiQ X-Received: by 2002:a17:906:7202:: with SMTP id m2mr29240132ejk.138.1572961580493; Tue, 05 Nov 2019 05:46:20 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1572961580; cv=none; d=google.com; s=arc-20160816; b=FhMnGqv8heTfodupbfe1qea1jaU9oyGEVUMxI7ZEUo2O4UmTNiJzcBOHpxHw58WREp pGWB/Q1l6+/5gjjFuxZxyeJob2jeJ4k364soKZ9O1BqybsvqkEVc6Fp7gqDWhouIzQm0 KCd/xiQf8i5wPmAy6CW7XEpwoZXK254M2Z31TGCL7S08zrDiaeDdtBGy9N21ivJJ3DgC grfU/lpOUfoiT+vzcHA5+7L836FXhH1DsjF2vmdZJCfb0v8JGLm7anjTPEFRvPvPlO27 QlDxlwdrrchPR3qRgVFZkANNqSUKsnpbUppNZHfeP70rTVhGKUqIl10p7pbZ2x1jvG5N 6FRg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :message-id:in-reply-to:subject:cc:to:from:date:dkim-signature :dkim-signature; bh=PJrF0TIrDv4zBExOwVnaAeEUQm9BEB/U2kq4aEoGJj4=; b=t8qIUwgACiSOG5Xtvwckgd5UTsVNlbaKG2/adv7k9UjGMvYnf03znZwc4Wi3R+JX6F Jr/panFe84whD+YCJi0iOSIK+ercrC2Xl1WmFV3k4tFXbkgY5W9I3xYd/3HailQyppd7 OiHfGBSHa6fjq3I6cIC0PQR8QAYRHd77M6ejuoGB+rBILPdXb/jtV/UgNqaUh9T6swGo tM1oxHthzZ01eyfeLgaADRbRqz7vKiF315Rni80l9FLkbwVfRyA97hlPji16Gnclj419 jRDSpTOSyfP7meJCRtyaFHTG9D3KTcLjWGVJ5fcClIojcslSDRZlPhbynws/5iM3U5PH zPkQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@pobox.com header.s=sasl header.b=txxpP80f; dkim=temperror (no key for signature) header.i=@fluxnic.net header.s=2016-12.pbsmtp header.b=f3NnrhSG; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id p48si10115670eda.348.2019.11.05.05.45.56; Tue, 05 Nov 2019 05:46:20 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@pobox.com header.s=sasl header.b=txxpP80f; dkim=temperror (no key for signature) header.i=@fluxnic.net header.s=2016-12.pbsmtp header.b=f3NnrhSG; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2389179AbfKENoY (ORCPT + 99 others); Tue, 5 Nov 2019 08:44:24 -0500 Received: from pb-smtp20.pobox.com ([173.228.157.52]:65182 "EHLO pb-smtp20.pobox.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2388615AbfKENoY (ORCPT ); Tue, 5 Nov 2019 08:44:24 -0500 Received: from pb-smtp20.pobox.com (unknown [127.0.0.1]) by pb-smtp20.pobox.com (Postfix) with ESMTP id E07E79F251; Tue, 5 Nov 2019 08:44:18 -0500 (EST) (envelope-from nico@fluxnic.net) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=pobox.com; h=date:from:to :cc:subject:in-reply-to:message-id:references:mime-version :content-type; s=sasl; bh=QRL6lDJwPIhr0aPJSM491ZqazIM=; b=txxpP8 0fMJ5oS2tW/G2dmf3ue7aryydtOs2tcfegSnlxJv/JqNs1IWSq+RNBEA8k8bnt1z QM0oWJ9zngaR4f8mup3Al+j4hjbZAQM6KFLgGtp/T/pq10kJj7Ph/bCSjEEe5KCM Si0wFFRu1sK4wpyMMINCCIhZ+BDgshiGfZbNc= Received: from pb-smtp20.sea.icgroup.com (unknown [127.0.0.1]) by pb-smtp20.pobox.com (Postfix) with ESMTP id D795D9F24D; Tue, 5 Nov 2019 08:44:18 -0500 (EST) (envelope-from nico@fluxnic.net) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=fluxnic.net; h=date:from:to:cc:subject:in-reply-to:message-id:references:mime-version:content-type; s=2016-12.pbsmtp; bh=q3pLhWjndSWDxdR1GJbLTbPdN+s1QCbqTauwlpf9/H4=; b=f3NnrhSGx8TT6rGOslw2Fezqyr76RvvVR4n2DlO7qDdzNf6EbHxtYeoGhDGY1csM3tNF4F1V8DgT3LtAKJziXqVUpv/Ymb9f0g/ebHrcIFutSs+w+k8uzkKuueiyqeyNy9K6IYOKbmJ7ufnmGqDXKvJQbJ3rgn8AJAnXdQo3nt8= Received: from yoda.home (unknown [24.203.50.76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by pb-smtp20.pobox.com (Postfix) with ESMTPSA id A95689F24C; Tue, 5 Nov 2019 08:44:15 -0500 (EST) (envelope-from nico@fluxnic.net) Received: from xanadu.home (xanadu.home [192.168.2.2]) by yoda.home (Postfix) with ESMTPSA id 9D3812DA01C8; Tue, 5 Nov 2019 08:44:13 -0500 (EST) Date: Tue, 5 Nov 2019 14:44:13 +0100 (CET) From: Nicolas Pitre To: Jiri Slaby cc: Or Cohen , Greg KH , textshell@uchuujin.de, Daniel Vetter , sam@ravnborg.org, mpatocka@redhat.com, ghalat@redhat.com, linux-kernel@vger.kernel.org, jwilk@jwilk.net, Nadav Markus , syzkaller@googlegroups.com Subject: Re: Bug report - slab-out-of-bounds in vcs_scr_readw In-Reply-To: Message-ID: References: <20191104152428.GA2252441@kroah.com> User-Agent: Alpine 2.21 (LFD 202 2017-01-01) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII X-Pobox-Relay-ID: 5BA28726-FFD2-11E9-BA90-B0405B776F7B-78420484!pb-smtp20.pobox.com Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, 5 Nov 2019, Jiri Slaby wrote: > On 05. 11. 19, 10:33, Nicolas Pitre wrote: > > Subject: [PATCH] vcs: prevent write access to vcsu devices > > > > Commit d21b0be246bf ("vt: introduce unicode mode for /dev/vcs") guarded > > against using devices containing attributes as this is not yet > > implemented. It however failed to guard against writes to any devices > > as this is also unimplemented. > > > > Signed-off-by: Nicolas Pitre > > Cc: # v4.19+ > > > > diff --git a/drivers/tty/vt/vc_screen.c b/drivers/tty/vt/vc_screen.c > > index fa07d79027..ef19b95b73 100644 > > --- a/drivers/tty/vt/vc_screen.c > > +++ b/drivers/tty/vt/vc_screen.c > > @@ -456,6 +456,9 @@ vcs_write(struct file *file, const char __user *buf, size_t count, loff_t *ppos) > > size_t ret; > > char *con_buf; > > > > + if (use_unicode(inode)) > > + return -EOPNOTSUPP; > > Looks good to me. I am also thinking about a ban directly in open: > > if (use_unicode(inode) && (filp->f_flags & O_ACCMODE) != O_RDONLY) > return -EOPNOTSUPP; > > Would that break the unicode users? The user I know about uses a common helper that uses O_RDWR. So yes, in that case that would break it. Nicolas