Received: by 2002:a25:7ec1:0:0:0:0:0 with SMTP id z184csp4739946ybc; Tue, 26 Nov 2019 13:57:16 -0800 (PST) X-Google-Smtp-Source: APXvYqzUNPhRa2r7pI5gsGyu6sDFFOmtQnmUDS7cPLns5QQ10geaZFtcDij53HYCZrvtSMa2WGKk X-Received: by 2002:a17:906:b289:: with SMTP id q9mr45449230ejz.183.1574805436772; Tue, 26 Nov 2019 13:57:16 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1574805436; cv=none; d=google.com; s=arc-20160816; b=0hJvjnNGDk5aEGQnukO+ArOf+H2zMQcHo0nOxVqRzcIySV9Un3hn77Gr2IbqdLFz8P wL5G+Z9FpkGF17UH2YhxSNHhkVMfj9PW5bEUXwlJ64mXTiDYDgogV4QRzP69GzyxymrN JNUriIwIPDHMYVbtzzfUglT/HmrcM4ntUwXNC+FjAEPT0m2Ctn1hTf9OXPBuC85FA7Ew +nGnQR+f4t3V36yu4QTayrV69AL0wrnmNwP6IDBeOWbwfIc4l0zQInoEZBAPEaD9iDa2 JtHdSTKrYoJe51QmBtMBOcKQzDyft6PMHYxhKIy7Mt/8C1ivOdm7r1kkW2H7MUcVJnkE 7SxQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :message-id:in-reply-to:subject:cc:to:from:date:dkim-signature :dkim-signature; bh=FMeA8uEsWE2QLImfNQjlHsCf2/JUsr6xlxJWLMu2D5A=; b=qKF2oYuot30Tj3WhyzLqHzQ9+e1iO+3t8NKIveAvDrJ6sbxS0NIwr+heHEKy21ZUvW al2TLmHuZMagtz1lSlFsHHxv1WGgdGTcHL15Pyp/QoObqP7vfstrK8dI58MOFtA2NAqj Brm4Nq/lHbPacfmmHg/x11BSjqeXq8lZO8nd9M0p00xuxArzLrN+S9NJ1TEWpmEXYosn /hUwhzPNFyOsUI/pE6K9jxerHRyxSdDEm3dkZk/FnX6fknzFgi3B8R7OEvw3NdAB5IYD PcRkAQz4AFOee4Q5/61Zm3ha5SMfk9fzvoX8PkD1XGkSTIzuj1amVAyg0kKLa9I3vZGK hr7A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@pobox.com header.s=sasl header.b="M/xogNKD"; dkim=temperror (no key for signature) header.i=@fluxnic.net header.s=2016-12.pbsmtp header.b=g1zqEcF8; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id z28si9114028edm.123.2019.11.26.13.56.50; Tue, 26 Nov 2019 13:57:16 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@pobox.com header.s=sasl header.b="M/xogNKD"; dkim=temperror (no key for signature) header.i=@fluxnic.net header.s=2016-12.pbsmtp header.b=g1zqEcF8; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726199AbfKZVzg (ORCPT + 99 others); Tue, 26 Nov 2019 16:55:36 -0500 Received: from pb-smtp2.pobox.com ([64.147.108.71]:64681 "EHLO pb-smtp2.pobox.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726033AbfKZVzg (ORCPT ); Tue, 26 Nov 2019 16:55:36 -0500 Received: from pb-smtp2.pobox.com (unknown [127.0.0.1]) by pb-smtp2.pobox.com (Postfix) with ESMTP id 9C4513CCCE; Tue, 26 Nov 2019 16:55:33 -0500 (EST) (envelope-from nico@fluxnic.net) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=pobox.com; h=date:from:to :cc:subject:in-reply-to:message-id:references:mime-version :content-type; s=sasl; bh=P1UU6Z+LWUxmaHzDSzTQosS3wg8=; b=M/xogN KDFqkytSirUSXQfuw2+LwlAkeZIy/XXRvxrfdX5XXhC+xSFgr9sF7V19cxiP6ERj VIsAOwv0NN/r8WsAbchUWVf/YRwcEJgfmoatlv0ZzL6V+ubR2lC0PKqJKRRHPGws HXHkuT1ApftKsWCEoAMxNvjwkdxo6tz5g/juQ= Received: from pb-smtp2.nyi.icgroup.com (unknown [127.0.0.1]) by pb-smtp2.pobox.com (Postfix) with ESMTP id 910653CCCD; Tue, 26 Nov 2019 16:55:33 -0500 (EST) (envelope-from nico@fluxnic.net) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=fluxnic.net; h=date:from:to:cc:subject:in-reply-to:message-id:references:mime-version:content-type; s=2016-12.pbsmtp; bh=ow40iNd6Ls1JDoeg0ZPVyxjWAQ2J8KE2uekBNvGq++I=; b=g1zqEcF8icvo4by6C0az6szytmVtdbOxAsXZEpJYZtWgytRRWk50VwkEh2j9aABVWWbyk3JbKSICp/q2zFxrYB3KYS+j98eSgN2qFwOqP5HomgOpbI0axC/dWrz3sIU4H4QLCt4clGS9eNyysCrBaRNejpkj9y05JZ9JGUVQ7lA= Received: from yoda.home (unknown [24.203.50.76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by pb-smtp2.pobox.com (Postfix) with ESMTPSA id EEC583CCCC; Tue, 26 Nov 2019 16:55:32 -0500 (EST) (envelope-from nico@fluxnic.net) Received: from xanadu.home (xanadu.home [192.168.2.2]) by yoda.home (Postfix) with ESMTPSA id 24B992DA010B; Tue, 26 Nov 2019 16:55:32 -0500 (EST) Date: Tue, 26 Nov 2019 16:55:32 -0500 (EST) From: Nicolas Pitre To: Greg KH cc: Jiri Slaby , Or Cohen , textshell@uchuujin.de, Daniel Vetter , sam@ravnborg.org, mpatocka@redhat.com, ghalat@redhat.com, linux-kernel@vger.kernel.org, jwilk@jwilk.net, Nadav Markus , syzkaller@googlegroups.com Subject: Re: Bug report - slab-out-of-bounds in vcs_scr_readw In-Reply-To: Message-ID: References: <20191104152428.GA2252441@kroah.com> User-Agent: Alpine 2.21 (LFD 202 2017-01-01) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII X-Pobox-Relay-ID: 78243216-1097-11EA-8A1A-D1361DBA3BAF-78420484!pb-smtp2.pobox.com Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Greg, could you apply this please? On Tue, 5 Nov 2019, Nicolas Pitre wrote: > Subject: [PATCH] vcs: prevent write access to vcsu devices > > Commit d21b0be246bf ("vt: introduce unicode mode for /dev/vcs") guarded > against using devices containing attributes as this is not yet > implemented. It however failed to guard against writes to any devices > as this is also unimplemented. > > Signed-off-by: Nicolas Pitre > Cc: # v4.19+ > > diff --git a/drivers/tty/vt/vc_screen.c b/drivers/tty/vt/vc_screen.c > index fa07d79027..ef19b95b73 100644 > --- a/drivers/tty/vt/vc_screen.c > +++ b/drivers/tty/vt/vc_screen.c > @@ -456,6 +456,9 @@ vcs_write(struct file *file, const char __user *buf, size_t count, loff_t *ppos) > size_t ret; > char *con_buf; > > + if (use_unicode(inode)) > + return -EOPNOTSUPP; > + > con_buf = (char *) __get_free_page(GFP_KERNEL); > if (!con_buf) > return -ENOMEM; > >