Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0F4B8C7EE23 for ; Mon, 27 Feb 2023 14:20:24 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229938AbjB0OUV (ORCPT ); Mon, 27 Feb 2023 09:20:21 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34476 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229451AbjB0OUR (ORCPT ); Mon, 27 Feb 2023 09:20:17 -0500 Received: from wp530.webpack.hosteurope.de (wp530.webpack.hosteurope.de [80.237.130.52]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 26B40A279; Mon, 27 Feb 2023 06:20:16 -0800 (PST) Received: from [2a02:8108:8980:2478:8cde:aa2c:f324:937e]; authenticated by wp530.webpack.hosteurope.de running ExIM with esmtpsa (TLS1.3:ECDHE_RSA_AES_128_GCM_SHA256:128) id 1pWeMP-0000G7-Jo; Mon, 27 Feb 2023 15:20:13 +0100 Message-ID: <9e297f30-dc8c-ecac-f7a6-348ddbd4b928@leemhuis.info> Date: Mon, 27 Feb 2023 15:20:13 +0100 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.8.0 Reply-To: Linux regressions mailing list Subject: Re: [PATCH] vc_screen: don't clobber return value in vcs_read Content-Language: en-US, de-DE To: George Kennedy Cc: =?UTF-8?Q?Thomas_Wei=c3=9fschuh?= , Jiri Slaby , linux-kernel@vger.kernel.org, Randy Dunlap , Storm Dragon , Linus Torvalds , sfr@canb.auug.org.au, akpm@linux-foundation.org, linux-serial@vger.kernel.org, Greg Kroah-Hartman , Linux kernel regressions list References: <20230220064612.1783-1-linux@weissschuh.net> <2094ecec-f63c-4e8a-ba97-da77c5266da1@t-8ch.de> <2941c2b9-5fa5-e25c-dcd0-ab9c9c0f143e@oracle.com> From: "Linux regression tracking (Thorsten Leemhuis)" In-Reply-To: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-bounce-key: webpack.hosteurope.de;regressions@leemhuis.info;1677507616;f5fad1b9; X-HE-SMSGID: 1pWeMP-0000G7-Jo Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi, this is your Linux kernel regression tracker. Top-posting for once, to make this easily accessible to everyone. George, is there anything we can do to help you moving forward to finally get this regression fixed? It seems (or am I missing something?) everyone is waiting for you (see below) to act on the feedback Jiri provided here: https://lore.kernel.org/lkml/8dffe187-240d-746e-ed84-885ffd2785f6@kernel.org/ Side note: would be good to add a "Link:" tag pointing to the start of this thread as well, but that's just a detail. Ciao, Thorsten (wearing his 'the Linux kernel's regression tracker' hat) -- Everything you wanna know about Linux kernel regression tracking: https://linux-regtracking.leemhuis.info/about/#tldr If I did something stupid, please tell me, as explained on that page. On 21.02.23 14:50, Greg Kroah-Hartman wrote: > On Tue, Feb 21, 2023 at 08:30:11AM -0500, George Kennedy wrote: >> On 2/20/2023 11:34 AM, Thomas Weißschuh wrote: >>> +Cc people who were involved in the original thread. >>> >>> On Mon, Feb 20, 2023 at 12:48:59PM +0100, Jiri Slaby wrote: >>>> On 20. 02. 23, 7:46, linux@weissschuh.net wrote: >>>>> From: Thomas Weißschuh >>>>> >>>>> Commit 226fae124b2d >>>>> ("vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF") >>>>> moved the call to vcs_vc() into the loop. >>>>> While doing this it also moved the unconditional assignment of >>>>> "ret = -ENXIO". >>>>> This unconditional assignment was valid outside the loop but within it >>>>> it clobbers the actual value of ret. >>>>> >>>>> To avoid this only assign "ret = -ENXIO" when actually needed. >>>> Not sure -- I cannot find it -- but hasn't George fixed this yet? >>> Indeed there was a proposed fix at >>> https://lore.kernel.org/lkml/1675704844-17228-1-git-send-email-george.kennedy@oracle.com/ >>> >>> Linus had some suggestions so it was not applied as is. >>> >>> I'm not sure what the current state is. >>> George, do you have something in the pipeline? >> >> Yes, that is in the pipeline: >> https://lore.kernel.org/lkml/1675774098-17722-1-git-send-email-george.kennedy@oracle.com/ >> >> Linus suggested the fix, which was tested and submitted. >> >> Jiri commented on the patch, which I believe was directed at Linus as he >> suggested the fix. > > And I was waiting for a new version from you based on those comments :( > > Can you fix that up and send? > > thanks, > > greg k-h #regzbot monitor: https://lore.kernel.org/lkml/1675774098-17722-1-git-send-email-george.kennedy@oracle.com/ #regzbot poke