[PATCH v2] tty: vt: always invoke vc->vc_sw->con_resize callback
From: Tetsuo Handa
Date: Sat May 15 2021 - 03:44:02 EST
On 2021/05/15 1:19, Tetsuo Handa wrote:
> Even if it turns out to be safe to always call this
> callback, we will need to involve another callback via "struct fb_ops" for
> checking the upper limits from fbcon_resize(). As a result, we will need
> to modify
>
> drivers/tty/vt/vt.c
> drivers/video/fbdev/core/fbcon.c
> drivers/video/fbdev/vga16fb.c
> include/linux/fb.h
>
> files only for checking rows/columns values passed to ioctl(VT_RESIZE)
> request.
I was by error assuming that fbcon_resize() cannot reject bogus rows/columns
and thus we need to add another callback via "struct fb_ops" for that purpose.
But fbcon_resize() does reject bogus rows/columns; it was simply because
resize_screen() did not call fbcon_resize() if vc->vc_mode == KD_GRAPHICS.
Thus, removing vc->vc_mode check alone is sufficient.
On 2021/05/15 6:10, Linus Torvalds wrote:
> So I think just removing the "vc->vc_mode != KD_GRAPHICS" test from
> resize_screen() might be the way to go. That way, the low-level data
> structures actually are in sync with the resize, and the "out of
> bounds" bug should never happen.
>
> Would you mind testing that?
OK. Your suggested changes passed the test by me and by syzbot.