lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <1675774098-17722-1-git-send-email-george.kennedy@oracle.com>
Date:   Tue,  7 Feb 2023 07:48:18 -0500
From:   George Kennedy <george.kennedy@...cle.com>
To:     gregkh@...uxfoundation.org, jslaby@...e.cz,
        torvalds@...ux-foundation.org
Cc:     george.kennedy@...cle.com, sfr@...b.auug.org.au,
        akpm@...ux-foundation.org, linux-kernel@...r.kernel.org,
        linux-serial@...r.kernel.org
Subject: [PATCH v2] vc_screen: break from vcs_read() while loop if vcs_vc() returns NULL

If vcs_vc() returns NULL in vcs_read(), break from while loop if partial
read, else if no reads have been done, go to unlock_out and return -ENXIO.
In addition, change the goto unlock_out after vcs_size() to a break
to conform to the break handling after vcs_vc().

Fixes: ac751efa6a0d ("console: rename acquire/release_console_sem() to console_lock/unlock()")
Reported-by: Linus Torvalds <torvalds@...ux-foundation.org>
Suggested-by: Linus Torvalds <torvalds@...ux-foundation.org>
Signed-off-by: George Kennedy <george.kennedy@...cle.com>
---
 drivers/tty/vt/vc_screen.c | 14 ++++++--------
 1 file changed, 6 insertions(+), 8 deletions(-)

diff --git a/drivers/tty/vt/vc_screen.c b/drivers/tty/vt/vc_screen.c
index f566eb1839dc..c599b452969f 100644
--- a/drivers/tty/vt/vc_screen.c
+++ b/drivers/tty/vt/vc_screen.c
@@ -406,19 +406,17 @@ vcs_read(struct file *file, char __user *buf, size_t count, loff_t *ppos)
 		ret = -ENXIO;
 		vc = vcs_vc(inode, &viewed);
 		if (!vc)
-			goto unlock_out;
+			break;
 
 		/* Check whether we are above size each round,
 		 * as copy_to_user at the end of this loop
 		 * could sleep.
 		 */
-		size = vcs_size(vc, attr, uni_mode);
-		if (size < 0) {
-			if (read)
-				break;
-			ret = size;
-			goto unlock_out;
-		}
+		ret = vcs_size(vc, attr, uni_mode);
+		if (ret < 0)
+			break;
+		size = ret;
+		ret = 0;
 		if (pos >= size)
 			break;
 		if (count > size - pos)
-- 
2.31.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ