On Wed, 8 Jun 2022, Jiri Slaby wrote: > On 07. 06. 22, 16:19, Ilpo Järvinen wrote: > > On Tue, 7 Jun 2022, Jiri Slaby wrote: > > > > > Only the return value of copy_to_user() is checked in con_get_unimap(). > > > Do the same for put_user() of the count too. > > > > > > Signed-off-by: Jiri Slaby <jslaby@xxxxxxx> > > > --- > > > drivers/tty/vt/consolemap.c | 3 ++- > > > 1 file changed, 2 insertions(+), 1 deletion(-) > > > > > > diff --git a/drivers/tty/vt/consolemap.c b/drivers/tty/vt/consolemap.c > > > index 831450f2bfd1..92b5dddb00d9 100644 > > > --- a/drivers/tty/vt/consolemap.c > > > +++ b/drivers/tty/vt/consolemap.c > > > @@ -813,7 +813,8 @@ int con_get_unimap(struct vc_data *vc, ushort ct, > > > ushort __user *uct, > > > console_unlock(); > > > if (copy_to_user(list, unilist, min(ect, ct) * sizeof(*unilist))) > > > ret = -EFAULT; > > > - put_user(ect, uct); > > > + if (put_user(ect, uct)) > > > + ret = -EFAULT; > > > kvfree(unilist); > > > return ret ? ret : (ect <= ct) ? 0 : -ENOMEM; > > > } > > > > > > > Doesn't this fix something? > > If you mean a Fixes tag, this is pre-git. > > If you mean a bug, well, likely yes, users now get informed. But I don't think > anyone cares ;). Yes, I meant Fixes tag but I guess it's not important. > But who knows, maybe we will start seeing userspace failures > now (as they might not provide writable count field -- unlikely). That's one > of the reasons why I did this as a separate commit. Let's see if are going to > revert this or not... Ok. -- i.
