# git rev-parse -q --verify ae3419fbac845b4d3f3a9fae4cc80c68d82cdf6e^{commit} ae3419fbac845b4d3f3a9fae4cc80c68d82cdf6e already have revision, skipping fetch # git checkout -q -f -B kisskb ae3419fbac845b4d3f3a9fae4cc80c68d82cdf6e # git clean -qxdf # < git log -1 # commit ae3419fbac845b4d3f3a9fae4cc80c68d82cdf6e # Author: Thomas Weißschuh # Date: Mon Feb 20 06:46:12 2023 +0000 # # vc_screen: don't clobber return value in vcs_read # # Commit 226fae124b2d ("vc_screen: move load of struct vc_data pointer in # vcs_read() to avoid UAF") moved the call to vcs_vc() into the loop. # # While doing this it also moved the unconditional assignment of # # ret = -ENXIO; # # This unconditional assignment was valid outside the loop but within it # it clobbers the actual value of ret. # # To avoid this only assign "ret = -ENXIO" when actually needed. # # [ Also, the 'goto unlock_out" needs to be just a "break", so that it # does the right thing when it exits on later iterations when partial # success has happened - Linus ] # # Reported-by: Storm Dragon # Link: https://lore.kernel.org/lkml/Y%2FKS6vdql2pIsCiI@hotmail.com/ # Fixes: 226fae124b2d ("vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF") # Signed-off-by: Thomas Weißschuh # Link: https://lore.kernel.org/lkml/64981d94-d00c-4b31-9063-43ad0a384bde@t-8ch.de/ # Signed-off-by: Linus Torvalds # < /opt/cross/kisskb/korg/gcc-11.3.0-nolibc/sh4-linux/bin/sh4-linux-gcc --version # < /opt/cross/kisskb/korg/gcc-11.3.0-nolibc/sh4-linux/bin/sh4-linux-ld --version # < git log --format=%s --max-count=1 ae3419fbac845b4d3f3a9fae4cc80c68d82cdf6e # < make -s -j 160 ARCH=sh O=/kisskb/build/linus_se7750_defconfig_sh4-gcc11 CROSS_COMPILE=/opt/cross/kisskb/korg/gcc-11.3.0-nolibc/sh4-linux/bin/sh4-linux- se7750_defconfig # < make -s -j 160 ARCH=sh O=/kisskb/build/linus_se7750_defconfig_sh4-gcc11 CROSS_COMPILE=/opt/cross/kisskb/korg/gcc-11.3.0-nolibc/sh4-linux/bin/sh4-linux- help # make -s -j 160 ARCH=sh O=/kisskb/build/linus_se7750_defconfig_sh4-gcc11 CROSS_COMPILE=/opt/cross/kisskb/korg/gcc-11.3.0-nolibc/sh4-linux/bin/sh4-linux- olddefconfig # make -s -j 160 ARCH=sh O=/kisskb/build/linus_se7750_defconfig_sh4-gcc11 CROSS_COMPILE=/opt/cross/kisskb/korg/gcc-11.3.0-nolibc/sh4-linux/bin/sh4-linux- Generating include/generated/machtypes.h :1517:2: warning: #warning syscall clone3 not implemented [-Wcpp] In file included from /kisskb/src/arch/sh/kernel/cpu/sh4/setup-sh7750.c:13: /kisskb/src/include/linux/sh_intc.h:100:63: warning: division 'sizeof (void *) / sizeof (void)' does not compute the number of array elements [-Wsizeof-pointer-div] 100 | #define _INTC_ARRAY(a) a, __same_type(a, NULL) ? 0 : sizeof(a)/sizeof(*a) | ^ /kisskb/src/include/linux/sh_intc.h:105:31: note: in expansion of macro '_INTC_ARRAY' 105 | _INTC_ARRAY(vectors), _INTC_ARRAY(groups), \ | ^~~~~~~~~~~ /kisskb/src/include/linux/sh_intc.h:124:15: note: in expansion of macro 'INTC_HW_DESC' 124 | .hw = INTC_HW_DESC(vectors, groups, mask_regs, \ | ^~~~~~~~~~~~ /kisskb/src/arch/sh/kernel/cpu/sh4/setup-sh7750.c:215:8: note: in expansion of macro 'DECLARE_INTC_DESC' 215 | static DECLARE_INTC_DESC(intc_desc, "sh7750", vectors, NULL, | ^~~~~~~~~~~~~~~~~ /kisskb/src/include/linux/sh_intc.h:100:63: warning: division 'sizeof (void *) / sizeof (void)' does not compute the number of array elements [-Wsizeof-pointer-div] 100 | #define _INTC_ARRAY(a) a, __same_type(a, NULL) ? 0 : sizeof(a)/sizeof(*a) | ^ /kisskb/src/include/linux/sh_intc.h:106:9: note: in expansion of macro '_INTC_ARRAY' 106 | _INTC_ARRAY(mask_regs), _INTC_ARRAY(prio_regs), \ | ^~~~~~~~~~~ /kisskb/src/include/linux/sh_intc.h:124:15: note: in expansion of macro 'INTC_HW_DESC' 124 | .hw = INTC_HW_DESC(vectors, groups, mask_regs, \ | ^~~~~~~~~~~~ /kisskb/src/arch/sh/kernel/cpu/sh4/setup-sh7750.c:215:8: note: in expansion of macro 'DECLARE_INTC_DESC' 215 | static DECLARE_INTC_DESC(intc_desc, "sh7750", vectors, NULL, | ^~~~~~~~~~~~~~~~~ /kisskb/src/include/linux/sh_intc.h:100:63: warning: division 'sizeof (void *) / sizeof (void)' does not compute the number of array elements [-Wsizeof-pointer-div] 100 | #define _INTC_ARRAY(a) a, __same_type(a, NULL) ? 0 : sizeof(a)/sizeof(*a) | ^ /kisskb/src/include/linux/sh_intc.h:107:9: note: in expansion of macro '_INTC_ARRAY' 107 | _INTC_ARRAY(sense_regs), _INTC_ARRAY(ack_regs), \ | ^~~~~~~~~~~ /kisskb/src/include/linux/sh_intc.h:124:15: note: in expansion of macro 'INTC_HW_DESC' 124 | .hw = INTC_HW_DESC(vectors, groups, mask_regs, \ | ^~~~~~~~~~~~ /kisskb/src/arch/sh/kernel/cpu/sh4/setup-sh7750.c:215:8: note: in expansion of macro 'DECLARE_INTC_DESC' 215 | static DECLARE_INTC_DESC(intc_desc, "sh7750", vectors, NULL, | ^~~~~~~~~~~~~~~~~ /kisskb/src/include/linux/sh_intc.h:100:63: warning: division 'sizeof (void *) / sizeof (void)' does not compute the number of array elements [-Wsizeof-pointer-div] 100 | #define _INTC_ARRAY(a) a, __same_type(a, NULL) ? 0 : sizeof(a)/sizeof(*a) | ^ /kisskb/src/include/linux/sh_intc.h:107:34: note: in expansion of macro '_INTC_ARRAY' 107 | _INTC_ARRAY(sense_regs), _INTC_ARRAY(ack_regs), \ | ^~~~~~~~~~~ /kisskb/src/include/linux/sh_intc.h:124:15: note: in expansion of macro 'INTC_HW_DESC' 124 | .hw = INTC_HW_DESC(vectors, groups, mask_regs, \ | ^~~~~~~~~~~~ /kisskb/src/arch/sh/kernel/cpu/sh4/setup-sh7750.c:215:8: note: in expansion of macro 'DECLARE_INTC_DESC' 215 | static DECLARE_INTC_DESC(intc_desc, "sh7750", vectors, NULL, | ^~~~~~~~~~~~~~~~~ /kisskb/src/include/linux/sh_intc.h:100:63: warning: division 'sizeof (void *) / sizeof (void)' does not compute the number of array elements [-Wsizeof-pointer-div] 100 | #define _INTC_ARRAY(a) a, __same_type(a, NULL) ? 0 : sizeof(a)/sizeof(*a) | ^ /kisskb/src/include/linux/sh_intc.h:105:31: note: in expansion of macro '_INTC_ARRAY' 105 | _INTC_ARRAY(vectors), _INTC_ARRAY(groups), \ | ^~~~~~~~~~~ /kisskb/src/include/linux/sh_intc.h:124:15: note: in expansion of macro 'INTC_HW_DESC' 124 | .hw = INTC_HW_DESC(vectors, groups, mask_regs, \ | ^~~~~~~~~~~~ /kisskb/src/arch/sh/kernel/cpu/sh4/setup-sh7750.c:229:8: note: in expansion of macro 'DECLARE_INTC_DESC' 229 | static DECLARE_INTC_DESC(intc_desc_dma4, "sh7750_dma4", | ^~~~~~~~~~~~~~~~~ /kisskb/src/include/linux/sh_intc.h:100:63: warning: division 'sizeof (void *) / sizeof (void)' does not compute the number of array elements [-Wsizeof-pointer-div] 100 | #define _INTC_ARRAY(a) a, __same_type(a, NULL) ? 0 : sizeof(a)/sizeof(*a) | ^ /kisskb/src/include/linux/sh_intc.h:106:9: note: in expansion of macro '_INTC_ARRAY' 106 | _INTC_ARRAY(mask_regs), _INTC_ARRAY(prio_regs), \ | ^~~~~~~~~~~ /kisskb/src/include/linux/sh_intc.h:124:15: note: in expansion of macro 'INTC_HW_DESC' 124 | .hw = INTC_HW_DESC(vectors, groups, mask_regs, \ | ^~~~~~~~~~~~ /kisskb/src/arch/sh/kernel/cpu/sh4/setup-sh7750.c:229:8: note: in expansion of macro 'DECLARE_INTC_DESC' 229 | static DECLARE_INTC_DESC(intc_desc_dma4, "sh7750_dma4", | ^~~~~~~~~~~~~~~~~ /kisskb/src/include/linux/sh_intc.h:100:63: warning: division 'sizeof (void *) / sizeof (void)' does not compute the number of array elements [-Wsizeof-pointer-div] 100 | #define _INTC_ARRAY(a) a, __same_type(a, NULL) ? 0 : sizeof(a)/sizeof(*a) | ^ /kisskb/src/include/linux/sh_intc.h:107:9: note: in expansion of macro '_INTC_ARRAY' 107 | _INTC_ARRAY(sense_regs), _INTC_ARRAY(ack_regs), \ | ^~~~~~~~~~~ /kisskb/src/include/linux/sh_intc.h:124:15: note: in expansion of macro 'INTC_HW_DESC' 124 | .hw = INTC_HW_DESC(vectors, groups, mask_regs, \ | ^~~~~~~~~~~~ /kisskb/src/arch/sh/kernel/cpu/sh4/setup-sh7750.c:229:8: note: in expansion of macro 'DECLARE_INTC_DESC' 229 | static DECLARE_INTC_DESC(intc_desc_dma4, "sh7750_dma4", | ^~~~~~~~~~~~~~~~~ /kisskb/src/include/linux/sh_intc.h:100:63: warning: division 'sizeof (void *) / sizeof (void)' does not compute the number of array elements [-Wsizeof-pointer-div] 100 | #define _INTC_ARRAY(a) a, __same_type(a, NULL) ? 0 : sizeof(a)/sizeof(*a) | ^ /kisskb/src/include/linux/sh_intc.h:107:34: note: in expansion of macro '_INTC_ARRAY' 107 | _INTC_ARRAY(sense_regs), _INTC_ARRAY(ack_regs), \ | ^~~~~~~~~~~ /kisskb/src/include/linux/sh_intc.h:124:15: note: in expansion of macro 'INTC_HW_DESC' 124 | .hw = INTC_HW_DESC(vectors, groups, mask_regs, \ | ^~~~~~~~~~~~ /kisskb/src/arch/sh/kernel/cpu/sh4/setup-sh7750.c:229:8: note: in expansion of macro 'DECLARE_INTC_DESC' 229 | static DECLARE_INTC_DESC(intc_desc_dma4, "sh7750_dma4", | ^~~~~~~~~~~~~~~~~ /kisskb/src/include/linux/sh_intc.h:100:63: warning: division 'sizeof (void *) / sizeof (void)' does not compute the number of array elements [-Wsizeof-pointer-div] 100 | #define _INTC_ARRAY(a) a, __same_type(a, NULL) ? 0 : sizeof(a)/sizeof(*a) | ^ /kisskb/src/include/linux/sh_intc.h:105:31: note: in expansion of macro '_INTC_ARRAY' 105 | _INTC_ARRAY(vectors), _INTC_ARRAY(groups), \ | ^~~~~~~~~~~ /kisskb/src/include/linux/sh_intc.h:124:15: note: in expansion of macro 'INTC_HW_DESC' 124 | .hw = INTC_HW_DESC(vectors, groups, mask_regs, \ | ^~~~~~~~~~~~ /kisskb/src/arch/sh/kernel/cpu/sh4/setup-sh7750.c:277:8: note: in expansion of macro 'DECLARE_INTC_DESC' 277 | static DECLARE_INTC_DESC(intc_desc_irlm, "sh7750_irlm", vectors_irlm, NULL, | ^~~~~~~~~~~~~~~~~ /kisskb/src/include/linux/sh_intc.h:100:63: warning: division 'sizeof (void *) / sizeof (void)' does not compute the number of array elements [-Wsizeof-pointer-div] 100 | #define _INTC_ARRAY(a) a, __same_type(a, NULL) ? 0 : sizeof(a)/sizeof(*a) | ^ /kisskb/src/include/linux/sh_intc.h:106:9: note: in expansion of macro '_INTC_ARRAY' 106 | _INTC_ARRAY(mask_regs), _INTC_ARRAY(prio_regs), \ | ^~~~~~~~~~~ /kisskb/src/include/linux/sh_intc.h:124:15: note: in expansion of macro 'INTC_HW_DESC' 124 | .hw = INTC_HW_DESC(vectors, groups, mask_regs, \ | ^~~~~~~~~~~~ /kisskb/src/arch/sh/kernel/cpu/sh4/setup-sh7750.c:277:8: note: in expansion of macro 'DECLARE_INTC_DESC' 277 | static DECLARE_INTC_DESC(intc_desc_irlm, "sh7750_irlm", vectors_irlm, NULL, | ^~~~~~~~~~~~~~~~~ /kisskb/src/include/linux/sh_intc.h:100:63: warning: division 'sizeof (void *) / sizeof (void)' does not compute the number of array elements [-Wsizeof-pointer-div] 100 | #define _INTC_ARRAY(a) a, __same_type(a, NULL) ? 0 : sizeof(a)/sizeof(*a) | ^ /kisskb/src/include/linux/sh_intc.h:107:9: note: in expansion of macro '_INTC_ARRAY' 107 | _INTC_ARRAY(sense_regs), _INTC_ARRAY(ack_regs), \ | ^~~~~~~~~~~ /kisskb/src/include/linux/sh_intc.h:124:15: note: in expansion of macro 'INTC_HW_DESC' 124 | .hw = INTC_HW_DESC(vectors, groups, mask_regs, \ | ^~~~~~~~~~~~ /kisskb/src/arch/sh/kernel/cpu/sh4/setup-sh7750.c:277:8: note: in expansion of macro 'DECLARE_INTC_DESC' 277 | static DECLARE_INTC_DESC(intc_desc_irlm, "sh7750_irlm", vectors_irlm, NULL, | ^~~~~~~~~~~~~~~~~ /kisskb/src/include/linux/sh_intc.h:100:63: warning: division 'sizeof (void *) / sizeof (void)' does not compute the number of array elements [-Wsizeof-pointer-div] 100 | #define _INTC_ARRAY(a) a, __same_type(a, NULL) ? 0 : sizeof(a)/sizeof(*a) | ^ /kisskb/src/include/linux/sh_intc.h:107:34: note: in expansion of macro '_INTC_ARRAY' 107 | _INTC_ARRAY(sense_regs), _INTC_ARRAY(ack_regs), \ | ^~~~~~~~~~~ /kisskb/src/include/linux/sh_intc.h:124:15: note: in expansion of macro 'INTC_HW_DESC' 124 | .hw = INTC_HW_DESC(vectors, groups, mask_regs, \ | ^~~~~~~~~~~~ /kisskb/src/arch/sh/kernel/cpu/sh4/setup-sh7750.c:277:8: note: in expansion of macro 'DECLARE_INTC_DESC' 277 | static DECLARE_INTC_DESC(intc_desc_irlm, "sh7750_irlm", vectors_irlm, NULL, | ^~~~~~~~~~~~~~~~~ Kernel: arch/sh/boot/zImage is ready Completed OK # rm -rf /kisskb/build/linus_se7750_defconfig_sh4-gcc11 # Build took: 0:00:31.411523