From: Jiri Slaby (SUSE) <jirislaby@kernel.org>
Date: Mon, 22 Jan 2024 11:03:20 +0000 (+0100)
Subject: tty: vt: push console lock from tioclinux() down to 2 functions
X-Git-Url: http://git.maquefel.me/?a=commitdiff_plain;h=d321cd13f6dca3c1b0e9e9735901fb5eee7a501c;p=linux.git

tty: vt: push console lock from tioclinux() down to 2 functions

Avoid costly user copies under the console lock. So push the lock down
from tioclinux() to sel_loadlut() and set_vesa_blanking().

It is now obvious what is actually protected.

Signed-off-by: "Jiri Slaby (SUSE)" <jirislaby@kernel.org>
Tested-by: Helge Deller <deller@gmx.de> # parisc STI console
Link: https://lore.kernel.org/r/20240122110401.7289-7-jirislaby@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---

diff --git a/drivers/tty/vt/selection.c b/drivers/tty/vt/selection.c
index e172ede235a09..91d789c025c6c 100644
--- a/drivers/tty/vt/selection.c
+++ b/drivers/tty/vt/selection.c
@@ -113,15 +113,22 @@ static inline int inword(const u32 c)
  *	sel_loadlut()		-	load the LUT table
  *	@lut: user table
  *
- *	Load the LUT table from user space. The caller must hold the console
- *	lock. Make a temporary copy so a partial update doesn't make a mess.
+ *	Load the LUT table from user space. Make a temporary copy so a partial
+ *	update doesn't make a mess.
+ *
+ *	Locking: The console lock is acquired.
  */
 int sel_loadlut(u32 __user *lut)
 {
 	u32 tmplut[ARRAY_SIZE(inwordLut)];
+
 	if (copy_from_user(tmplut, lut, sizeof(inwordLut)))
 		return -EFAULT;
+
+	console_lock();
 	memcpy(inwordLut, tmplut, sizeof(inwordLut));
+	console_unlock();
+
 	return 0;
 }
 
diff --git a/drivers/tty/vt/vt.c b/drivers/tty/vt/vt.c
index 079dbff562fd2..3a6f60ad2224c 100644
--- a/drivers/tty/vt/vt.c
+++ b/drivers/tty/vt/vt.c
@@ -3162,10 +3162,7 @@ int tioclinux(struct tty_struct *tty, unsigned long arg)
 	case TIOCL_SELLOADLUT:
 		if (!capable(CAP_SYS_ADMIN))
 			return -EPERM;
-		console_lock();
-		ret = sel_loadlut(param_aligned32);
-		console_unlock();
-		break;
+		return sel_loadlut(param_aligned32);
 	case TIOCL_GETSHIFTSTATE:
 		/*
 		 * Make it possible to react to Shift+Mousebutton. Note that
@@ -3181,10 +3178,7 @@ int tioclinux(struct tty_struct *tty, unsigned long arg)
 		console_unlock();
 		return put_user(data, p);
 	case TIOCL_SETVESABLANK:
-		console_lock();
-		ret = set_vesa_blanking(param);
-		console_unlock();
-		break;
+		return set_vesa_blanking(param);
 	case TIOCL_GETKMSGREDIRECT:
 		data = vt_get_kmsg_redirect();
 		return put_user(data, p);
@@ -4270,7 +4264,10 @@ static int set_vesa_blanking(u8 __user *mode_user)
 	if (get_user(mode, mode_user))
 		return -EFAULT;
 
+	console_lock();
 	vesa_blank_mode = (mode < 4) ? mode : 0;
+	console_unlock();
+
 	return 0;
 }