Greg Kroah-Hartman gregkh@linuxfoundation.org wrote:
This is the start of the stable review cycle for the 6.12.58 release. There are 565 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know.
[SNIP]
Zizhi Wo wozizhi@huaweicloud.com tty/vt: Add missing return value for VT_RESIZE in vt_ioctl()
Locking seems to be messed up in backport of above mentioned patch.
That patch is viewable here: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git/c...
Upstream uses guard() locking: | case VT_RESIZE: | { | .... | guard(console_lock)(); | ^^^^^^^^^^^^^^^^^^^^^-------this generates auto-unlock code | .... | ret = __vc_resize(vc_cons[i].d, cc, ll, true); | if (ret) | return ret; | ^^^^^^^^^^----------this releases console lock | .... | break; | }
Older stable branches use old-school locking: | case VT_RESIZE: | { | .... | console_lock(); | .... | ret = __vc_resize(vc_cons[i].d, cc, ll, true); | if (ret) | return ret; | ^^^^^^^^^^----------this does not release console lock | .... | console_unlock(); | break; | }
Backporting upstream fixes that use guard() locking to older stable branches that use old-school locking need "extra sports".
Please consider dropping or fixing above mentioned patch.
-- Jari Ruusu 4096R/8132F189 12D6 4C3A DCDA 0AA4 27BD ACDF F073 3C80 8132 F189
On Tue, Nov 11, 2025 at 06:38:21AM +0000, Jari Ruusu wrote:
Greg Kroah-Hartman gregkh@linuxfoundation.org wrote:
This is the start of the stable review cycle for the 6.12.58 release. There are 565 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know.
[SNIP]
Zizhi Wo wozizhi@huaweicloud.com tty/vt: Add missing return value for VT_RESIZE in vt_ioctl()
Locking seems to be messed up in backport of above mentioned patch. That patch is viewable here: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git/c...
Upstream uses guard() locking: | case VT_RESIZE: | { | .... | guard(console_lock)(); | ^^^^^^^^^^^^^^^^^^^^^-------this generates auto-unlock code | .... | ret = __vc_resize(vc_cons[i].d, cc, ll, true); | if (ret) | return ret; | ^^^^^^^^^^----------this releases console lock | .... | break; | } Older stable branches use old-school locking: | case VT_RESIZE: | { | .... | console_lock(); | .... | ret = __vc_resize(vc_cons[i].d, cc, ll, true); | if (ret) | return ret; | ^^^^^^^^^^----------this does not release console lock | .... | console_unlock(); | break; | } Backporting upstream fixes that use guard() locking to older stable branches that use old-school locking need "extra sports". Please consider dropping or fixing above mentioned patch.
Can you provide a fixed up patch?
thanks,
greg k-h
On Friday, November 21st, 2025 at 11:36, Greg Kroah-Hartman gregkh@linuxfoundation.org wrote:
On Tue, Nov 11, 2025 at 06:38:21AM +0000, Jari Ruusu wrote:
Backporting upstream fixes that use guard() locking to older stable branches that use old-school locking need "extra sports".
Please consider dropping or fixing above mentioned patch.
Can you provide a fixed up patch?
Below is small test program to poke /dev/console using ioctl(VT_RESIZE) with deliberately bad parameters that should trigger failed return status. Opening /dev/console needs appropriate privileges.
#include <stdio.h> #include <stdlib.h> #include <fcntl.h> #include <unistd.h> #include <linux/vt.h> #include <sys/ioctl.h> int main(int argc, char **argv) { int f, x, r; struct vt_sizes s = { 40000, 40000, 0 }; if((f = open("/dev/console", O_RDONLY)) < 0) { printf("open() failed\n"); exit(1); } for(x = 1; x <= 3; x++) { printf("Starting ioctl(VT_RESIZE), try %d\n", x); r = ioctl(f, VT_RESIZE, &s); printf(" got status %d (expected -1)\n", r); } close(f); exit(0); }
On kernels that return proper failed status, it plays like this:
| Starting ioctl(VT_RESIZE), try 1 | got status -1 (expected -1) | Starting ioctl(VT_RESIZE), try 2 | got status -1 (expected -1) | Starting ioctl(VT_RESIZE), try 3 | got status -1 (expected -1)
On kernels that return "incorrect success" status, it plays like this:
| Starting ioctl(VT_RESIZE), try 1 | got status 0 (expected -1) | Starting ioctl(VT_RESIZE), try 2 | got status 0 (expected -1) | Starting ioctl(VT_RESIZE), try 3 | got status 0 (expected -1)
On kernels that return proper failed status but with messed up console locking in error handling code path, it locks up like this:
| Starting ioctl(VT_RESIZE), try 1 | got status -1 (expected -1) | Starting ioctl(VT_RESIZE), try 2
After that, the console is FUBAR.
Below is a patch for 6.12.58+ and 6.17.8+ stable branches only. Upstream does not need this. Signed-off-by: Jari Ruusu jariruusu@protonmail.com Fixes: da7e8b382396 ("tty/vt: Add missing return value for VT_RESIZE in vt_ioctl()")
--- a/drivers/tty/vt/vt_ioctl.c +++ b/drivers/tty/vt/vt_ioctl.c @@ -924,8 +924,10 @@ if (vc) { /* FIXME: review v tty lock */ ret = __vc_resize(vc_cons[i].d, cc, ll, true); - if (ret) + if (ret) { + console_unlock(); return ret; + } } } console_unlock();
-- Jari Ruusu 4096R/8132F189 12D6 4C3A DCDA 0AA4 27BD ACDF F073 3C80 8132 F189
linux-stable-mirror@lists.linaro.org
-
Greg Kroah-Hartman -
Jari Ruusu