Loading
vc_screen: don't clobber return value in vcs_read
stable inclusion from stable-v4.19.275 commit e534b1ce31679ad447aa07690b5c327c767a6020 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IBWVWQ CVE: CVE-2023-52973 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=e534b1ce31679ad447aa07690b5c327c767a6020 -------------------------------- commit ae3419fb upstream. Commit 226fae12 ("vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF") moved the call to vcs_vc() into the loop. While doing this it also moved the unconditional assignment of ret = -ENXIO; This unconditional assignment was valid outside the loop but within it it clobbers the actual value of ret. To avoid this only assign "ret = -ENXIO" when actually needed. [ Also, the 'goto unlock_out" needs to be just a "break", so that it does the right thing when it exits on later iterations when partial success has happened - Linus ] Reported-by:Storm Dragon <stormdragon2976@gmail.com> Link: https://lore.kernel.org/lkml/Y%2FKS6vdql2pIsCiI@hotmail.com/ Fixes: 226fae12 ("vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF") Signed-off-by: