linux.git/drivers/tty/vt, branch v6.18.22 Clone of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git vt: resize saved unicode buffer on alt screen exit after resize 2026-04-11T12:26:46+00:00 Nicolas Pitre nico@fluxnic.net 2026-03-28T03:09:47+00:00 bbb6c37c7a483c912ff0221ee92eaa9ca687b045 commit 3ddbea7542ae529c1a88ef9a8b1ce169126211f6 upstream. Instead of discarding the saved unicode buffer when the console was resized while in the alternate screen, resize it to the current dimensions using vc_uniscr_copy_area() to preserve its content. This properly restores the unicode screen on alt screen exit rather than lazily rebuilding it from a lossy reverse glyph translation. On allocation failure the stale buffer is freed and vc_uni_lines is set to NULL so it gets lazily rebuilt via vc_uniscr_check() when next needed. Fixes: 40014493cece ("vt: discard stale unicode buffer on alt screen exit after resize") Cc: stable <stable@kernel.org> Signed-off-by: Nicolas Pitre <nico@fluxnic.net> Link: https://patch.msgid.link/3nsr334n-079q-125n-7807-n4nq818758ns@syhkavp.arg Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 
commit 3ddbea7542ae529c1a88ef9a8b1ce169126211f6 upstream.

Instead of discarding the saved unicode buffer when the console was
resized while in the alternate screen, resize it to the current
dimensions using vc_uniscr_copy_area() to preserve its content. This
properly restores the unicode screen on alt screen exit rather than
lazily rebuilding it from a lossy reverse glyph translation.

On allocation failure the stale buffer is freed and vc_uni_lines is
set to NULL so it gets lazily rebuilt via vc_uniscr_check() when next
needed.

Fixes: 40014493cece ("vt: discard stale unicode buffer on alt screen exit after resize")
Cc: stable <stable@kernel.org>
Signed-off-by: Nicolas Pitre <nico@fluxnic.net>
Link: https://patch.msgid.link/3nsr334n-079q-125n-7807-n4nq818758ns@syhkavp.arg
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
vt: discard stale unicode buffer on alt screen exit after resize 2026-04-11T12:26:45+00:00 Liav Mordouch liavmordouch@gmail.com 2026-03-27T17:02:04+00:00 891d790fdb5c96c6e1d2841e06ee6c360f2d1288 commit 40014493cece72a0be5672cd86763e53fb3ec613 upstream. When enter_alt_screen() saves vc_uni_lines into vc_saved_uni_lines and sets vc_uni_lines to NULL, a subsequent console resize via vc_do_resize() skips reallocating the unicode buffer because vc_uni_lines is NULL. However, vc_saved_uni_lines still points to the old buffer allocated for the original dimensions. When leave_alt_screen() later restores vc_saved_uni_lines, the buffer dimensions no longer match vc_rows/vc_cols. Any operation that iterates over the unicode buffer using the current dimensions (e.g. csi_J clearing the screen) will access memory out of bounds, causing a kernel oops: BUG: unable to handle page fault for address: 0x0000002000000020 RIP: 0010:csi_J+0x133/0x2d0 The faulting address 0x0000002000000020 is two adjacent u32 space characters (0x20) interpreted as a pointer, read from the row data area past the end of the 25-entry pointer array in a buffer allocated for 80x25 but accessed with 240x67 dimensions. Fix this by checking whether the console dimensions changed while in the alternate screen. If they did, free the stale saved buffer instead of restoring it. The unicode screen will be lazily rebuilt via vc_uniscr_check() when next needed. Fixes: 5eb608319bb5 ("vt: save/restore unicode screen buffer for alternate screen") Cc: stable <stable@kernel.org> Tested-by: Liav Mordouch <liavmordouch@gmail.com> Signed-off-by: Liav Mordouch <liavmordouch@gmail.com> Reviewed-by: Nicolas Pitre <nico@fluxnic.net> Link: https://patch.msgid.link/20260327170204.29706-1-liavmordouch@gmail.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 
commit 40014493cece72a0be5672cd86763e53fb3ec613 upstream.

When enter_alt_screen() saves vc_uni_lines into vc_saved_uni_lines and
sets vc_uni_lines to NULL, a subsequent console resize via vc_do_resize()
skips reallocating the unicode buffer because vc_uni_lines is NULL.
However, vc_saved_uni_lines still points to the old buffer allocated for
the original dimensions.

When leave_alt_screen() later restores vc_saved_uni_lines, the buffer
dimensions no longer match vc_rows/vc_cols. Any operation that iterates
over the unicode buffer using the current dimensions (e.g. csi_J clearing
the screen) will access memory out of bounds, causing a kernel oops:

  BUG: unable to handle page fault for address: 0x0000002000000020
  RIP: 0010:csi_J+0x133/0x2d0

The faulting address 0x0000002000000020 is two adjacent u32 space
characters (0x20) interpreted as a pointer, read from the row data area
past the end of the 25-entry pointer array in a buffer allocated for
80x25 but accessed with 240x67 dimensions.

Fix this by checking whether the console dimensions changed while in the
alternate screen. If they did, free the stale saved buffer instead of
restoring it. The unicode screen will be lazily rebuilt via
vc_uniscr_check() when next needed.

Fixes: 5eb608319bb5 ("vt: save/restore unicode screen buffer for alternate screen")
Cc: stable <stable@kernel.org>
Tested-by: Liav Mordouch <liavmordouch@gmail.com>
Signed-off-by: Liav Mordouch <liavmordouch@gmail.com>
Reviewed-by: Nicolas Pitre <nico@fluxnic.net>
Link: https://patch.msgid.link/20260327170204.29706-1-liavmordouch@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
vt: save/restore unicode screen buffer for alternate screen 2026-03-25T10:10:35+00:00 Nicolas Pitre npitre@baylibre.com 2026-01-27T22:56:01+00:00 c4efef65a46f610418a3f69149c51492d31c8591 commit 5eb608319bb56464674a71b4a66ea65c6c435d64 upstream. The alternate screen support added by commit 23743ba64709 ("vt: add support for smput/rmput escape codes") only saves and restores the regular screen buffer (vc_origin), but completely ignores the corresponding unicode screen buffer (vc_uni_lines) creating a messed-up display. Add vc_saved_uni_lines to save the unicode screen buffer when entering the alternate screen, and restore it when leaving. Also ensure proper cleanup in reset_terminal() and vc_deallocate(). Fixes: 23743ba64709 ("vt: add support for smput/rmput escape codes") Cc: stable <stable@kernel.org> Signed-off-by: Nicolas Pitre <npitre@baylibre.com> Link: https://patch.msgid.link/5o2p6qp3-91pq-0p17-or02-1oors4417ns7@onlyvoer.pbz Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 
commit 5eb608319bb56464674a71b4a66ea65c6c435d64 upstream.

The alternate screen support added by commit 23743ba64709 ("vt: add
support for smput/rmput escape codes") only saves and restores the
regular screen buffer (vc_origin), but completely ignores the corresponding
unicode screen buffer (vc_uni_lines) creating a messed-up display.

Add vc_saved_uni_lines to save the unicode screen buffer when entering
the alternate screen, and restore it when leaving. Also ensure proper
cleanup in reset_terminal() and vc_deallocate().

Fixes: 23743ba64709 ("vt: add support for smput/rmput escape codes")
Cc: stable <stable@kernel.org>
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
Link: https://patch.msgid.link/5o2p6qp3-91pq-0p17-or02-1oors4417ns7@onlyvoer.pbz
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
vt: move vc_saved_screen to within tty allocated judgment 2025-09-12T13:58:41+00:00 Edward Adam Davis eadavis@qq.com 2025-09-09T00:51:22+00:00 fc702e7df456e219f029d0192fbc7cb357a16f4c Everything starts with the assumption that a tty has been allocated. Therefore, Move it to within the tty allocation check. Fixes: 23743ba64709 ("vt: add support for smput/rmput escape codes") Reported-by: syzbot+f6cb41c144427dc0796a@syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=f6cb41c144427dc0796a Tested-by: syzbot+f6cb41c144427dc0796a@syzkaller.appspotmail.com Signed-off-by: Edward Adam Davis <eadavis@qq.com> Reviewed-by: Jiri Slaby <jirislaby@kernel.org> Link: https://lore.kernel.org/r/tencent_CAD45DB31906CF890DBB25AB0DED12205D07@qq.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 
Everything starts with the assumption that a tty has been allocated.
Therefore, Move it to within the tty allocation check.

Fixes: 23743ba64709 ("vt: add support for smput/rmput escape codes")
Reported-by: syzbot+f6cb41c144427dc0796a@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=f6cb41c144427dc0796a
Tested-by: syzbot+f6cb41c144427dc0796a@syzkaller.appspotmail.com
Signed-off-by: Edward Adam Davis <eadavis@qq.com>
Reviewed-by: Jiri Slaby <jirislaby@kernel.org>
Link: https://lore.kernel.org/r/tencent_CAD45DB31906CF890DBB25AB0DED12205D07@qq.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
tty/vt: Add missing return value for VT_RESIZE in vt_ioctl() 2025-09-06T13:49:55+00:00 Zizhi Wo wozizhi@huaweicloud.com 2025-09-04T02:39:55+00:00 da7e8b3823962b13e713d4891e136a261ed8e6a2 In vt_ioctl(), the handler for VT_RESIZE always returns 0, which prevents users from detecting errors. Add the missing return value so that errors can be properly reported to users like vt_resizex(). Signed-off-by: Zizhi Wo <wozizhi@huaweicloud.com> Link: https://lore.kernel.org/r/20250904023955.3892120-1-wozizhi@huaweicloud.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 
In vt_ioctl(), the handler for VT_RESIZE always returns 0, which prevents
users from detecting errors. Add the missing return value so that errors
can be properly reported to users like vt_resizex().

Signed-off-by: Zizhi Wo <wozizhi@huaweicloud.com>
Link: https://lore.kernel.org/r/20250904023955.3892120-1-wozizhi@huaweicloud.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
vt: remove redundant check on vc_mode in con_font_set() 2025-09-06T13:49:52+00:00 Wang Liang wangliang74@huawei.com 2025-09-04T02:33:45+00:00 45747017928c7e6ef71f3a09c5610b7026357162 Previous commit edab558feba1 ("vt: sort out locking for font handling") move the vc_mode check into console_lock protect, but forget to remove the old check in con_font_set(). Just remove the redundant check. Signed-off-by: Wang Liang <wangliang74@huawei.com> Link: https://lore.kernel.org/r/20250904023345.13731-1-wangliang74@huawei.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 
Previous commit edab558feba1 ("vt: sort out locking for font handling")
move the vc_mode check into console_lock protect, but forget to remove the
old check in con_font_set(). Just remove the redundant check.

Signed-off-by: Wang Liang <wangliang74@huawei.com>
Link: https://lore.kernel.org/r/20250904023345.13731-1-wangliang74@huawei.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
vt: add support for smput/rmput escape codes 2025-09-06T13:48:32+00:00 Calixte Pernot calixte.pernot@grenoble-inp.org 2025-08-25T12:56:09+00:00 23743ba64709a9c137c1b928f8b8e00d846af9cc Support "\e[?1049h" and "\e[?1049l" escape codes. This patch allows programs to enter and leave alternate screens. This feature is widely available in graphical terminal emulators and mostly used by fullscreen terminal-based user interfaces such as text editors. Most editors such as vim and nano assume this escape code in not supported and will not try to print the escape sequence if TERM=linux. To try out this patch, run `TERM=xterm-256color vim` inside a VT. Signed-off-by: Calixte Pernot <calixte.pernot@grenoble-inp.org> Link: https://lore.kernel.org/r/20250825125607.2478-3-calixte.pernot@grenoble-inp.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 
Support "\e[?1049h" and "\e[?1049l" escape codes.
This patch allows programs to enter and leave alternate screens.
This feature is widely available in graphical terminal emulators and mostly
used by fullscreen terminal-based user interfaces such as text editors.
Most editors such as vim and nano assume this escape code in not supported
and will not try to print the escape sequence if TERM=linux.
To try out this patch, run `TERM=xterm-256color vim` inside a VT.

Signed-off-by: Calixte Pernot <calixte.pernot@grenoble-inp.org>
Link: https://lore.kernel.org/r/20250825125607.2478-3-calixte.pernot@grenoble-inp.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
tty/vt: use guard()s 2025-08-17T10:46:26+00:00 Jiri Slaby (SUSE) jirislaby@kernel.org 2025-08-14T07:24:55+00:00 e730c373b6ff16a177e132859bf6ea4dbb15105f Having all the new guards, use them in the vt code. This improves readability, makes error handling easier, and marks locked portions of code explicit. A local free_page_ptr __free guard is introduced for __get_free_page/free_page (with proper casts). This could be made public in include/. But I am not sure if there are more possible users, so keeping completely private here. Signed-off-by: "Jiri Slaby (SUSE)" <jirislaby@kernel.org> Link: https://lore.kernel.org/r/20250814072456.182853-16-jirislaby@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 
Having all the new guards, use them in the vt code. This improves
readability, makes error handling easier, and marks locked portions of
code explicit.

A local free_page_ptr __free guard is introduced for
__get_free_page/free_page (with proper casts). This could be made public
in include/. But I am not sure if there are more possible users, so
keeping completely private here.

Signed-off-by: "Jiri Slaby (SUSE)" <jirislaby@kernel.org>
Link: https://lore.kernel.org/r/20250814072456.182853-16-jirislaby@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
tty/vt: use guard()s in con_font_set/get() and con_{set,get}_unimap() 2025-08-17T10:46:26+00:00 Jiri Slaby (SUSE) jirislaby@kernel.org 2025-08-14T07:24:54+00:00 2fe16088c3c77cd96e64363927ddc98f66de8e8b Having all the new guards, use them in the 8250_rsa code. This improves readability, makes error handling easier, and marks locked portions of code explicit. The new __free()-annotated declarations are moved to the allocation points as is preferred: https://lore.kernel.org/all/CAHk-=wjvh_LUpa=864joG2JJXs3+viO-kLzLidR2JLyMr4MNwA@mail.gmail.com/ Except font_data in con_font_get(). The scope in there would not match the expected lifetime. But the declaration is moved closer. Signed-off-by: "Jiri Slaby (SUSE)" <jirislaby@kernel.org> Link: https://lore.kernel.org/r/20250814072456.182853-15-jirislaby@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 
Having all the new guards, use them in the 8250_rsa code. This improves
readability, makes error handling easier, and marks locked portions of
code explicit.

The new __free()-annotated declarations are moved to the allocation points
as is preferred:
https://lore.kernel.org/all/CAHk-=wjvh_LUpa=864joG2JJXs3+viO-kLzLidR2JLyMr4MNwA@mail.gmail.com/

Except font_data in con_font_get(). The scope in there would not match
the expected lifetime. But the declaration is moved closer.

Signed-off-by: "Jiri Slaby (SUSE)" <jirislaby@kernel.org>
Link: https://lore.kernel.org/r/20250814072456.182853-15-jirislaby@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
vt: defkeymap: Map keycodes above 127 to K_HOLE 2025-07-22T16:53:56+00:00 Myrrh Periwinkle myrrhperiwinkle@qtmlabs.xyz 2025-07-02T14:17:58+00:00 b43cb4ff85da5cf29c4cd351ef1d7dd8210780f7 The maximum number of keycodes got bumped to 256 a very long time ago, but the default keymaps were never adjusted to match. This is causing the kernel to interpret keycodes above 127 as U+0000 if the shipped generated keymap is used. Fix this by mapping all keycodes above 127 to K_HOLE so the kernel ignores them. The contents of this patche were generated by rerunning `loadkeys --mktable --unicode` and only including the changes to map keycodes above 127 to K_HOLE. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Signed-off-by: Myrrh Periwinkle <myrrhperiwinkle@qtmlabs.xyz> Cc: stable <stable@kernel.org> Reviewed-by: Jiri Slaby <jirislaby@kernel.org> Link: https://lore.kernel.org/r/20250702-vt-misc-unicode-fixes-v1-2-c27e143cc2eb@qtmlabs.xyz Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 
The maximum number of keycodes got bumped to 256 a very long time ago,
but the default keymaps were never adjusted to match. This is causing
the kernel to interpret keycodes above 127 as U+0000 if the shipped
generated keymap is used.

Fix this by mapping all keycodes above 127 to K_HOLE so the kernel
ignores them.

The contents of this patche were generated by rerunning `loadkeys
--mktable --unicode` and only including the changes to map keycodes
above 127 to K_HOLE.

Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Myrrh Periwinkle <myrrhperiwinkle@qtmlabs.xyz>
Cc: stable <stable@kernel.org>
Reviewed-by: Jiri Slaby <jirislaby@kernel.org>
Link: https://lore.kernel.org/r/20250702-vt-misc-unicode-fixes-v1-2-c27e143cc2eb@qtmlabs.xyz
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>