AZL-72667

In the Linux kernel, the following vulnerability has been resolved:

drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup

Protect vgaswitcherooclientfbset() with console lock. Avoids OOB access in fbconremapall(). Without holding the console lock the call races with switching outputs.

VGA switcheroo calls fbconremapall() when switching clients. The fbcon function uses struct fbinfo.node, which is set by registerframebuffer(). As the fb-helper code currently sets up VGA switcheroo before registering the framebuffer, the value of node is -1 and therefore not a legal value. For example, fbcon uses the value within setcon2fbmap() [1] as an index into an array.

Moving vgaswitcherooclientfbset() after register_framebuffer() can result in VGA switching that does not switch fbcon correctly.

Therefore move vgaswitcherooclientfbset() under fbconfbregistered(), which already holds the console lock. Fbdev calls fbconfbregistered() from within registerframebuffer(). Serializes the helper with VGA switcheroo's call to fbconremap_all().

Although vgaswitcherooclientfbset() takes an instance of struct fbinfo as parameter, it really only needs the contained fbcon state. Moving the call to fbcon initialization is therefore cleaner than before. Only amdgpu, i915, nouveau and radeon support vgaswitcheroo. For all other drivers, this change does nothing.