[PATCH 5.9 256/391] vt_ioctl: fix GIO_UNIMAP regression

[Greg Kroah-Hartman]

From: Jiri Slaby <jslaby@xxxxxxx>

commit d54654790302ccaa72589380dce060d376ef8716 upstream.

In commit 5ba127878722, we shuffled with the check of 'perm'. But my
brain somehow inverted the condition in 'do_unimap_ioctl' (I thought
it is ||, not &&), so GIO_UNIMAP stopped working completely.

Move the 'perm' checks back to do_unimap_ioctl and do them right again.
In fact, this reverts this part of code to the pre-5ba127878722 state.
Except 'perm' is now a bool.

Fixes: 5ba127878722 ("vt_ioctl: move perm checks level up")
Cc: stable@xxxxxxxxxxxxxxx
Reported-by: Fabian Vogt <fvogt@xxxxxxxx>
Signed-off-by: Jiri Slaby <jslaby@xxxxxxx>
Link: https://lore.kernel.org/r/20201026055419.30518-1-jslaby@xxxxxxx
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>

---
 drivers/tty/vt/vt_ioctl.c |   11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

--- a/drivers/tty/vt/vt_ioctl.c
+++ b/drivers/tty/vt/vt_ioctl.c
@@ -550,7 +550,7 @@ static int vt_io_fontreset(struct consol
 }
 
 static inline int do_unimap_ioctl(int cmd, struct unimapdesc __user *user_ud,
-		struct vc_data *vc)
+		bool perm, struct vc_data *vc)
 {
 	struct unimapdesc tmp;
 
@@ -558,9 +558,11 @@ static inline int do_unimap_ioctl(int cm
 		return -EFAULT;
 	switch (cmd) {
 	case PIO_UNIMAP:
+		if (!perm)
+			return -EPERM;
 		return con_set_unimap(vc, tmp.entry_ct, tmp.entries);
 	case GIO_UNIMAP:
-		if (fg_console != vc->vc_num)
+		if (!perm && fg_console != vc->vc_num)
 			return -EPERM;
 		return con_get_unimap(vc, tmp.entry_ct, &(user_ud->entry_ct),
 				tmp.entries);
@@ -640,10 +642,7 @@ static int vt_io_ioctl(struct vc_data *v
 
 	case PIO_UNIMAP:
 	case GIO_UNIMAP:
-		if (!perm)
-			return -EPERM;
-
-		return do_unimap_ioctl(cmd, up, vc);
+		return do_unimap_ioctl(cmd, up, perm, vc);
 
 	default:
 		return -ENOIOCTLCMD;