Kernel/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2025-01-13 00:20:06 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
linux-stable/fs
History
Jeff Moyer 75e1c70fc3 aio: check for multiplication overflow in do_io_submit 
Tavis Ormandy pointed out that do_io_submit does not do proper bounds
checking on the passed-in iocb array:

       if (unlikely(nr < 0))
               return -EINVAL;

       if (unlikely(!access_ok(VERIFY_READ, iocbpp, (nr*sizeof(iocbpp)))))
               return -EFAULT;                      ^^^^^^^^^^^^^^^^^^

The attached patch checks for overflow, and if it is detected, the
number of iocbs submitted is scaled down to a number that will fit in
the long.  This is an ok thing to do, as sys_io_submit is documented as
returning the number of iocbs submitted, so callers should handle a
return value of less than the 'nr' argument passed in.

Reported-by: Tavis Ormandy <taviso@cmpxchg8b.com>
Signed-off-by: Jeff Moyer <jmoyer@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2010-09-14 17:02:37 -07:00
..
9p
fs/9p: Don't use dotl version of mknod for dotu inode operations
2010-09-13 08:13:03 -05:00
adfs
check ATTR_SIZE contraints in inode_change_ok
2010-08-09 16:47:39 -04:00
affs
AFFS: wait for sb synchronization when needed
2010-08-09 16:48:51 -04:00
afs
Merge git://git.kernel.org/pub/scm/linux/kernel/git/sfrench/cifs-2.6
2010-08-13 10:37:30 -07:00
autofs
autofs/autofs4: Move compat_ioctl handling into fs
2010-08-09 00:13:34 +02:00
autofs4
autofs4: remove unneeded null check in try_to_fill_dentry()
2010-08-11 08:59:06 -07:00
befs
fix typos concerning "initiali[zs]e"
2010-06-16 18:05:05 +02:00
bfs
BFS: clean up the superblock usage
2010-08-09 16:48:53 -04:00
btrfs
Merge branch 'for-2.6.36' of git://git.kernel.dk/linux-2.6-block
2010-08-10 15:22:42 -07:00
cachefiles
Add a dummy printk function for the maintenance of unused printks
2010-08-12 09:51:35 -07:00
ceph
ceph: fix get_ticket_handler() error handling
2010-08-26 09:26:50 -07:00
cifs
cifs: prevent possible memory corruption in cifs_demultiplex_thread
2010-09-08 21:22:35 +00:00
coda
Merge branch 'for-2.6.36' of git://git.kernel.dk/linux-2.6-block
2010-08-10 15:22:42 -07:00
configfs
fix setattr error handling in sysfs, configfs
2010-06-04 17:16:29 -04:00
cramfs
cramfs: only unlock new inodes
2010-08-18 01:01:33 -04:00
debugfs
Add x64 support to debugfs
2010-05-19 22:41:57 -04:00
devpts
Simplify devpts_get_sb() failure exits
2010-05-21 18:31:12 -04:00
dlm
fs/dlm: Drop unnecessary null test
2010-08-05 14:23:45 -05:00
ecryptfs
eCryptfs: Fix encrypted file name lookup regression
2010-08-27 10:50:53 -05:00
efs
exofs
Merge branch 'for-linus' of git://git.open-osd.org/linux-open-osd
2010-08-11 09:19:43 -07:00
exportfs
ext2
mbcache: Remove unused features
2010-08-09 16:48:45 -04:00
ext3
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6
2010-08-10 11:26:52 -07:00
ext4
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6
2010-08-10 11:26:52 -07:00
fat
remove SWRITE* I/O types
2010-08-18 01:09:01 -04:00
freevxfs
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6
2010-08-10 11:26:52 -07:00
fscache
Add a dummy printk function for the maintenance of unused printks
2010-08-12 09:51:35 -07:00
fuse
fuse: fix lock annotations
2010-09-07 13:42:41 +02:00
gfs2
Merge branch 'for-2.6.36' of git://git.kernel.dk/linux-2.6-block
2010-08-10 15:22:42 -07:00
hfs
convert remaining ->clear_inode() to ->evict_inode()
2010-08-09 16:48:37 -04:00
hfsplus
convert remaining ->clear_inode() to ->evict_inode()
2010-08-09 16:48:37 -04:00
hostfs
hostfs ->follow_link() braino
2010-08-18 06:21:10 -04:00
hpfs
switch hpfs to ->evict_inode()
2010-08-09 16:48:17 -04:00
hppfs
switch hppfs to ->evict_inode()
2010-08-09 16:48:16 -04:00
hugetlbfs
new helper: end_writeback()
2010-08-09 16:47:49 -04:00
isofs
isofs: Fix lseek() to position beyond 4 GB
2010-08-11 00:29:47 -04:00
jbd
remove SWRITE* I/O types
2010-08-18 01:09:01 -04:00
jbd2
remove SWRITE* I/O types
2010-08-18 01:09:01 -04:00
jffs2
Merge git://git.infradead.org/mtd-2.6
2010-08-10 11:49:21 -07:00
jfs
jfs: don't allow os2 xattr namespace overlap with others
2010-08-10 15:33:09 -07:00
lockd
include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h
2010-03-30 22:02:32 +09:00
logfs
logfs: kill BKL
2010-08-14 00:24:24 +02:00
minix
minix: fix regression in minix_mkdir()
2010-09-09 18:57:25 -07:00
ncpfs
Merge branch 'bkl/ioctl' of git://git.kernel.org/pub/scm/linux/kernel/git/frederic/random-tracing
2010-08-10 13:58:28 -07:00
nfs
Merge branch 'bugfixes' of git://git.linux-nfs.org/projects/trondmy/nfs-2.6
2010-08-18 15:45:23 -07:00
nfs_common
include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h
2010-03-30 22:02:32 +09:00
nfsd
Merge branch 'for-2.6.36' of git://linux-nfs.org/~bfields/linux
2010-09-07 19:21:02 -07:00
nilfs2
nilfs2: fix leak of shadow dat inode in error path of load_nilfs
2010-08-30 10:18:03 +09:00
nls
notify
fsnotify: drop two useless bools in the fnsotify main loop
2010-08-27 21:42:11 -04:00
ntfs
convert remaining ->clear_inode() to ->evict_inode()
2010-08-09 16:48:37 -04:00
ocfs2
ocfs2: Fix orphan add in ocfs2_create_inode_in_orphan
2010-09-08 14:26:00 +08:00
omfs
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/bcopeland/omfs
2010-08-10 11:47:36 -07:00
openpromfs
partitions
[S390] partitions: fix build error in ibm partition detection code
2010-08-13 10:06:55 +02:00
proc
proc: export uncached bit properly in /proc/kpageflags
2010-09-09 18:57:23 -07:00
qnx4
get rid of cont_write_begin_newtrunc
2010-08-09 16:47:31 -04:00
quota
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6
2010-08-10 11:26:52 -07:00
ramfs
check ATTR_SIZE contraints in inode_change_ok
2010-08-09 16:47:39 -04:00
reiserfs
remove SWRITE* I/O types
2010-08-18 01:09:01 -04:00
romfs
fix leak in romfs_fill_super()
2010-01-26 22:22:26 -05:00
smbfs
switch smbfs to evict_inode()
2010-08-09 16:48:00 -04:00
squashfs
Squashfs: fix checkpatch.pl warnings
2010-08-08 22:29:33 +00:00
sysfs
sysfs: checking for NULL instead of ERR_PTR
2010-09-03 17:26:28 -07:00
sysv
fs/sysv/super.c: add support for non-PDP11 v7 filesystems
2010-08-11 08:59:23 -07:00
ubifs
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6
2010-08-10 11:26:52 -07:00
udf
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6
2010-08-10 11:26:52 -07:00
ufs
remove SWRITE* I/O types
2010-08-18 01:09:01 -04:00
xfs
xfs: log IO completion workqueue is a high priority queue
2010-09-10 10:16:54 -05:00
aio.c
aio: check for multiplication overflow in do_io_submit
2010-09-14 17:02:37 -07:00
anon_inodes.c
Revert "anon_inode: set S_IFREG on the anon_inode"
2010-05-27 22:03:05 -04:00
attr.c
check ATTR_SIZE contraints in inode_change_ok
2010-08-09 16:47:39 -04:00
bad_inode.c
bkl: Remove locked .ioctl file operation
2010-08-14 00:24:24 +02:00
binfmt_aout.c
include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h
2010-03-30 22:02:32 +09:00
binfmt_elf_fdpic.c
binfmt_elf_fdpic: Fix clear_user() error handling
2010-06-01 08:11:06 -07:00
binfmt_elf.c
coredump: pass mm->flags as a coredump parameter for consistency
2010-03-06 11:26:46 -08:00
binfmt_em86.c
include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h
2010-03-30 22:02:32 +09:00
binfmt_flat.c
flat: tweak default stack alignment
2010-06-29 15:29:31 -07:00
binfmt_misc.c
binfmt_misc: fix binfmt_misc priority
2010-09-09 18:57:24 -07:00
binfmt_script.c
Make do_execve() take a const filename pointer
2010-08-17 18:07:43 -07:00
binfmt_som.c
Split 'flush_old_exec' into two functions
2010-01-29 08:22:01 -08:00
bio-integrity.c
fs/bio-integrity.c: return -ENOMEM on kmalloc failure
2010-08-23 13:36:59 +02:00
bio.c
block: unify flags for struct bio and struct request
2010-08-07 18:20:39 +02:00
block_dev.c
blkdev: cgroup whitelist permission fix
2010-08-11 08:59:18 -07:00
buffer.c
remove SWRITE* I/O types
2010-08-18 01:09:01 -04:00
char_dev.c
Fix init ordering of /dev/console vs callers of modprobe
2010-08-06 09:17:02 -07:00
compat_binfmt_elf.c
elf coredump: replace ELF_CORE_EXTRA_* macros by functions
2010-03-06 11:26:45 -08:00
compat_ioctl.c
bkl: Remove locked .ioctl file operation
2010-08-14 00:24:24 +02:00
compat.c
Mark arguments to certain syscalls as being const
2010-08-13 16:53:13 -07:00
dcache.c
fs: brlock vfsmount_lock
2010-08-18 08:35:48 -04:00
dcookies.c
direct-io.c
O_DIRECT: fix the splitting up of contiguous I/O
2010-09-09 18:57:22 -07:00
drop_caches.c
simplify checks for I_CLEAR/I_FREEING
2010-08-09 16:47:44 -04:00
eventfd.c
include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h
2010-03-30 22:02:32 +09:00
eventpoll.c
sched, wait: Use wrapper functions
2010-05-11 17:43:58 +02:00
exec.c
execve: make responsive to SIGKILL with large arguments
2010-09-10 08:10:26 -07:00
fcntl.c
vfs: take O_NONBLOCK out of the O_* uniqueness test
2010-09-09 18:57:25 -07:00
fifo.c
include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h
2010-03-30 22:02:32 +09:00
file_table.c
fs: scale files_lock
2010-08-18 08:35:48 -04:00
file.c
vfs: use kmalloc() to allocate fdmem if possible
2010-08-11 08:59:02 -07:00
filesystems.c
include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h
2010-03-30 22:02:32 +09:00
fs_struct.c
fs: fs_struct rwlock to spinlock
2010-08-18 08:35:46 -04:00
fs-writeback.c
writeback: Fix lost wake-up shutting down writeback thread
2010-08-28 08:52:10 +02:00
generic_acl.c
vfs: update ctime when changing the file's permission by setfacl
2010-08-18 01:04:22 -04:00
inode.c
Merge branch 'for-linus' of git://git.infradead.org/users/eparis/notify
2010-08-10 11:39:13 -07:00
internal.h
fs: brlock vfsmount_lock
2010-08-18 08:35:48 -04:00
ioctl.c
bkl: Remove locked .ioctl file operation
2010-08-14 00:24:24 +02:00
ioprio.c
include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h
2010-03-30 22:02:32 +09:00
Kconfig
fs/Kconfig: Fix typo Userpace -> Userspace
2010-07-20 17:30:22 +02:00
Kconfig.binfmt
libfs.c
check ATTR_SIZE contraints in inode_change_ok
2010-08-09 16:47:39 -04:00
locks.c
Merge branch 'for-next' into for-linus
2010-03-08 16:55:37 +01:00
Makefile
Take statfs variants to fs/statfs.c
2010-05-21 18:31:17 -04:00
mbcache.c
mbcache: Limit the maximum number of cache entries
2010-08-18 06:24:41 -04:00
mpage.c
include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h
2010-03-30 22:02:32 +09:00
namei.c
fs: brlock vfsmount_lock
2010-08-18 08:35:48 -04:00
namespace.c
VFS: Sanity check mount flags passed to change_mnt_propagation()
2010-09-07 13:46:20 -07:00
nfsctl.c
Switch may_open() and break_lease() to passing O_...
2010-03-03 13:00:21 -05:00
no-block.c
open.c
fs: cleanup files_lock locking
2010-08-18 08:35:47 -04:00
pipe.c
pipe: fix check in "set size" fcntl
2010-06-10 19:08:34 +02:00
pnode.c
fs: brlock vfsmount_lock
2010-08-18 08:35:48 -04:00
pnode.h
VFS: Clean up shared mount flag propagation
2010-03-03 14:07:55 -05:00
posix_acl.c
read_write.c
fsnotify: pass a file instead of an inode to open, read, and write
2010-07-28 09:58:32 -04:00
read_write.h
readdir.c
vfs: fix warning: 'dirent' is used uninitialized in this function
2010-08-09 20:45:05 -07:00
select.c
Add generic sys_old_select()
2010-03-12 15:52:32 -08:00
seq_file.c
seq_file: fix new kernel-doc warnings
2010-03-07 15:48:26 -08:00
signalfd.c
signalfd: fill in ssi_int for posix timers and message queues
2010-08-11 08:59:20 -07:00
splice.c
splice: fix misuse of SPLICE_F_NONBLOCK
2010-08-07 18:52:56 +02:00
stack.c
VFS/fsstack: handle 32-bit smp + preempt + large files in fsstack_copy_inode_size
2009-12-17 10:58:17 -05:00
stat.c
Mark arguments to certain syscalls as being const
2010-08-13 16:53:13 -07:00
statfs.c
add f_flags to struct statfs(64)
2010-08-09 16:48:44 -04:00
super.c
fs: scale files_lock
2010-08-18 08:35:48 -04:00
sync.c
get rid of file_fsync()
2010-08-09 16:47:43 -04:00
timerfd.c
fs/timerfd.c: make use of wait_event_interruptible_locked_irq()
2010-05-20 13:21:42 -07:00
utimes.c
Mark arguments to certain syscalls as being const
2010-08-13 16:53:13 -07:00
xattr_acl.c
include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h
2010-03-30 22:02:32 +09:00
xattr.c
fs: xattr_handler table should be const
2010-05-21 18:31:18 -04:00