android/android_kernel_asus_sm8350
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
7182afea8d
android_kernel_asus_sm8350/drivers
History
Dan Carpenter 7182afea8d IB/uverbs: Handle large number of entries in poll CQ 
In ib_uverbs_poll_cq() code there is a potential integer overflow if
userspace passes in a large cmd.ne.  The calls to kmalloc() would
allocate smaller buffers than intended, leading to memory corruption.
There iss also an information leak if resp wasn't all used.
Unprivileged userspace may call this function, although only if an
RDMA device that uses this function is present.

Fix this by copying CQ entries one at a time, which avoids the
allocation entirely, and also by moving this copying into a function
that makes sure to initialize all memory copied to userspace.

Special thanks to Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
for his help and advice.

Cc: <stable@kernel.org>
Signed-off-by: Dan Carpenter <error27@gmail.com>

[ Monkey around with things a bit to avoid bad code generation by gcc
  when designated initializers are used.  - Roland ]

Signed-off-by: Roland Dreier <rolandd@cisco.com>
2010-12-08 15:23:49 -08:00
..
accessibility
acpi ACPI: debugfs custom_method open to non-root 2010-11-13 09:52:16 -08:00
amba
ata sata_via: apply magic FIFO fix to vt6420 too 2010-11-19 13:16:26 -05:00
atm solos: Refuse to upgrade firmware with older FPGA. It doesn't work. 2010-11-08 12:17:05 -08:00
auxdisplay
base PM: Allow devices to be removed during late suspend and early resume 2010-11-11 01:50:53 +01:00
block Merge branch 'rbd-sysfs' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client 2010-12-02 08:05:22 -08:00
bluetooth Bluetooth: Add MacBookAir3,1(2) support 2010-11-09 01:08:53 -02:00
cdrom cdrom: gdrom: ctrl_in/outX to __raw_read/writeX conversion. 2010-10-27 14:33:39 +09:00
char tpm: Autodetect itpm devices 2010-11-30 09:18:01 +11:00
clocksource ARM: shmobile: remove sh_timer_config clk member 2010-10-31 10:40:39 -04:00
connector connector: remove lazy workqueue creation 2010-10-24 14:20:01 -07:00
cpufreq
cpuidle
crypto Merge git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2010-11-13 09:55:56 -08:00
dca
dio
dma drivers/dma/Kconfig: add part number for Topcliff. 2010-10-29 14:14:02 -07:00
edac EDAC, MCE: Fix edac_init_mce_inject error handling 2010-11-22 15:35:32 +01:00
eisa
firewire Merge branch 'fwnet' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394-2.6 2010-11-28 12:24:20 -08:00
firmware dmi: log board, system, and BIOS information 2010-10-27 18:03:05 -07:00
gpio cs5535-gpio: apply CS5536 errata workaround for GPIOs 2010-12-02 14:51:15 -08:00
gpu drm/radeon/kms: add workaround for dce3 ddc line vbios bug 2010-12-01 12:13:37 +10:00
hid Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid 2010-12-02 17:40:04 -08:00
hwmon hwmon: (lis3lv02d_i2c) Fix compile warnings 2010-11-22 12:23:39 -08:00
i2c i2c: Sanity checks on adapter registration 2010-11-15 22:40:38 +01:00
ide ide: clean up timed out request handling 2010-10-26 10:17:30 -07:00
idle Merge branch 'idle-release' of git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux-idle-2.6 2010-10-26 17:28:07 -07:00
ieee802154
infiniband IB/uverbs: Handle large number of entries in poll CQ 2010-12-08 15:23:49 -08:00
input Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input 2010-11-19 10:31:04 -08:00
isdn isdn: icn: Fix stack corruption bug. 2010-11-24 11:19:05 -08:00
leds leds: fix up dependencies 2010-12-02 14:51:15 -08:00
lguest
macintosh leds: fix up dependencies 2010-12-02 14:51:15 -08:00
mca
md md: Call blk_queue_flush() to establish flush/fua support 2010-11-24 16:40:33 +11:00
media Merge branch 'v4l_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-2.6 2010-12-02 08:05:56 -08:00
memstick
message SCSI host lock push-down 2010-11-16 13:33:23 -08:00
mfd mfd: Fix a memory leak when unload mc13xxx-core module 2010-10-29 00:30:43 +02:00
misc drivers/misc/isl29020.c: remove incorrect kfree in isl29020_remove() 2010-11-25 06:50:47 +09:00
mmc mmc: sdhci: 8-bit bus width changes 2010-11-22 15:12:04 -05:00
mtd UBI: release locks in check_corruption 2010-11-19 15:19:40 +02:00
net Merge branch 'tty-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty-2.6 2010-12-02 12:58:16 -08:00
nubus
of
oprofile Merge branches 'perf-fixes-for-linus' and 'x86-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip 2010-10-30 11:43:26 -07:00
parisc BKL: remove extraneous #include <smp_lock.h> 2010-11-17 08:59:32 -08:00
parport Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2010-10-24 13:41:39 -07:00
pci Merge branch 'drivers' of git://git.kernel.org/pub/scm/linux/kernel/git/cmetcalf/linux-tile 2010-11-25 07:42:03 +09:00
pcmcia drivers/pcmcia/soc_common.c: Use printf extension %pV 2010-11-10 14:31:28 +01:00
platform Remove duplicate includes from many files 2010-10-27 18:03:18 -07:00
pnp BKL: remove extraneous #include <smp_lock.h> 2010-11-17 08:59:32 -08:00
power power: Revert "power_supply: Mark twl4030_charger as broken" 2010-10-29 00:30:44 +02:00
pps
ps3
rapidio rapidio: use resource_size() 2010-11-12 07:55:30 -08:00
regulator regulator: fix kernel-doc for set_consumer_device_supply 2010-11-30 15:13:25 +00:00
rtc Merge branches 'sh/rtc' and 'common/clkfwk' into sh/urgent 2010-11-10 18:15:44 +09:00
s390 [S390] qdio: free indicator after reset is finished 2010-11-25 09:52:59 +01:00
sbus Merge branch 'next-devicetree' of git://git.secretlab.ca/git/linux-2.6 2010-10-25 08:19:14 -07:00
scsi SCSI: arm fas216: fix missing ';' 2010-11-23 22:26:23 +00:00
serial Merge branch 'tty-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty-2.6 2010-12-02 12:58:16 -08:00
sfi
sh Merge branch 'common/clkfwk' into sh-fixes-for-linus 2010-11-19 16:43:23 +09:00
sn
spi atmel_spi: fix warning In function 'atmel_spi_dma_map_xfer' 2010-11-30 17:23:24 +01:00
ssb ssb: b43-pci-bridge: Add new vendor for BCM4318 2010-11-22 15:19:31 -05:00
staging Merge branch 'staging-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging-2.6 2010-12-02 12:59:11 -08:00
tc
telephony
thermal
tty Merge branch 'tty-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty-2.6 2010-12-02 12:58:16 -08:00
uio uio: Change mail address of Hans J. Koch 2010-11-10 16:57:11 -08:00
usb Merge branch 'for-greg' of git://gitorious.org/usb/usb into work 2010-11-30 15:52:04 -08:00
uwb UWB: Return UWB_RSV_ALLOC_NOT_FOUND rather than crashing on NULL dereference if kzalloc fails 2010-11-11 07:14:07 -08:00
vhost vhost/net: fix rcu check usage 2010-11-25 11:29:16 +02:00
video Merge master.kernel.org:/home/rmk/linux-2.6-arm 2010-11-25 07:41:10 +09:00
virtio virtio: fix format of sysfs driver/vendor files 2010-11-24 15:21:12 +10:30
vlynq
w1 w1: don't allow arbitrary users to remove w1 devices 2010-10-27 18:03:17 -07:00
watchdog watchdog: it8712f_wdt: add note to Kconfig 2010-12-02 14:10:32 +00:00
xen Merge branch 'upstream/for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jeremy/xen 2010-11-24 08:23:18 +09:00
zorro BKL: remove extraneous #include <smp_lock.h> 2010-11-17 08:59:32 -08:00
Kconfig
Makefile TTY: create drivers/tty and move the tty core files there 2010-11-05 08:10:33 -07:00