Minki/linux
1
0
Fork 1
mirror of https://github.com/torvalds/linux.git synced 2024-11-28 07:01:32 +00:00
Code Issues Packages Projects Releases Wiki Activity
65eea8edc3
linux/drivers
History
Andy Whitcroft 65eea8edc3 floppy: Do not copy a kernel pointer to user memory in FDGETPRM ioctl 
The final field of a floppy_struct is the field "name", which is a pointer
to a string in kernel memory.  The kernel pointer should not be copied to
user memory.  The FDGETPRM ioctl copies a floppy_struct to user memory,
including this "name" field.  This pointer cannot be used by the user
and it will leak a kernel address to user-space, which will reveal the
location of kernel code and data and undermine KASLR protection.

Model this code after the compat ioctl which copies the returned data
to a previously cleared temporary structure on the stack (excluding the
name pointer) and copy out to userspace from there.  As we already have
an inparam union with an appropriate member and that memory is already
cleared even for read only calls make use of that as a temporary store.

Based on an initial patch by Brian Belleville.

CVE-2018-7755
Signed-off-by: Andy Whitcroft <apw@canonical.com>

Broke up long line.

Signed-off-by: Jens Axboe <axboe@kernel.dk>
2018-09-20 09:09:48 -06:00
..
accessibility
acpi Urgent ACPI Kconfig fix for 4.19-rc1 2018-08-24 09:29:44 -07:00
amba
android android: binder: Rate-limit debug and userspace triggered err msgs 2018-08-08 11:05:47 +02:00
ata libata: mask swap internal and hardware tag 2018-09-20 08:30:55 -06:00
atm
auxdisplay Char/Misc driver patches for 4.19-rc1 2018-08-18 11:04:51 -07:00
base Driver core patches for 4.19-rc1 2018-08-18 11:44:53 -07:00
bcma
block floppy: Do not copy a kernel pointer to user memory in FDGETPRM ioctl 2018-09-20 09:09:48 -06:00
bluetooth Bluetooth: mediatek: pass correct size to h4_recv_buf() 2018-08-13 15:59:39 +02:00
bus ARM: SoC driver updates 2018-08-23 13:52:46 -07:00
cdrom cdrom: Fix info leak/OOB read in cdrom_ioctl_drive_status 2018-08-29 08:09:20 -06:00
char RTC for 4.19 2018-08-20 16:30:27 -07:00
clk ARM: SoC driver updates 2018-08-23 13:52:46 -07:00
clocksource RISC-V Updates for the 4.19 Merge Window 2018-08-19 09:56:38 -07:00
connector
cpufreq ARM: SoC driver updates 2018-08-23 13:52:46 -07:00
cpuidle More power management updates for 4.19-rc1 2018-08-22 07:42:36 -07:00
crypto Merge branch 'akpm' (patches from Andrew) 2018-08-23 19:20:12 -07:00
dax dax: remove VM_MIXEDMAP for fsdax and device dax 2018-08-17 16:20:27 -07:00
dca
devfreq Char/Misc driver patches for 4.19-rc1 2018-08-18 11:04:51 -07:00
dio
dma DMAengine updates for v4.19-rc1 2018-08-18 15:55:59 -07:00
dma-buf
edac EDAC: Add missing MEM_LRDDR4 entry in edac_mem_types[] 2018-08-17 15:13:34 +02:00
eisa
extcon
firewire firewire: use 64-bit time_t based interfaces 2018-08-17 16:20:27 -07:00
firmware fbdev changes for v4.19: 2018-08-23 15:44:58 -07:00
fmc
fpga
fsi fsi: sbefifo: Bump max command length 2018-08-08 15:44:47 +10:00
gnss
gpio - New Drivers 2018-08-20 15:38:44 -07:00
gpu amdgpu and panel/misc fixes. 2018-08-24 09:22:54 -07:00
hid Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid 2018-08-20 15:59:01 -07:00
hsi
hv
hwmon ARM: SoC driver updates 2018-08-23 13:52:46 -07:00
hwspinlock
hwtracing drivers/hwtracing/intel_th/msu.c: change return type to vm_fault_t 2018-08-23 18:48:43 -07:00
i2c i2c: don't use any __deprecated handling anymore 2018-08-24 17:26:43 +02:00
ide Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/ide 2018-08-22 07:40:33 -07:00
idle
iio treewide: convert ISO_8859-1 text comments to utf-8 2018-08-23 18:48:43 -07:00
infiniband Second merge window update 2018-08-23 15:34:48 -07:00
input ARM: 32-bit SoC platform updates 2018-08-23 13:44:43 -07:00
iommu IOMMU Update for Linux v4.19 2018-08-24 13:10:38 -07:00
ipack
irqchip Xtensa improvements for v4.19: 2018-08-22 14:04:41 -07:00
isdn isdn: Disable IIOCDBGVAR 2018-08-16 12:26:24 -07:00
leds leds: ns2: Change unsigned to unsigned int 2018-08-06 23:03:12 +02:00
lightnvm
macintosh macintosh: therm_windtunnel: drop using attach_adapter 2018-08-24 14:42:42 +02:00
mailbox mailbox: Add support for i.MX messaging unit 2018-08-15 09:53:07 +05:30
mcb
md bcache: release dc->writeback_lock properly in bch_writeback_thread() 2018-08-22 15:06:29 -06:00
media Merge branch 'i2c/for-4.19' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux 2018-08-21 17:40:46 -07:00
memory ARM: SoC driver updates 2018-08-23 13:52:46 -07:00
memstick
message
mfd Merge branch 'i2c/for-4.19' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux 2018-08-21 17:40:46 -07:00
misc Merge branch 'akpm' (patches from Andrew) 2018-08-22 12:34:08 -07:00
mmc Merge branch 'asoc-4.19' into asoc-next 2018-08-09 14:47:05 +01:00
mtd This pull request contains updates for both UBI and UBIFS: 2018-08-23 15:58:04 -07:00
mux
net ARM: 32-bit SoC platform updates 2018-08-23 13:44:43 -07:00
nfc
ntb
nubus
nvdimm
nvme nvmet-rdma: fix possible bogus dereference under heavy load 2018-09-05 12:18:01 -07:00
nvmem
of Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2018-08-15 15:04:25 -07:00
opp
oprofile
parisc
parport Char/Misc driver patches for 4.19-rc1 2018-08-18 11:04:51 -07:00
pci Merge branch 'akpm' (patches from Andrew) 2018-08-22 12:34:08 -07:00
pcmcia pcmcia: remove long deprecated pcmcia_request_exclusive_irq() function 2018-08-18 12:30:42 -07:00
perf Char/Misc driver patches for 4.19-rc1 2018-08-18 11:04:51 -07:00
phy
pinctrl - New Drivers 2018-08-20 15:38:44 -07:00
platform platform-drivers-x86 for v4.19-1 2018-08-22 14:14:15 -07:00
pnp
power treewide: convert ISO_8859-1 text comments to utf-8 2018-08-23 18:48:43 -07:00
powercap
pps
ps3
ptp Char/Misc driver patches for 4.19-rc1 2018-08-18 11:04:51 -07:00
pwm pwm: mediatek: Add MT7628 support 2018-08-20 11:36:07 +02:00
rapidio drivers/rapidio/devices/rio_mport_cdev.c: remove redundant pointer md 2018-08-22 10:52:51 -07:00
ras
regulator - New Drivers 2018-08-20 15:38:44 -07:00
remoteproc remoteproc/davinci: use the reset framework 2018-08-16 17:39:55 -07:00
reset ARM: SoC driver updates 2018-08-23 13:52:46 -07:00
rpmsg
rtc RTC for 4.19 2018-08-20 16:30:27 -07:00
s390 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux 2018-08-24 09:31:34 -07:00
sbus
scsi Char/Misc driver patches for 4.19-rc1 2018-08-18 11:04:51 -07:00
sfi
sh
siox
slimbus
sn
soc ARM: Device-tree updates 2018-08-23 14:02:22 -07:00
soundwire
spi hwspinlock updates for v4.19 2018-08-18 16:45:27 -07:00
spmi
ssb ssb: Remove SSB_WARN_ON, SSB_BUG_ON and SSB_DEBUG 2018-08-09 18:47:47 +03:00
staging ARM: SoC driver updates 2018-08-23 13:52:46 -07:00
target SCSI misc on 20180815 2018-08-15 22:06:26 -07:00
tc
tee ARM: SoC driver updates 2018-08-23 13:52:46 -07:00
thermal Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/rzhang/linux 2018-08-24 13:03:51 -07:00
thunderbolt
tty powerpc fixes for 4.19 #2 2018-08-24 09:34:23 -07:00
uio Char/Misc fix for 4.19-rc1 2018-08-19 09:30:44 -07:00
usb ARM: SoC driver updates 2018-08-23 13:52:46 -07:00
uwb
vfio powerpc updates for 4.19 2018-08-17 11:32:50 -07:00
vhost virtio, vhost: fixes, tweaks 2018-08-24 08:45:19 -07:00
video fbdev changes for v4.19: 2018-08-23 15:44:58 -07:00
virt
virtio virtio, vhost: fixes, tweaks 2018-08-24 08:45:19 -07:00
visorbus
vlynq
vme
w1 power supply and reset changes for the v4.19 series 2018-08-21 18:06:27 -07:00
watchdog include/linux/compiler*.h: make compiler-*.h mutually exclusive 2018-08-22 17:31:34 -07:00
xen xen: fixes and cleanups for 4.19-rc1, second round 2018-08-23 14:52:23 -07:00
zorro
Kconfig
Makefile Char/Misc driver patches for 4.19-rc1 2018-08-18 11:04:51 -07:00