Minki/linux
1
0
Fork 1
mirror of https://github.com/torvalds/linux.git synced 2024-12-27 13:22:23 +00:00
Code Issues Packages Projects Releases Wiki Activity
c18c732ec6
linux/fs
History
Steve French c18c732ec6 [CIFS] fix bad handling of EAGAIN error on kernel_recvmsg in cifs_demultiplex_thread 
When kernel_recvmsg returns -EAGAIN or -ERESTARTSYS, then
cifs_demultiplex_thread sleeps for a bit and then tries the read again.
When it does this, it's not zeroing out the length and that throws off
the value of total_read. Fix it to zero out the length.

Can cause memory corruption:
If kernel_recvmsg returns an error and total_read is a large enough
value, then we'll end up going through the loop again. total_read will
be a bogus value, as will (pdu_length-total_read). When this happens we
end up calling kernel_recvmsg with a bogus value (possibly larger than
the current iov_len).

At that point, memcpy_toiovec can overrun iov. It will start walking
up the stack, casting other things that are there to struct iovecs
(since it assumes that it's been passed an array of them). Any pointer
on the stack at an address above the kvec is a candidate for corruption
here.

Many thanks to Ulrich Obergfell for pointing this out.

Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
2007-10-17 18:01:11 +00:00
..
9p 9p: fix debug compilation error 2007-07-16 16:03:25 -05:00
adfs mm: Remove slab destructors from kmem_cache_create(). 2007-07-20 10:11:58 +09:00
affs mm: Remove slab destructors from kmem_cache_create(). 2007-07-20 10:11:58 +09:00
afs AFS: fix file locking 2007-07-31 15:39:40 -07:00
autofs
autofs4
befs mm: Remove slab destructors from kmem_cache_create(). 2007-07-20 10:11:58 +09:00
bfs mm: Remove slab destructors from kmem_cache_create(). 2007-07-20 10:11:58 +09:00
cifs [CIFS] fix bad handling of EAGAIN error on kernel_recvmsg in cifs_demultiplex_thread 2007-10-17 18:01:11 +00:00
coda coda: remove CODA_STORE/CODA_RELEASE upcalls 2007-07-21 17:49:14 -07:00
configfs mm: Remove slab destructors from kmem_cache_create(). 2007-07-20 10:11:58 +09:00
cramfs
debugfs debugfs: remove rmdir() non-empty complaint 2007-07-18 15:49:48 -07:00
devpts
dlm [DLM] fix basts for granted PR waiting CW 2007-08-14 10:31:02 +01:00
ecryptfs eCryptfs: fix error handling in ecryptfs_init 2007-08-11 15:47:40 -07:00
efs mm: Remove slab destructors from kmem_cache_create(). 2007-07-20 10:11:58 +09:00
exportfs knfsd: exportfs: split out reconnecting a dentry from find_exported_dentry 2007-07-17 10:23:06 -07:00
ext2 fix inode_table test in ext234_check_descriptors 2007-07-26 11:35:17 -07:00
ext3 fix inode_table test in ext234_check_descriptors 2007-07-26 11:35:17 -07:00
ext4 "ext4_ext_put_in_cache" uses __u32 to receive physical block number 2007-07-31 15:39:37 -07:00
fat mm: Remove slab destructors from kmem_cache_create(). 2007-07-20 10:11:58 +09:00
freevxfs mm: Remove slab destructors from kmem_cache_create(). 2007-07-20 10:11:58 +09:00
fuse mm: Remove slab destructors from kmem_cache_create(). 2007-07-20 10:11:58 +09:00
gfs2 [GFS2] Revert remounting w/o acl option leaves acls enabled 2007-08-14 10:34:40 +01:00
hfs mm: Remove slab destructors from kmem_cache_create(). 2007-07-20 10:11:58 +09:00
hfsplus mm: Remove slab destructors from kmem_cache_create(). 2007-07-20 10:11:58 +09:00
hostfs sendfile: remove .sendfile from filesystems that use generic_file_sendfile() 2007-07-10 08:04:13 +02:00
hpfs mm: Remove slab destructors from kmem_cache_create(). 2007-07-20 10:11:58 +09:00
hppfs
hugetlbfs mm: Remove slab destructors from kmem_cache_create(). 2007-07-20 10:11:58 +09:00
isofs isofs: mounting to regular file may succeed 2007-07-31 15:39:41 -07:00
jbd mm: Remove slab destructors from kmem_cache_create(). 2007-07-20 10:11:58 +09:00
jbd2 mm: Remove slab destructors from kmem_cache_create(). 2007-07-20 10:11:58 +09:00
jffs2 JFFS2 locking regression fix. 2007-08-20 22:44:27 -07:00
jfs mm: Remove slab destructors from kmem_cache_create(). 2007-07-20 10:11:58 +09:00
lockd lockd and nfsd endianness annotation fixes 2007-07-26 11:11:56 -07:00
minix mm: Remove slab destructors from kmem_cache_create(). 2007-07-20 10:11:58 +09:00
msdos
ncpfs NCP: delete test of long-deceased CONFIG_NCPFS_DEBUGDENTRY 2007-07-31 15:39:41 -07:00
nfs NFS: Replace flush_scheduled_work with cancel_work_sync() and friends 2007-08-07 16:12:50 -04:00
nfs_common
nfsd knfsd: eliminate unnecessary -ENOENT returns on export downcalls 2007-07-31 15:39:38 -07:00
nls NLS: Remove obsolete Makefile entries 2007-07-16 09:05:52 -07:00
ntfs mm: Remove slab destructors from kmem_cache_create(). 2007-07-20 10:11:58 +09:00
ocfs2 ocfs2: set non-default s_time_gran during mount 2007-08-09 17:27:58 -07:00
openpromfs mm: Remove slab destructors from kmem_cache_create(). 2007-07-20 10:11:58 +09:00
partitions [PARTITION]: Sun/Solaris VTOC table corrections 2007-07-30 00:27:31 -07:00
proc Fix leaks on /proc/{*/sched,sched_debug,timer_list,timer_stats} 2007-07-31 15:39:40 -07:00
qnx4 mm: Remove slab destructors from kmem_cache_create(). 2007-07-20 10:11:58 +09:00
ramfs NOMMU: Fix SYSV IPC SHM 2007-07-31 15:39:36 -07:00
reiserfs more reiserfs endianness annotations 2007-07-26 11:11:58 -07:00
romfs mm: Remove slab destructors from kmem_cache_create(). 2007-07-20 10:11:58 +09:00
smbfs mm: Remove slab destructors from kmem_cache_create(). 2007-07-20 10:11:58 +09:00
sysfs mm: Remove slab destructors from kmem_cache_create(). 2007-07-20 10:11:58 +09:00
sysv mm: Remove slab destructors from kmem_cache_create(). 2007-07-20 10:11:58 +09:00
udf UDF: fix UID and GID mount option ignorance 2007-07-31 15:39:43 -07:00
ufs mm: Remove slab destructors from kmem_cache_create(). 2007-07-20 10:11:58 +09:00
vfat
xfs xfs ioctl __user annotations 2007-07-26 11:11:57 -07:00
aio.c
anon_inodes.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/avi/kvm 2007-07-17 11:50:26 -07:00
attr.c Introduce is_owner_or_cap() to wrap CAP_FOWNER use with fsuid check 2007-07-17 12:00:03 -07:00
bad_inode.c sendfile: remove bad_sendfile() from bad_file_ops 2007-07-10 08:04:15 +02:00
binfmt_aout.c
binfmt_elf_fdpic.c coredump masking: ELF-FDPIC: enable core dump filtering 2007-07-19 10:04:47 -07:00
binfmt_elf.c revert "PIE randomization" 2007-07-21 17:49:14 -07:00
binfmt_em86.c
binfmt_flat.c nommu: report correct errno in message 2007-06-08 17:23:32 -07:00
binfmt_misc.c mm: variable length argument support 2007-07-19 10:04:45 -07:00
binfmt_script.c mm: variable length argument support 2007-07-19 10:04:45 -07:00
binfmt_som.c
bio.c [BLOCK] Get rid of request_queue_t typedef 2007-07-24 09:28:11 +02:00
block_dev.c mm: Remove slab destructors from kmem_cache_create(). 2007-07-20 10:11:58 +09:00
buffer.c fix some conversion overflows 2007-07-20 08:44:19 -07:00
char_dev.c unregister_chrdev() return void 2007-07-19 10:04:43 -07:00
compat_ioctl.c [PATCH] remove duplicated ioctl entries in compat_ioctl.c 2007-08-06 15:06:03 -04:00
compat.c mm: variable length argument support 2007-07-19 10:04:45 -07:00
dcache.c mm: Remove slab destructors from kmem_cache_create(). 2007-07-20 10:11:58 +09:00
dcookies.c Remove fs.h from mm.h 2007-07-29 17:09:29 -07:00
direct-io.c dio: zero struct dio with kzalloc instead of manually 2007-08-20 22:50:25 -07:00
dnotify.c mm: Remove slab destructors from kmem_cache_create(). 2007-07-20 10:11:58 +09:00
dquot.c mm: Remove slab destructors from kmem_cache_create(). 2007-07-20 10:11:58 +09:00
drop_caches.c invalidate_mapping_pages(): add cond_resched 2007-07-16 09:05:36 -07:00
eventfd.c
eventpoll.c mm: Remove slab destructors from kmem_cache_create(). 2007-07-20 10:11:58 +09:00
exec.c Reset current->pdeath_signal on SUID binary execution 2007-08-18 09:29:07 -07:00
fcntl.c mm: Remove slab destructors from kmem_cache_create(). 2007-07-20 10:11:58 +09:00
fifo.c
file_table.c
file.c
filesystems.c
fs-writeback.c
generic_acl.c Introduce is_owner_or_cap() to wrap CAP_FOWNER use with fsuid check 2007-07-17 12:00:03 -07:00
inode.c mm: Remove slab destructors from kmem_cache_create(). 2007-07-20 10:11:58 +09:00
inotify_user.c mm: Remove slab destructors from kmem_cache_create(). 2007-07-20 10:11:58 +09:00
inotify.c
internal.h
ioctl.c drop obsolete sys_ioctl export 2007-07-16 09:05:48 -07:00
ioprio.c
Kconfig NFSD/SUNRPC: Fix the automatic selection of RPCSEC_GSS 2007-07-19 15:09:02 -04:00
Kconfig.binfmt
libfs.c
locks.c rename setlease to generic_setlease 2007-07-31 15:39:43 -07:00
Makefile
mbcache.c mm: Remove slab destructors from kmem_cache_create(). 2007-07-20 10:11:58 +09:00
mpage.c
namei.c fs: remove path_walk export 2007-07-19 10:04:45 -07:00
namespace.c mm: Remove slab destructors from kmem_cache_create(). 2007-07-20 10:11:58 +09:00
nfsctl.c nfsctl: use vfs_path_lookup 2007-07-19 10:04:45 -07:00
no-block.c
open.c VFS: fix a race in lease-breaking during truncate 2007-07-31 15:39:42 -07:00
pipe.c docbook: add pipes, other fixes 2007-07-27 08:08:51 +02:00
pnode.c
pnode.h
posix_acl.c
quota_v1.c
quota_v2.c
quota.c [IA64] Fix build failure in fs/quota.c 2007-07-27 15:40:13 -07:00
read_write.c Remove remnants of sendfile() 2007-07-10 08:04:15 +02:00
read_write.h
readdir.c
select.c
seq_file.c seq_file: more atomicity in traverse() 2007-07-16 09:05:45 -07:00
signalfd.c tiny signalfd cleanup 2007-07-26 11:33:06 -07:00
splice.c docbook: add pipes, other fixes 2007-07-27 08:08:51 +02:00
stack.c
stat.c
super.c hugetlbfs: handle empty options string 2007-07-16 09:05:46 -07:00
sync.c Introduce fixed sys_sync_file_range2() syscall, implement on PowerPC and ARM 2007-06-28 11:38:30 -07:00
timerfd.c make timerfd return a u64 and fix the __put_user 2007-07-26 11:35:17 -07:00
utimes.c Introduce is_owner_or_cap() to wrap CAP_FOWNER use with fsuid check 2007-07-17 12:00:03 -07:00
xattr_acl.c
xattr.c Introduce is_owner_or_cap() to wrap CAP_FOWNER use with fsuid check 2007-07-17 12:00:03 -07:00