linux/drivers/block
Christoph Hellwig 3fd61b2099 nvme: fix kernel memory corruption with short INQUIRY buffers
If userspace asks for an INQUIRY buffer smaller than 36 bytes, the SCSI
translation layer will happily write past the end of the INQUIRY buffer
allocation.

This is fairly easily reproducible by running the libiscsi test
suite and then starting an xfstests run.

Fixes: 4f1982 ("NVMe: Update SCSI Inquiry VPD 83h translation")
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Jens Axboe <axboe@fb.com>
2015-05-13 10:22:12 -04:00
..
aoe block: remove artifical max_hw_sectors cap 2014-10-21 14:02:54 -06:00
drbd Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2015-04-26 17:22:07 -07:00
mtip32xx blk-mq: add a 'list' parameter to ->queue_rq() 2014-10-29 11:14:52 -06:00
paride paride: fix the "verbose" module param 2015-04-15 16:35:22 -07:00
rsxx block/rsxx: use generic io stats accounting functions to simplify io stat accounting 2014-11-24 08:05:18 -07:00
xen-blkback xen/grant: introduce func gnttab_unmap_refs_sync() 2015-04-27 11:41:12 +01:00
zram revert "zram: move compact_store() to sysfs functions area" 2015-05-05 17:10:10 -07:00
amiflop.c block: drop owner assignment from platform_drivers 2014-10-20 16:20:18 +02:00
ataflop.c Merge branch 'for-3.16/core' of git://git.kernel.dk/linux-block into next 2014-06-02 09:29:34 -07:00
brd.c brd: rename XIP to DAX 2015-02-16 17:56:04 -08:00
cciss_cmd.h
cciss_scsi.c
cciss_scsi.h
cciss.c block: use pci_zalloc_consistent 2014-08-08 15:57:28 -07:00
cciss.h
cpqarray.c genirq: Remove the deprecated 'IRQF_DISABLED' request_irq() flag entirely 2015-03-05 20:53:06 +01:00
cpqarray.h
cryptoloop.c
DAC960.c block: use pci_zalloc_consistent 2014-08-08 15:57:28 -07:00
DAC960.h
floppy.c floppy: Avoid manual call of device_create_file() 2015-02-03 13:00:36 +01:00
hd.c block: hd: remove deprecated IRQF_DISABLED 2014-10-01 08:16:07 -06:00
ida_cmd.h
ida_ioctl.h
Kconfig drivers/block/pmem: Add a driver for persistent memory 2015-04-01 17:03:56 +02:00
loop.c block: destroy bdi before blockdev is unregistered. 2015-04-27 10:27:20 -06:00
loop.h loop: add blk-mq.h include 2015-01-02 15:20:25 -07:00
Makefile drivers/block/pmem: Add a driver for persistent memory 2015-04-01 17:03:56 +02:00
mg_disk.c block: drop owner assignment from platform_drivers 2014-10-20 16:20:18 +02:00
nbd.c nbd: Return error pointer directly 2015-04-02 12:39:28 -06:00
null_blk.c null_blk: suppress invalid partition info 2015-01-16 16:02:24 -07:00
nvme-core.c Merge branch 'for-4.1/drivers' of git://git.kernel.dk/linux-block 2015-04-16 22:05:27 -04:00
nvme-scsi.c nvme: fix kernel memory corruption with short INQUIRY buffers 2015-05-13 10:22:12 -04:00
osdblk.c block: support different tag allocation policy 2015-01-23 14:15:46 -07:00
pktcdvd.c block,scsi: fixup blk_get_request dead queue scenarios 2014-08-28 10:03:46 -06:00
pmem.c drivers/block/pmem: Fix 32-bit build warning in pmem_alloc() 2015-04-01 17:03:57 +02:00
ps3disk.c
ps3vram.c
rbd_types.h
rbd.c rbd: end I/O the entire obj_request on error 2015-05-01 16:44:30 -07:00
skd_main.c block: disable entropy contributions for nonrot devices 2014-10-04 10:55:32 -06:00
skd_s1120.h
smart1,2.h
sunvdc.c sunvdc: reconnect ldc after vds service domain restarts 2014-12-11 18:52:45 -08:00
swim3.c powerpc: Move Power Macintosh drivers to generic byteswappers 2015-03-23 14:29:40 +11:00
swim_asm.S
swim.c block: drop owner assignment from platform_drivers 2014-10-20 16:20:18 +02:00
sx8.c block,scsi: fixup blk_get_request dead queue scenarios 2014-08-28 10:03:46 -06:00
umem.c
umem.h
virtio_blk.c sd, mmc, virtio_blk, string_helpers: fix block size units 2015-04-10 16:27:48 -07:00
xen-blkfront.c xenbus_client: Extend interface to support multi-page ring 2015-04-15 10:56:47 +01:00
xsysace.c block: systemace: Remove .owner field for driver 2014-08-21 20:37:54 -05:00
z2ram.c block: remove struct request buffer member 2014-04-15 14:03:02 -06:00