leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
096cdc6f52225835ff503f987a0d68ef770bb78e
linux/drivers
History
Dan Carpenter 096cdc6f52 platform/chrome: cros_ec_dev - double fetch bug in ioctl 
We verify "u_cmd.outsize" and "u_cmd.insize" but we need to make sure
that those values have not changed between the two copy_from_user()
calls.  Otherwise it could lead to a buffer overflow.

Additionally, cros_ec_cmd_xfer() can set s_cmd->insize to a lower value.
We should use the new smaller value so we don't copy too much data to
the user.

Reported-by: Pengfei Wang <wpengfeinudt@gmail.com>
Fixes: a841178445 ('mfd: cros_ec: Use a zero-length array for command data')
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Tested-by: Gwendal Grignou <gwendal@chromium.org>
Cc: <stable@vger.kernel.org> # v4.2+
Signed-off-by: Olof Johansson <olof@lixom.net>
2016-07-05 14:01:52 -07:00
..
accessibility
acpi
Merge branch 'acpica-fixes'
2016-06-18 01:55:55 +02:00
amba
ARM: 8566/1: drivers: amba: properly handle devices with power domains
2016-05-05 19:00:40 +01:00
android
ata
remove lots of IS_ERR_VALUE abuses
2016-05-27 15:26:11 -07:00
atm
atm: iphase: off by one in rx_pkt()
2016-05-31 11:52:59 -07:00
auxdisplay
base
Merge tag 'driver-core-4.7-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core
2016-06-18 06:04:01 -10:00
bcma
Merge tag 'for-linus-20160523' of git://git.infradead.org/linux-mtd
2016-05-24 11:00:20 -07:00
block
Merge branch 'stable/for-jens-4.7' of git://git.kernel.org/pub/scm/linux/kernel/git/konrad/xen into for-linus
2016-06-09 09:49:55 -06:00
bluetooth
Bluetooth: Add USB ID 13D3:3487 to ath3k
2016-05-13 16:54:59 +02:00
bus
Merge branch 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus
2016-05-19 10:02:26 -07:00
cdrom
char
ipmi: Remove smi_msg from waiting_rcv_msgs list before handle_one_recv_msg()
2016-06-13 08:56:28 -05:00
clk
clk: nxp: Select MFD_SYSCON for creg driver
2016-06-01 15:14:06 -07:00
clocksource
Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm
2016-05-19 11:27:09 -07:00
connector
cpufreq
cpufreq: intel_pstate: Adjust _PSS[0] freqeuency if needed
2016-06-15 01:56:47 +02:00
cpuidle
cpuidle: Fix cpuidle_state_is_coupled() argument in cpuidle_enter()
2016-05-18 02:48:37 +02:00
crypto
Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6
2016-05-30 15:20:18 -07:00
dax
/dev/dax, core: file operations and dax-mmap
2016-05-20 22:02:55 -07:00
dca
devfreq
dio
dma
dmaengine: mv_xor: Fix incorrect offset in dma_map_page()
2016-06-07 12:44:23 +05:30
dma-buf
dma-buf: use vma_pages()
2016-05-31 22:17:05 +05:30
edac
EDAC, sb_edac: Readd accidentally dropped Broadwell-D support
2016-06-03 17:28:21 +02:00
eisa
extcon
extcon: palmas: Fix boot up state of VBUS when using GPIO detection
2016-06-15 17:17:22 +09:00
firewire
firmware
efi/arm: Fix the format of EFI debug messages
2016-06-03 09:57:36 +02:00
fmc
fpga
gpio
gpio: Allow PC/104 devices on X86_64
2016-06-17 20:21:12 -07:00
gpu
Merge tag 'drm-fixes-for-v4.7-rc4' of git://people.freedesktop.org/~airlied/linux
2016-06-15 19:54:52 -10:00
hid
HID: multitouch: Add MT_QUIRK_NOT_SEEN_MEANS_UP to Surface Pro 3
2016-06-01 16:03:28 +02:00
hsi
HSI: omap-ssi: move omap_ssi_port_update_fclk
2016-05-09 22:45:18 +02:00
hv
hwmon
hwmon: (lm90) use proper type for update_interval
2016-06-07 20:13:05 -07:00
hwspinlock
drivers/hwspinlock: use correct radix tree API
2016-05-20 17:58:30 -07:00
hwtracing
coresight: Handle build path error
2016-06-16 00:13:06 -07:00
i2c
i2c: mux: reg: Provide of_match_table
2016-06-09 22:38:16 +02:00
ide
idle
iio
Merge tag 'staging-4.7-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging
2016-06-18 06:05:28 -10:00
infiniband
IB/IPoIB: Don't update neigh validity for unresolved entries
2016-06-07 10:49:48 -04:00
input
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input
2016-05-27 19:14:35 -07:00
iommu
iommu/vt-d: Enable QI on all IOMMUs before setting root entry
2016-06-17 11:29:48 +02:00
ipack
irqchip
irqchip/irq-pic32-evic: Fix bug with external interrupts.
2016-06-02 18:03:50 +01:00
isdn
Merge tag 'tty-4.7-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty
2016-05-20 20:57:27 -07:00
leds
leds: handle suspend/resume in heartbeat trigger
2016-06-08 11:47:06 +02:00
lguest
lightnvm
lightnvm: reserved space calculation incorrect
2016-05-06 12:51:10 -06:00
macintosh
mailbox
mailbox: Fix devm_ioremap_resource error detection code
2016-05-08 22:44:46 +05:30
mcb
mcb: Acquire reference to carrier module in core
2016-06-13 18:49:30 -07:00
md
Merge branch 'for-linus' of git://git.kernel.dk/linux-block
2016-05-27 14:28:09 -07:00
media
Update my main e-mails at the Kernel tree
2016-06-15 15:35:37 -10:00
memory
memory: omap-gpmc: Fix omap gpmc EXTRADELAY timing
2016-06-16 11:43:48 +03:00
memstick
drivers/memstick/core/mspro_block: use kmemdup
2016-05-23 17:04:14 -07:00
message
Merge tag 'scsi-misc' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi
2016-05-18 16:38:59 -07:00
mfd
remove lots of IS_ERR_VALUE abuses
2016-05-27 15:26:11 -07:00
misc
mei: don't use wake_up_interruptible for wr_ctrl
2016-06-10 22:14:24 -07:00
mmc
mmc: sunxi: Re-enable eMMC HS-DDR modes on Allwinner A80
2016-06-02 10:40:20 +02:00
mtd
ubi: Don't bypass ->getattr()
2016-06-14 10:51:42 +02:00
net
vmxnet3: segCnt can be 1 for LRO packets
2016-06-10 00:15:11 -07:00
nfc
NFC: pn533: handle interrupted commands in pn533_recv_frame
2016-05-10 00:01:47 +02:00
ntb
nubus
nvdimm
Merge tag 'dax-misc-for-4.7' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm
2016-05-26 19:34:26 -07:00
nvme
NVMe: Only release requested regions
2016-06-09 14:28:28 -06:00
nvmem
remove lots of IS_ERR_VALUE abuses
2016-05-27 15:26:11 -07:00
of
drivers/of: Fix depth for sub-tree blob in unflatten_dt_nodes()
2016-06-09 14:36:34 -05:00
oprofile
parisc
parport
pci
Merge tag 'char-misc-4.7-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc
2016-05-20 21:20:31 -07:00
pcmcia
perf
arm: pmu: Fix non-devicetree probing
2016-06-15 09:51:35 +01:00
phy
Merge tag 'phy-for-4.7-rc' of git://git.kernel.org/pub/scm/linux/kernel/git/kishon/linux-phy into usb-linus
2016-06-10 23:06:21 -07:00
pinctrl
pinctrl: mediatek: fix dual-edge code defect
2016-05-31 10:13:45 +02:00
platform
platform/chrome: cros_ec_dev - double fetch bug in ioctl
2016-07-05 14:01:52 -07:00
pnp
Merge tag 'driver-core-4.7-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core
2016-05-20 21:26:15 -07:00
power
Merge tag 'for-v4.7' of git://git.kernel.org/pub/scm/linux/kernel/git/sre/linux-power-supply
2016-05-20 14:06:21 -07:00
powercap
Merge tag 'pm-4.7-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm
2016-05-16 19:17:22 -07:00
pps
ps3
ptp
ptp: oops in ptp_ioctl()
2016-05-29 22:32:27 -07:00
pwm
pwm: atmel-hlcdc: Fix default PWM polarity
2016-06-14 10:51:45 +02:00
rapidio
rapidio/mport_cdev: fix uapi type definitions
2016-05-05 17:38:53 -07:00
ras
regulator
Merge remote-tracking branches 'regulator/fix/qcom-smd' and 'regulator/fix/tps51632' into regulator-linus
2016-06-13 16:51:57 +01:00
remoteproc
remoteproc: Add additional crash reasons
2016-05-12 15:50:19 -07:00
reset
rpmsg
rpmsg: add THIS_MODULE to rpmsg_driver in rpmsg core
2016-05-06 11:08:58 -07:00
rtc
rtc: tps6586x: rename so module can be autoloaded
2016-05-21 17:07:17 +02:00
s390
Merge tag 'dax-misc-for-4.7' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm
2016-05-26 19:34:26 -07:00
sbus
openprom: fix warning
2016-05-20 18:33:37 -07:00
scsi
Merge remote-tracking branch 'mkp-scsi/4.7/scsi-fixes' into fixes
2016-06-04 09:53:29 -04:00
sfi
sh
sn
soc
soc: mtk-pmic-wrap: avoid integer overflow warning
2016-05-19 15:20:24 +02:00
spi
Merge tag 'sound-4.7-rc1-2' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound
2016-05-28 12:23:12 -07:00
spmi
ssb
staging
Revert "Staging: rtl8188eu: rtw_efuse: Use sizeof type *pointer instead of sizeof type."
2016-06-17 11:21:45 -07:00
target
Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending
2016-05-28 12:04:17 -07:00
tc
thermal
Merge branch 'for-rc' of git://git.kernel.org/pub/scm/linux/kernel/git/rzhang/linux
2016-06-12 06:30:39 -07:00
thunderbolt
tty
devpts: Make each mount of devpts an independent filesystem.
2016-06-05 10:36:01 -07:00
uio
usb
usbip: rate limit get_frame_number message
2016-06-17 18:00:46 -07:00
uwb
vfio
vfio/pci: Allow VPD short read
2016-05-31 21:25:52 -06:00
vhost
target: make close_session optional
2016-05-10 01:19:26 -07:00
video
OMAPDSS: HDMI5: Change DDC timings
2016-05-31 08:20:43 +03:00
virt
virtio
virtio_balloon: fix PFN format for virtio-1
2016-05-22 19:44:13 +03:00
vlynq
vme
w1
watchdog
watchdog: ebc-c384_wdt: Allow build for X86_64
2016-06-17 20:21:12 -07:00
xen
Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending
2016-05-28 12:04:17 -07:00
zorro
Kconfig
Merge tag 'libnvdimm-for-4.7' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm
2016-05-23 11:18:01 -07:00
Makefile
/dev/dax, pmem: direct access to persistent memory
2016-05-20 22:02:53 -07:00