linux/drivers/staging
Dan Carpenter ca641bae6d staging: vc04_services: prevent integer overflow in create_pagelist()
The create_pagelist() "count" parameter comes from the user in
vchiq_ioctl() and it could overflow.  If you look at how create_page()
is called in vchiq_prepare_bulk_data(), then the "size" variable is an
int so it doesn't make sense to allow negatives or larger than INT_MAX.

I don't know this code terribly well, but I believe that typical values
of "count" are typically quite low and I don't think this check will
affect normal valid uses at all.

The "pagelist_size" calculation can also overflow on 32 bit systems, but
not on 64 bit systems.  I have added an integer overflow check for that
as well.

The Raspberry PI doesn't offer the same level of memory protection that
x86 does so these sorts of bugs are probably not super critical to fix.

Fixes: 71bad7f086 ("staging: add bcm2708 vchiq driver")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-05-20 09:26:04 +02:00
..
android staging: remove redundant 'default n' from Kconfig 2019-04-16 13:39:01 +02:00
axis-fifo staging: remove redundant 'default n' from Kconfig 2019-04-16 13:39:01 +02:00
board staging: add missing SPDX lines to Makefile files 2019-04-03 11:10:15 +02:00
clocking-wizard staging: add missing SPDX lines to Makefile files 2019-04-03 11:10:15 +02:00
comedi Staging / IIO driver patches for 5.2-rc1 2019-05-07 13:31:29 -07:00
emxx_udc staging: add missing SPDX lines to Makefile files 2019-04-03 11:10:15 +02:00
erofs staging: erofs: set sb->s_root to NULL when failing from __getname() 2019-05-20 09:18:18 +02:00
fbtft staging: add missing SPDX lines to Kconfig files 2019-04-03 11:10:15 +02:00
fieldbus staging: fieldbus: anybus-s: fix wait_for_completion_timeout return handling 2019-05-01 16:45:03 +02:00
fsl-dpaa2 staging: add missing SPDX lines to Makefile files 2019-04-03 11:10:15 +02:00
fwserial staging: add missing SPDX lines to Makefile files 2019-04-03 11:10:15 +02:00
gasket mm/gup: change GUP fast to use flags rather than a write 'bool' 2019-05-14 09:47:46 -07:00
gdm724x staging: add missing SPDX lines to Kconfig files 2019-04-03 11:10:15 +02:00
goldfish staging: add missing SPDX lines to Makefile files 2019-04-03 11:10:15 +02:00
greybus staging: greybus: power_supply: use struct_size() helper 2019-04-19 15:03:07 +02:00
gs_fpgaboot staging: remove redundant 'default n' from Kconfig 2019-04-16 13:39:01 +02:00
iio Second set of IIO new device support, features and cleanup for the 5.2 cycle. 2019-04-25 10:50:51 +02:00
kpc2000 staging: kpc2000: double unlock in error handling in kpc_dma_transfer() 2019-05-20 09:18:45 +02:00
ks7010 Staging / IIO driver patches for 5.2-rc1 2019-05-07 13:31:29 -07:00
media media updates for v5.2-rc1 2019-05-16 11:57:16 -07:00
most staging: most: cdev: fix chrdev_region leak in mod_exit 2019-05-02 19:43:17 +02:00
mt7621-dma staging: add missing SPDX lines to Makefile files 2019-04-03 11:10:15 +02:00
mt7621-dts staging: add missing SPDX lines to Makefile files 2019-04-03 11:10:15 +02:00
mt7621-pci staging: add missing SPDX lines to Makefile files 2019-04-03 11:10:15 +02:00
mt7621-pci-phy staging: mt7621-pci-phy: convert driver to use kernel regmap API's 2019-04-19 15:01:34 +02:00
mt7621-pinctrl staging: add missing SPDX lines to Makefile files 2019-04-03 11:10:15 +02:00
netlogic staging: add missing SPDX lines to Makefile files 2019-04-03 11:10:15 +02:00
nvec staging: add missing SPDX lines to Kconfig files 2019-04-03 11:10:15 +02:00
octeon Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2019-05-07 22:03:58 -07:00
octeon-usb staging: add missing SPDX lines to Kconfig files 2019-04-03 11:10:15 +02:00
olpc_dcon - Fix-ups 2019-05-14 10:45:03 -07:00
pi433 Staging / IIO driver patches for 5.2-rc1 2019-05-07 13:31:29 -07:00
ralink-gdma staging: ralink-gdma: Use struct_size() in kzalloc() 2019-04-16 13:44:30 +02:00
rtl8188eu Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2019-05-07 22:03:58 -07:00
rtl8192e Staging / IIO driver patches for 5.2-rc1 2019-05-07 13:31:29 -07:00
rtl8192u Staging / IIO driver patches for 5.2-rc1 2019-05-07 13:31:29 -07:00
rtl8712 staging: rtl8712: remove unnecessary NULL check 2019-04-16 13:31:58 +02:00
rtl8723bs Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2019-05-07 22:03:58 -07:00
rts5208 staging: add missing SPDX lines to Makefile files 2019-04-03 11:10:15 +02:00
sm750fb Staging: sm750fb: Change *array into *const array 2019-04-30 15:03:42 +02:00
speakup staging: speakup: refactor to use existing code in vt 2019-04-19 15:09:10 +02:00
unisys staging: add missing SPDX lines to Makefile files 2019-04-03 11:10:15 +02:00
vc04_services staging: vc04_services: prevent integer overflow in create_pagelist() 2019-05-20 09:26:04 +02:00
vme staging: add missing SPDX lines to Makefile files 2019-04-03 11:10:15 +02:00
vt6655 staging: vt6655: upc: remove double blank lines 2019-04-16 13:44:30 +02:00
vt6656 staging: add missing SPDX lines to Kconfig files 2019-04-03 11:10:15 +02:00
wilc1000 staging: wilc1000: Avoid GFP_KERNEL allocation from atomic context 2019-04-17 12:40:51 +02:00
wlan-ng staging: wlan-ng: fix adapter initialization failure 2019-05-20 09:26:04 +02:00
Kconfig drm pull request for 5.2 2019-05-08 21:35:19 -07:00
Makefile drm pull request for 5.2 2019-05-08 21:35:19 -07:00