forge/linux-uconsole
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions
linux-uconsole/drivers/md
History
Benjamin Randazzo 21c7d3807a md: use kzalloc() when bitmap is disabled 
commit b6878d9e03 upstream.

In drivers/md/md.c get_bitmap_file() uses kmalloc() for creating a
mdu_bitmap_file_t called "file".

5769         file = kmalloc(sizeof(*file), GFP_NOIO);
5770         if (!file)
5771                 return -ENOMEM;

This structure is copied to user space at the end of the function.

5786         if (err == 0 &&
5787             copy_to_user(arg, file, sizeof(*file)))
5788                 err = -EFAULT

But if bitmap is disabled only the first byte of "file" is initialized
with zero, so it's possible to read some bytes (up to 4095) of kernel
space memory from user space. This is an information leak.

5775         /* bitmap disabled, zero the first byte and copy out */
5776         if (!mddev->bitmap_info.file)
5777                 file->pathname[0] = '\0';

Signed-off-by: Benjamin Randazzo <benjamin@randazzo.fr>
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2015-08-16 20:51:37 -07:00
..
bcache bcache: Data corruption fix 2014-02-06 11:08:16 -08:00
persistent-data dm btree: silence lockdep lock inversion in dm_btree_del() 2015-08-03 09:29:45 -07:00
bitmap.c md/bitmap: always wait for writes on unplug. 2015-01-08 09:58:15 -08:00
bitmap.h md/bitmap: record the space available for the bitmap in the superblock. 2012-05-22 13:55:34 +10:00
dm-bio-prison.c dm: add cache target 2013-03-01 22:45:51 +00:00
dm-bio-prison.h dm: add cache target 2013-03-01 22:45:51 +00:00
dm-bio-record.h
dm-bufio.c dm bufio: fix memleak when using a dm_buffer's inline bio 2015-01-08 09:58:15 -08:00
dm-bufio.h dm bufio: prefetch 2012-03-28 18:41:29 +01:00
dm-builtin.c dm sysfs: fix a module unload race 2014-02-13 13:48:02 -08:00
dm-cache-block-types.h dm: add cache target 2013-03-01 22:45:51 +00:00
dm-cache-metadata.c dm cache: fix missing ERR_PTR returns and handling 2015-02-05 22:35:37 -08:00
dm-cache-metadata.h dm cache: policy ignore hints if generated by different version 2013-03-20 17:21:28 +00:00
dm-cache-policy-cleaner.c dm cache: policy change version from string to integer set 2013-03-20 17:21:27 +00:00
dm-cache-policy-internal.h dm cache: policy change version from string to integer set 2013-03-20 17:21:27 +00:00
dm-cache-policy-mq.c dm cache: policy change version from string to integer set 2013-03-20 17:21:27 +00:00
dm-cache-policy.c dm cache: policy change version from string to integer set 2013-03-20 17:21:27 +00:00
dm-cache-policy.h dm cache policy: fix description of lookup fn 2013-05-10 14:37:17 +01:00
dm-cache-target.c dm cache: always split discards on cache block boundaries 2014-06-11 12:03:23 -07:00
dm-crypt.c dm crypt: fix access beyond the end of allocated space 2014-10-05 14:54:12 -07:00
dm-delay.c dm delay: fix a possible deadlock due to shared workqueue 2013-12-20 07:45:11 -08:00
dm-exception-store.c dm: replace simple_strtoul 2012-07-27 15:07:59 +01:00
dm-exception-store.h
dm-flakey.c dm: rename request variables to bios 2013-03-01 22:45:47 +00:00
dm-io.c dm io: reject unsupported DISCARD requests with EOPNOTSUPP 2015-03-18 13:22:34 +01:00
dm-ioctl.c dm ioctl: set noio flag to avoid __vmalloc deadlock 2013-08-04 16:51:02 +08:00
dm-kcopyd.c dm kcopyd: introduce configurable throttling 2013-03-01 22:45:49 +00:00
dm-linear.c dm: rename request variables to bios 2013-03-01 22:45:47 +00:00
dm-log-userspace-base.c Merge branch 'modsplit-Oct31_2011' of git://git.kernel.org/pub/scm/linux/kernel/git/paulg/linux 2011-11-06 19:44:47 -08:00
dm-log-userspace-transfer.c dm log userspace: fix memory leak in dm_ulog_tfr_init failure path 2014-11-14 08:47:55 -08:00
dm-log-userspace-transfer.h
dm-log.c dm: use memweight() 2012-07-30 17:25:16 -07:00
dm-mpath.c dm mpath: fix stalls when handling invalid ioctls 2014-03-06 21:30:13 -08:00
dm-mpath.h
dm-path-selector.c md: Add module.h to all files using it implicitly 2011-10-31 19:31:18 -04:00
dm-path-selector.h
dm-queue-length.c dm: reject trailing characters in sccanf input 2012-03-28 18:41:26 +01:00
dm-raid.c dm raid: ensure superblock's size matches device's logical block size 2014-11-21 09:22:53 -08:00
dm-raid1.c dm mirror: do not degrade the mirror on discard error 2015-03-18 13:22:34 +01:00
dm-region-hash.c dm raid1: fix crash with mirror recovery and discard 2012-07-20 14:25:03 +01:00
dm-round-robin.c dm: reject trailing characters in sccanf input 2012-03-28 18:41:26 +01:00
dm-service-time.c dm: reject trailing characters in sccanf input 2012-03-28 18:41:26 +01:00
dm-snap-persistent.c dm snapshot: fix data corruption 2013-11-04 04:31:06 -08:00
dm-snap-transient.c md: Add in export.h for files using EXPORT_SYMBOL 2011-10-31 19:31:19 -04:00
dm-snap.c dm snapshot: fix a possible invalid memory access on unload 2015-03-18 13:22:34 +01:00
dm-stripe.c dm stripe: fix regression in stripe_width calculation 2013-05-10 14:37:14 +01:00
dm-sysfs.c dm sysfs: fix a module unload race 2014-02-13 13:48:02 -08:00
dm-table.c dm table: fail dm_table_create on dm_round_up overflow 2013-12-20 07:45:11 -08:00
dm-target.c dm: rename request variables to bios 2013-03-01 22:45:47 +00:00
dm-thin-metadata.c dm thin metadata: do not allow the data block size to change 2014-07-28 08:00:07 -07:00
dm-thin-metadata.h dm thin: avoid metadata commit if a pool's thin devices haven't changed 2014-03-06 21:30:13 -08:00
dm-thin.c dm thin: don't allow messages to be sent to a pool target in READ_ONLY or FAIL mode 2015-02-05 22:35:36 -08:00
dm-uevent.c md: Add in export.h for files using EXPORT_SYMBOL 2011-10-31 19:31:19 -04:00
dm-uevent.h
dm-verity.c dm verity: fix inability to use a few specific devices sizes 2013-08-04 16:51:02 +08:00
dm-zero.c dm: rename request variables to bios 2013-03-01 22:45:47 +00:00
dm.c dm: hold suspend_lock while suspending device during device deletion 2015-04-13 14:02:12 +02:00
dm.h dm sysfs: fix a module unload race 2014-02-13 13:48:02 -08:00
faulty.c block: Add bio_end_sector() 2013-03-23 14:15:29 -07:00
Kconfig dm sysfs: fix a module unload race 2014-02-13 13:48:02 -08:00
linear.c block: Add bio_end_sector() 2013-03-23 14:15:29 -07:00
linear.h md/linear: typedef removal: linear_conf_t -> struct linear_conf 2011-10-11 16:48:54 +11:00
Makefile dm sysfs: fix a module unload race 2014-02-13 13:48:02 -08:00
md.c md: use kzalloc() when bitmap is disabled 2015-08-16 20:51:37 -07:00
md.h md: fix problem when adding device to read-only array with bitmap. 2014-01-25 08:27:12 -08:00
multipath.c MD: change the parameter of md thread 2012-10-11 13:34:00 +11:00
multipath.h md/multipath: typedef removal: multipath_conf_t -> struct mpconf 2011-10-11 16:48:57 +11:00
raid0.c block: Change bio_split() to respect the current value of bi_idx 2013-03-23 14:15:30 -07:00
raid0.h md: add proper merge_bvec handling to RAID0 and Linear. 2012-03-19 12:46:39 +11:00
raid1.c md/raid1: fix test for 'was read error from last working device'. 2015-08-10 12:20:30 -07:00
raid1.h md/raid1: prevent merging too large request 2012-07-31 10:03:53 +10:00
raid5.c md/raid5: don't record new size if resize_stripes fails. 2015-06-05 23:19:59 -07:00
raid5.h md/raid5: fix interaction of 'replace' and 'recovery'. 2013-08-04 16:50:54 +08:00
raid10.c md/raid1,raid10: always abort recover on write error. 2014-09-17 09:04:01 -07:00
raid10.h MD RAID10: Improve redundancy for 'far' and 'offset' algorithms (part 1) 2013-02-26 11:55:30 +11:00