forge/linux-uconsole
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions
linux-uconsole/drivers
History
Roland Dreier f9105c23a3 RDMA/ucma: Introduce safer rdma_addr_size() variants 
commit 84652aefb3 upstream.

There are several places in the ucma ABI where userspace can pass in a
sockaddr but set the address family to AF_IB.  When that happens,
rdma_addr_size() will return a size bigger than sizeof struct sockaddr_in6,
and the ucma kernel code might end up copying past the end of a buffer
not sized for a struct sockaddr_ib.

Fix this by introducing new variants

    int rdma_addr_size_in6(struct sockaddr_in6 *addr);
    int rdma_addr_size_kss(struct __kernel_sockaddr_storage *addr);

that are type-safe for the types used in the ucma ABI and return 0 if the
size computed is bigger than the size of the type passed in.  We can use
these new variants to check what size userspace has passed in before
copying any addresses.

Reported-by: <syzbot+6800425d54ed3ed8135d@syzkaller.appspotmail.com>
Signed-off-by: Roland Dreier <roland@purestorage.com>
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2018-04-08 11:51:59 +02:00
..
accessibility
acpi ACPI, PCI, irq: remove redundant check for null string pointer 2018-04-08 11:51:56 +02:00
amba
android binder: add missing binder_unlock() 2018-02-28 10:17:23 +01:00
ata libata: Modify quirks for MX100 to limit NCQ_TRIM quirk to MU01 version 2018-03-28 18:40:14 +02:00
atm atm: horizon: Fix irq release error 2017-12-16 10:33:55 +01:00
auxdisplay
base drivers: base: cacheinfo: fix boot error message when acpi is enabled 2018-01-31 12:06:08 +01:00
bcma bcma: use (get|put)_device when probing/removing device driver 2017-03-12 06:37:30 +01:00
block mtip32xx: use runtime tag to initialize command header 2018-03-24 10:58:44 +01:00
bluetooth Bluetooth: btusb: Fix quirk for Atheros 1525/QCA6174 2018-03-28 18:40:13 +02:00
bus sunxi-rsb: Include OF based modalias in device uevent 2018-01-10 09:27:09 +01:00
cdrom
char ipmi/watchdog: fix wdog hang on panic waiting for ipmi response 2018-03-24 10:58:45 +01:00
clk clk: bcm2835: Protect sections updating shared registers 2018-03-28 18:40:13 +02:00
clocksource clockevents/drivers/cs5535: Improve resilience to spurious interrupts 2017-10-27 10:23:17 +02:00
connector
cpufreq cpufreq/sh: Replace racy task affinity logic 2018-03-24 10:58:41 +01:00
cpuidle cpuidle: fix broadcast control when broadcast can not be entered 2017-12-25 14:22:15 +01:00
crypto crypto: s5p-sss - Fix kernel Oops in AES-ECB mode 2018-02-25 11:03:55 +01:00
dca
devfreq PM / devfreq: Propagate error from devfreq_add_device() 2018-02-22 15:44:58 +01:00
dio
dma dmaengine: ti-dma-crossbar: Fix event mapping for TPCC_EVT_MUX_60_63 2018-03-24 10:58:48 +01:00
dma-buf
edac EDAC, octeon: Fix an uninitialized variable warning 2018-02-16 20:09:47 +01:00
eisa
extcon extcon: palmas: Check the parent instance to prevent the NULL 2017-11-21 09:21:18 +01:00
firewire
firmware efi/esrt: Cleanup bad memory map log messages 2017-12-20 10:04:56 +01:00
fmc
fpga
gpio gpio: xgene: mark PM functions as __maybe_unused 2018-02-25 11:03:50 +01:00
gpu drm: udl: Properly check framebuffer mmap offsets 2018-03-28 18:40:15 +02:00
hid HID: elo: clear BTN_LEFT mapping 2018-03-22 09:23:27 +01:00
hsi HSI: ssi_protocol: double free in ssip_pn_xmit() 2018-03-24 10:58:42 +01:00
hv Drivers: hv: vmbus: fix build warning 2018-02-25 11:03:46 +01:00
hwmon driver: (adm1275) set the m,b and R coefficients correctly for power 2018-03-22 09:23:22 +01:00
hwspinlock
hwtracing coresight: Fix disabling of CoreSight TPIU 2018-03-24 10:58:48 +01:00
i2c i2c: i2c-scmi: add a MS HID 2018-03-24 10:58:41 +01:00
ide
idle idle: i7300: add PCI dependency 2018-02-25 11:03:51 +01:00
iio iio: st_pressure: st_accel: pass correct platform data to init 2018-03-28 18:40:12 +02:00
infiniband RDMA/ucma: Introduce safer rdma_addr_size() variants 2018-04-08 11:51:59 +02:00
input Input: mousedev - fix implicit conversion warning 2018-04-08 11:51:57 +02:00
iommu iommu/vt-d: clean up pr_irq if request_threaded_irq fails 2018-03-24 10:58:48 +01:00
ipack
irqchip irqchip/gic-v3-its: Ensure nr_ites >= nr_lpis 2018-03-22 09:23:31 +01:00
isdn isdn: sc: work around type mismatch warning 2018-02-25 11:03:51 +01:00
leds Revert "led: core: Fix brightness setting when setting delay_off=0" 2018-03-11 16:19:45 +01:00
lguest
lightnvm
macintosh
mailbox mailbox: handle empty message in tx_tick 2017-08-06 19:19:41 -07:00
mcb
md dm ioctl: remove double parentheses 2018-04-08 11:51:57 +02:00
media media: [RESEND] media: dvb-frontends: Add delay to Si2168 restart 2018-03-24 10:58:47 +01:00
memory ARM: OMAP2+: gpmc-onenand: propagate error on initialization failure 2017-12-16 10:33:51 +01:00
memstick
message mptfusion: hide unused seq_mpt_print_ioc_summary function 2018-02-25 11:03:45 +01:00
mfd mfd: palmas: Reset the POWERHOLD mux during power off 2018-03-24 10:58:44 +01:00
misc scsi: ses: don't get power status of SES device slot on probe 2018-03-22 09:23:24 +01:00
mmc mmc: dw_mmc: fix falling from idmac to PIO mode when dw_mci_reset occurs 2018-03-28 18:40:13 +02:00
mtd mtd: jedec_probe: Fix crash in jedec_read_mfr() 2018-04-08 11:51:55 +02:00
net net: systemport: Rewrite __bcm_sysport_tx_reclaim() 2018-03-31 18:12:34 +02:00
nfc NFC: nfcmrvl: double free on error path 2018-03-22 09:23:23 +01:00
ntb ntb_transport: fix bug calculating num_qps_mw 2017-08-30 10:19:29 +02:00
nubus
nvdimm libnvdimm, namespace: make 'resource' attribute only readable by root 2017-11-30 08:37:23 +00:00
nvme nvme: Fix managing degraded controllers 2018-02-16 20:09:47 +01:00
nvmem nvmem: imx-ocotp: Fix wrong register size 2017-08-06 19:19:46 -07:00
of of: fix of_device_get_modalias returned length when truncating buffers 2018-03-22 09:23:21 +01:00
oprofile
parisc parisc: Hide Diva-built-in serial aux and graphics card 2018-01-02 20:33:20 +01:00
parport parisc, parport_gsc: Fixes for printk continuation lines 2017-06-17 06:39:37 +02:00
pci PCI: Make PCI_ROM_ADDRESS_MASK a 32-bit constant 2018-04-08 11:51:57 +02:00
pcmcia
perf drivers/perf: arm_pmu: handle no platform_device 2018-03-22 09:23:26 +01:00
phy phy: work around 'phys' references to usb-nop-xceiv devices 2018-01-23 19:50:16 +01:00
pinctrl pinctrl: Really force states during suspend/resume 2018-03-24 10:58:48 +01:00
platform platform/chrome: Use proper protocol transfer function 2018-03-24 10:58:47 +01:00
pnp
power power: supply: pda_power: move from timer to delayed_work 2018-03-24 10:58:45 +01:00
powercap
pps
ps3
ptp time: Change posix clocks ops interfaces to use timespec64 2018-03-24 10:58:40 +01:00
pwm pwm: tegra: Increase precision in PWM rate calculation 2018-03-22 09:23:27 +01:00
rapidio
ras
regulator regulator: anatop: set default voltage selector for pcie 2018-03-24 10:58:40 +01:00
remoteproc
reset
rpmsg
rtc rtc: ds1374: wdt: Fix stop/start ioctl always returning -EINVAL 2018-03-24 10:58:46 +01:00
s390 s390/qeth: on channel error, reject further cmd requests 2018-03-31 18:12:34 +02:00
sbus
scsi scsi: sg: don't return bogus Sg_requests 2018-03-31 18:12:32 +02:00
sfi
sh
sn
soc
spi spi: dw: Disable clock after unregistering the host 2018-03-24 10:58:41 +01:00
spmi spmi: Include OF based modalias in device uevent 2017-07-27 15:06:10 -07:00
ssb ssb: mark ssb_bus_register as __maybe_unused 2018-02-25 11:03:44 +01:00
staging staging: lustre: ptlrpc: kfree used instead of kvfree 2018-03-28 18:40:17 +02:00
target tcm_fileio: Prevent information leak for short reads 2018-03-24 10:58:45 +01:00
tc
thermal thermal: spear: use __maybe_unused for PM functions 2018-02-25 11:03:44 +01:00
thunderbolt
tty tty: vt: fix up tabstops properly 2018-03-28 18:40:16 +02:00
uio
usb usb: gadget: f_hid: fix: Prevent accessing released memory 2018-04-08 11:51:56 +02:00
uwb uwb: ensure that endpoint is interrupt 2017-10-12 11:27:35 +02:00
vfio vfio-pci: Handle error from pci_iomap 2017-08-06 19:19:46 -07:00
vhost vhost_net: stop device during reset owner 2018-02-16 20:09:38 +01:00
video vgacon: Set VGA struct resource types 2018-03-24 10:58:48 +01:00
virt
virtio virtio_balloon: prevent uninitialized variable use 2018-02-25 11:03:42 +01:00
vlynq
vme vme: Fix wrong pointer utilization in ca91cx42_slave_get 2017-01-19 20:17:21 +01:00
w1 w1: ds2490: USB transfer buffers need to be DMAable 2017-03-12 06:37:29 +01:00
watchdog watchdog: hpwdt: fix unused variable warning 2018-03-18 11:17:50 +01:00
xen xen/gntdev: Fix partial gntdev_mmap() cleanup 2018-03-03 10:19:45 +01:00
zorro
Kconfig
Makefile usb: build drivers/usb/common/ when USB_SUPPORT is set 2018-02-25 11:03:38 +01:00