brain-hackers_pepepper-mirror/linux-brain
1
0
Fork 0
mirror of https://github.com/brain-hackers/linux-brain.git synced 2024-06-09 23:36:23 +09:00
Code Issues Projects Releases Wiki Activity
4.19.x+fslc
linux-brain/drivers/nvdimm
History
Dan Carpenter b7c5dc73e1 libnvdimm: Out of bounds read in __nd_ioctl() 
[ Upstream commit f84afbdd3a9e5e10633695677b95422572f920dc ]

The "cmd" comes from the user and it can be up to 255.  It it's more
than the number of bits in long, it results out of bounds read when we
check test_bit(cmd, &cmd_mask).  The highest valid value for "cmd" is
ND_CMD_CALL (10) so I added a compare against that.

Fixes: 62232e45f4 ("libnvdimm: control (ioctl) messages for nvdimm_bus and nvdimm devices")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Link: https://lore.kernel.org/r/20200225162055.amtosfy7m35aivxg@kili.mountain
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2020-04-23 10:30:22 +02:00
..
badrange.c libnvdimm, badrange: remove a WARN for list_empty 2017-11-02 10:42:30 -07:00
blk.c for-4.17/block-20180402 2018-04-05 14:27:02 -07:00
btt_devs.c libnvdimm/btt: Fix a kmemdup failure check 2019-05-16 19:41:19 +02:00
btt.c libnvdimm/btt: fix variable 'rc' set but not used 2020-01-04 19:13:00 +01:00
btt.h libnvdimm, btt: Fix an incompatibility in the log layout 2017-12-21 14:59:27 -08:00
bus.c libnvdimm: Out of bounds read in __nd_ioctl() 2020-04-23 10:30:22 +02:00
claim.c libnvdimm, pmem: Fix memcpy_mcsafe() return code handling in nsio_rw_bytes() 2018-06-28 18:21:30 -07:00
core.c libnvdimm: remove redundant __func__ in dev_dbg 2018-03-06 08:44:17 -08:00
dax_devs.c libnvdimm/pfn: fix fsdax-mode namespace info-block zero-fields 2019-07-26 09:14:27 +02:00
dimm_devs.c libnvdimm: Use max contiguous area for namespace size 2018-07-25 14:11:09 -07:00
dimm.c libnvdimm: Introduce locked DIMM capacity support 2018-07-14 10:27:00 -07:00
e820.c libnvdimm, e820: Register all pmem resources 2018-06-02 17:05:43 -07:00
Kconfig Revert "libnvdimm, of_pmem: workaround OF_NUMA=n build error" 2018-04-19 15:10:56 -07:00
label.c libnvdimm: Fix compilation warnings with W=1 2019-06-19 08:18:03 +02:00
label.h libnvdimm: Fix compilation warnings with W=1 2019-06-19 08:18:03 +02:00
Makefile libnvdimm: Add device-tree based driver 2018-04-07 07:53:23 -07:00
namespace_devs.c libnvdimm/namespace: Fix label tracking error 2019-05-22 07:37:45 +02:00
nd-core.h libnvdimm/bus: Stop holding nvdimm_bus_list_mutex over __nd_ioctl() 2019-07-31 07:27:11 +02:00
nd.h libnvdimm/namespace: Fix label tracking error 2019-05-22 07:37:45 +02:00
of_pmem.c libnvdimm, of_pmem: use dev_to_node() instead of of_node_to_nid() 2018-04-19 15:07:10 -07:00
pfn_devs.c libnvdimm/pfn: fix fsdax-mode namespace info-block zero-fields 2019-07-26 09:14:27 +02:00
pfn.h libnvdimm/pfn: fix fsdax-mode namespace info-block zero-fields 2019-07-26 09:14:27 +02:00
pmem.c libnvdimm/pmem: Bypass CONFIG_HARDENED_USERCOPY overhead 2019-05-31 06:46:01 -07:00
pmem.h libnvdimm, pmem: Restore page attributes when clearing errors 2018-08-20 09:22:45 -07:00
region_devs.c libnvdimm/region: Initialize bad block for volatile namespaces 2019-10-11 18:21:20 +02:00
region.c libnvdimm/region: Initialize bad block for volatile namespaces 2019-10-11 18:21:20 +02:00