Piteball
/
android_kernel_google_msm
mirror of https://github.com/followmsi/android_kernel_google_msm.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
android_kernel_google_msm/block
History
Jens Axboe 45fdc587f1 genhd: check for int overflow in disk_expand_part_tbl() 
commit 5fabcb4c33fe11c7e3afdf805fde26c1a54d0953 upstream.

We can get here from blkdev_ioctl() -> blkpg_ioctl() -> add_partition()
with a user passed in partno value. If we pass in 0x7fffffff, the
new target in disk_expand_part_tbl() overflows the 'int' and we
access beyond the end of ptbl->part[] and even write to it when we
do the rcu_assign_pointer() to assign the new partition.

Reported-by: David Ramos <daramos@stanford.edu>
Signed-off-by: Jens Axboe <axboe@fb.com>
Signed-off-by: Zefan Li <lizefan@huawei.com>
 		2015-04-14 17:33:42 +08:00
..
partitions LDM: Fix reassembly of extended VBLKs. 2012-02-24 09:37:42 +00:00
Kconfig move fs/partitions to block/ 2012-01-03 22:54:06 -05:00
Kconfig.iosched
Makefile separate partition format handling from generic code 2012-01-03 22:54:06 -05:00
blk-cgroup.c Merge branch 'for-3.4' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup 2012-03-20 18:11:21 -07:00
blk-cgroup.h block: fix a typo in the blk-cgroup.h file 2011-10-24 16:08:38 +02:00
blk-core.c blktrace: fix accounting of partially completed requests 2014-05-18 05:25:55 -07:00
blk-exec.c block: Don't access request after it might be freed 2014-03-11 16:10:06 -07:00
blk-flush.c blk-flush: move the queue kick into 2011-10-24 16:24:31 +02:00
blk-integrity.c block: add export.h to files using EXPORT_SYMBOL/THIS_MODULE macros 2011-10-31 19:31:12 -04:00
blk-ioc.c block: fix ioc leak in put_io_context 2012-03-14 15:34:48 +01:00
blk-iopoll.c
blk-lib.c block: add cond_resched() to potentially long running ioctl discard loop 2014-02-22 10:32:46 -08:00
blk-map.c block: re-use existing 'reading' variable instead of checking direction again 2011-12-21 15:27:24 +01:00
blk-merge.c block: separate out blk_rq_merge_ok() and blk_try_merge() from elevator functions 2012-02-08 09:19:38 +01:00
blk-settings.c block: fix alignment_offset math that assumes io_min is a power-of-2 2015-02-02 17:04:48 +08:00
blk-softirq.c sched, block: Unify cache detection 2012-01-27 13:28:48 +01:00
blk-sysfs.c block: avoid using uninitialized value in from queue_var_store 2013-04-12 09:38:46 -07:00
blk-tag.c block: don't assume last put of shared tags is for the host 2014-07-31 12:54:51 -07:00
blk-throttle.c block: use lockdep_assert_held for queue locking 2012-03-30 12:33:28 +02:00
blk-timeout.c block: fix race between request completion and timeout handling 2013-11-29 10:50:35 -08:00
blk.h Merge branch 'linus' into sched/core 2012-03-01 10:26:43 +01:00
bsg-lib.c block: Change module.h -> export.h in bsg-lib.c 2011-10-31 19:31:13 -04:00
bsg.c bsg: fix sysfs link remove warning 2012-02-08 20:02:03 +01:00
cfq-iosched.c block: Make cfq_target_latency tunable through sysfs. 2012-04-01 14:33:39 -07:00
cfq.h
compat_ioctl.c block: Add BLKROTATIONAL ioctl 2012-01-11 16:29:31 +01:00
deadline-iosched.c block, cfq: move icq cache management to block core 2011-12-14 00:33:42 +01:00
elevator.c elevator: acquire q->sysfs_lock in elevator_change() 2013-12-08 07:29:43 -08:00
genhd.c genhd: check for int overflow in disk_expand_part_tbl() 2015-04-14 17:33:42 +08:00
ioctl.c Merge branch 'for-3.3/core' of git://git.kernel.dk/linux-block 2012-01-15 12:24:45 -08:00
noop-iosched.c block, cfq: move icq cache management to block core 2011-12-14 00:33:42 +01:00
partition-generic.c block: Fix dev_t minor allocation lifetime 2014-12-01 18:02:26 +08:00
scsi_ioctl.c scsi: Fix error handling in SCSI_IOCTL_SEND_COMMAND 2015-02-02 17:05:03 +08:00