Piteball
/
android_kernel_samsung_msm8976
mirror of https://github.com/team-infusion-developers/android_kernel_samsung_msm8976.git
1
1
Fork 0
Code Issues Projects Releases Wiki Activity
android_kernel_samsung_msm8976/block
History
Jens Axboe dd4fb6fc5d genhd: check for int overflow in disk_expand_part_tbl() 
commit 5fabcb4c33fe11c7e3afdf805fde26c1a54d0953 upstream.

We can get here from blkdev_ioctl() -> blkpg_ioctl() -> add_partition()
with a user passed in partno value. If we pass in 0x7fffffff, the
new target in disk_expand_part_tbl() overflows the 'int' and we
access beyond the end of ptbl->part[] and even write to it when we
do the rcu_assign_pointer() to assign the new partition.

Reported-by: David Ramos <daramos@stanford.edu>
Signed-off-by: Jens Axboe <axboe@fb.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 		2015-01-16 06:59:02 -08:00
..
partitions partitions/efi.c: replace useless kzalloc's by kmalloc's 2013-04-30 08:34:25 +02:00
Kconfig block: don't select PERCPU_RWSEM 2013-02-22 10:42:45 +01:00
Kconfig.iosched blkcg: make CONFIG_BLK_CGROUP bool 2012-03-06 21:27:21 +01:00
Makefile separate partition format handling from generic code 2012-01-03 22:54:06 -05:00
blk-cgroup.c blkcg: don't call into policy draining if root_blkg is already gone 2014-09-17 09:04:02 -07:00
blk-cgroup.h Update of blkg_stat and blkg_rwstat may happen in bh context. While u64_stats_fetch_retry is only preempt_disable on 32bit UP system. This is not enough to avoid preemption by bh and may read strange 64 bit value. 2013-12-11 22:36:27 -08:00
blk-core.c blktrace: fix accounting of partially completed requests 2014-05-30 21:52:11 -07:00
blk-exec.c Merge branch 'for-3.9/core' of git://git.kernel.dk/linux-block 2013-02-28 12:52:24 -08:00
blk-flush.c Block: blk-flush: Fixed indent code style 2013-03-22 12:22:51 -06:00
blk-integrity.c scatterlist: introduce sg_unmark_end 2013-03-20 15:43:04 +10:30
blk-ioc.c hlist: drop the node parameter from iterators 2013-02-27 19:10:24 -08:00
blk-iopoll.c tree-wide: fix assorted typos all over the place 2009-12-04 15:39:55 +01:00
blk-lib.c block: add cond_resched() to potentially long running ioctl discard loop 2014-02-22 12:41:28 -08:00
blk-map.c block: re-use existing 'reading' variable instead of checking direction again 2011-12-21 15:27:24 +01:00
blk-merge.c scatterlist: introduce sg_unmark_end 2013-03-20 15:43:04 +10:30
blk-settings.c block: fix alignment_offset math that assumes io_min is a power-of-2 2014-11-14 08:47:55 -08:00
blk-softirq.c sched, block: Unify cache detection 2012-01-27 13:28:48 +01:00
blk-sysfs.c block: avoid using uninitialized value in from queue_var_store 2013-04-03 21:53:57 +02:00
blk-tag.c block: don't assume last put of shared tags is for the host 2014-07-31 12:53:48 -07:00
blk-throttle.c block: Rename queue dead flag 2012-12-06 14:30:58 +01:00
blk-timeout.c block: fix race between request completion and timeout handling 2013-11-29 11:11:50 -08:00
blk.h block: __elv_next_request() shouldn't call into the elevator if bypassing 2014-02-22 12:41:28 -08:00
bsg-lib.c bsg: Remove unused function bsg_goose_queue() 2012-12-06 14:33:02 +01:00
bsg.c hlist: drop the node parameter from iterators 2013-02-27 19:10:24 -08:00
cfq-iosched.c cfq-iosched: Fix wrong children_weight calculation 2014-10-05 14:54:08 -07:00
compat_ioctl.c block: provide compat ioctl for BLKZEROOUT 2014-07-31 12:53:48 -07:00
deadline-iosched.c elevator: Fix a race in elevator switching 2013-08-20 08:43:03 -07:00
elevator.c elevator: acquire q->sysfs_lock in elevator_change() 2013-12-08 07:29:27 -08:00
genhd.c genhd: check for int overflow in disk_expand_part_tbl() 2015-01-16 06:59:02 -08:00
ioctl.c Merge branch 'for-3.7/core' of git://git.kernel.dk/linux-block 2012-10-11 09:04:23 +09:00
noop-iosched.c elevator: Fix a race in elevator switching 2013-08-20 08:43:03 -07:00
partition-generic.c block: Fix dev_t minor allocation lifetime 2014-10-05 14:54:12 -07:00
scsi_ioctl.c scsi: Fix error handling in SCSI_IOCTL_SEND_COMMAND 2014-11-14 08:47:59 -08:00