Al Viro 823a2a0330 sg_write()/bsg_write() is not fit to be called under KERNEL_DS ...

commit 128394eff343fc6d2f32172f03e24829539c5835 upstream.

Both damn things interpret userland pointers embedded into the payload;
worse, they are actually traversing those.  Leaving aside the bad
API design, this is very much _not_ safe to call with KERNEL_DS.
Bail out early if that happens.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Willy Tarreau <w@1wt.eu>

2017-06-20 14:03:25 +02:00

..

partitions

mac: validate mac_partition is within sector

2016-03-03 15:06:21 -08:00

blk-cgroup.c

blkcg: fix gendisk reference leak in blkg_conf_prep()

2015-08-10 12:20:30 -07:00

blk-cgroup.h

Update of blkg_stat and blkg_rwstat may happen in bh context. While u64_stats_fetch_retry is only preempt_disable on 32bit UP system. This is not enough to avoid preemption by bh and may read strange 64 bit value.

2013-12-11 22:36:27 -08:00

blk-core.c

SCSI: Fix NULL pointer dereference in runtime PM

2016-02-25 11:57:47 -08:00

blk-exec.c

Merge branch 'for-3.9/core' of git://git.kernel.dk/linux-block

2013-02-28 12:52:24 -08:00

blk-flush.c

Block: blk-flush: Fixed indent code style

2013-03-22 12:22:51 -06:00

blk-integrity.c

scatterlist: introduce sg_unmark_end

2013-03-20 15:43:04 +10:30

blk-ioc.c

hlist: drop the node parameter from iterators

2013-02-27 19:10:24 -08:00

blk-iopoll.c

tree-wide: fix assorted typos all over the place

2009-12-04 15:39:55 +01:00

blk-lib.c

block: add cond_resched() to potentially long running ioctl discard loop

2014-02-22 12:41:28 -08:00

blk-map.c

block: re-use existing 'reading' variable instead of checking direction again

2011-12-21 15:27:24 +01:00

blk-merge.c

scatterlist: introduce sg_unmark_end

2013-03-20 15:43:04 +10:30

blk-settings.c

block: fix alignment_offset math that assumes io_min is a power-of-2

2014-11-14 08:47:55 -08:00

blk-softirq.c

sched, block: Unify cache detection

2012-01-27 13:28:48 +01:00

blk-sysfs.c

block: avoid using uninitialized value in from queue_var_store

2013-04-03 21:53:57 +02:00

blk-tag.c

block: don't assume last put of shared tags is for the host

2014-07-31 12:53:48 -07:00

blk-throttle.c

blk-throttle: check stats_cpu before reading it from sysfs

2015-03-06 14:40:54 -08:00

blk-timeout.c

block: fix race between request completion and timeout handling

2013-11-29 11:11:50 -08:00

blk.h

block: __elv_next_request() shouldn't call into the elevator if bypassing

2014-02-22 12:41:28 -08:00

bsg-lib.c

bsg: Remove unused function bsg_goose_queue()

2012-12-06 14:33:02 +01:00

bsg.c

sg_write()/bsg_write() is not fit to be called under KERNEL_DS

2017-06-20 14:03:25 +02:00

cfq-iosched.c

cfq: fix starvation of asynchronous writes

2017-02-10 11:03:58 +01:00

compat_ioctl.c

block: provide compat ioctl for BLKZEROOUT

2014-07-31 12:53:48 -07:00

deadline-iosched.c

elevator: Fix a race in elevator switching

2013-08-20 08:43:03 -07:00

elevator.c

elevator: acquire q->sysfs_lock in elevator_change()

2013-12-08 07:29:27 -08:00

genhd.c

block: fix del_gendisk() vs blkdev_ioctl crash

2017-06-20 08:02:37 +02:00

ioctl.c

Merge branch 'for-3.7/core' of git://git.kernel.dk/linux-block

2012-10-11 09:04:23 +09:00

Kconfig

block: don't select PERCPU_RWSEM

2013-02-22 10:42:45 +01:00

Kconfig.iosched

blkcg: make CONFIG_BLK_CGROUP bool

2012-03-06 21:27:21 +01:00

Makefile

separate partition format handling from generic code

2012-01-03 22:54:06 -05:00

noop-iosched.c

elevator: Fix a race in elevator switching

2013-08-20 08:43:03 -07:00

partition-generic.c

block: Fix dev_t minor allocation lifetime

2014-10-05 14:54:12 -07:00

scsi_ioctl.c

block: allow WRITE_SAME commands with the SG_IO ioctl

2017-06-20 08:02:37 +02:00