Seth/kernel_amazon_mt8127-common
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ec8c69ea4541f353451dffefd4fe1ef0f4640f3b
kernel_amazon_mt8127-common/drivers
T
History
Dan Carpenter c5378d27ad scsi: qla2xxx: Fix an integer overflow in sysfs code 
commit e6f77540c067b48dee10f1e33678415bfcc89017 upstream.

The value of "size" comes from the user.  When we add "start + size" it
could lead to an integer overflow bug.

It means we vmalloc() a lot more memory than we had intended.  I believe
that on 64 bit systems vmalloc() can succeed even if we ask it to
allocate huge 4GB buffers.  So we would get memory corruption and likely
a crash when we call ha->isp_ops->write_optrom() and ->read_optrom().

Only root can trigger this bug.

Link: https://bugzilla.kernel.org/show_bug.cgi?id=194061

Cc: <stable@vger.kernel.org>
Fixes: b7cc176c9e ("[SCSI] qla2xxx: Allow region-based flash-part accesses.")
Reported-by: shqking <shqking@gmail.com>
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Willy Tarreau <w@1wt.eu>
2017-11-02 10:46:01 +01:00
..
accessibility
acpi
ACPI / APEI: Add missing synchronize_rcu() on NOTIFY_SCI removal
2017-11-02 10:45:59 +01:00
amba
ata
libata: array underflow in ata_find_dev()
2017-11-01 22:12:44 +01:00
atm
auxdisplay
auxdisplay: ks0108: fix refcount
2015-09-21 10:00:09 -07:00
base
PM / Domains: Fix unsafe iteration over modified list of device links
2017-11-01 22:12:43 +01:00
bcma
bcma: use (get|put)_device when probing/removing device driver
2017-06-20 14:04:24 +02:00
block
drbd: Fix kernel_sendmsg() usage - potential NULL deref
2017-02-10 11:03:59 +01:00
bluetooth
Bluetooth: vhci: purge unhandled skbs
2016-06-07 10:42:55 +02:00
bus
cdrom
char
virtio-console: avoid DMA from stack
2017-06-20 14:04:47 +02:00
clk
clk: clk-wm831x: fix a logic error
2017-06-08 00:46:53 +02:00
clocksource
clocksource/drivers/vt8500: Increase the minimum delta
2016-03-03 15:06:20 -08:00
connector
connector: bump skb->users before callback invocation
2016-01-28 21:49:33 -08:00
cpufreq
cpufreq: s3c2416: double free on driver init error path
2017-11-02 07:16:29 +01:00
cpuidle
crypto
crypto: caam - fix signals handling
2017-11-02 10:45:57 +01:00
dca
devfreq
PM / devfreq: Fix incorrect type issue.
2017-02-06 09:04:07 +01:00
dio
dma
dmaengine: mv_xor: bug fix for racing condition in descriptors cleanup
2015-08-03 09:29:46 -07:00
edac
EDAC: Increment correct counter in edac_inc_ue_error()
2017-02-10 11:03:36 +01:00
eisa
extcon
firewire
firewire: net: fix fragmented datagram_size off-by-one
2017-02-10 11:03:51 +01:00
firmware
efi: Fix out-of-bounds read in variable_matches()
2016-06-07 10:42:51 +02:00
gpio
gpio: mpc8xxx: Correct irq handler function
2017-02-10 11:04:03 +01:00
gpu
drm/vmwgfx: Handle vmalloc() failure in vmw_local_fifo_reserve()
2017-11-02 07:16:26 +01:00
hid
HID: i2c-hid: Add sleep between POWER ON and RESET
2017-06-20 14:04:41 +02:00
hsi
hv
Drivers: hv: get rid of timeout in vmbus_open()
2017-06-20 14:04:48 +02:00
hwmon
hwmon: (ds620) Fix overflows seen when writing temperature limits
2017-06-08 00:46:53 +02:00
hwspinlock
i2c
i2c: fix kernel memory disclosure in dev interface
2017-06-20 14:04:06 +02:00
ide
idle
iio
iio: accel: kxsd9: Fix scaling bug
2017-02-10 11:03:35 +01:00
infiniband
rdma_cm: fail iwarp accepts w/o connection params
2017-06-20 14:04:24 +02:00
input
Input: i8042 - add Clevo P650RS to the i8042 reset list
2017-06-20 14:03:30 +02:00
iommu
iommu/amd: Finish TLB flush in amd_iommu_unmap()
2017-11-02 07:09:50 +01:00
ipack
irqchip
isdn
ISDN: eicon: silence misleading array-bounds warning
2017-06-20 14:04:16 +02:00
leds
lguest
macintosh
windfarm: decrement client count when unregistering
2015-10-22 14:37:49 -07:00
mailbox
md
md: fix super_offset endianness in super_1_rdev_size_change
2017-11-02 07:16:19 +01:00
media
ir-core: fix gcc-7 warning on bool arithmetic
2017-11-02 10:45:57 +01:00
memory
memstick
message
mfd
mfd: omap-usb-tll: Fix inverted bit use for USB TLL mode
2017-11-02 07:16:27 +01:00
misc
drivers/misc/c2port/c2port-duramar2150.c: checking for NULL instead of IS_ERR()
2017-11-02 07:16:28 +01:00
mmc
mmc: sdhci: Do not disable interrupts while waiting for clock
2017-06-20 14:04:35 +02:00
mtd
ubi/upd: Always flush after prepared for an update
2017-06-20 14:04:48 +02:00
net
qlge: avoid memcpy buffer overflow
2017-11-02 10:46:00 +01:00
nfc
ntb
nubus
of
of/address: Don't loop forever in of_find_matching_node_by_address().
2015-09-21 10:00:09 -07:00
oprofile
parisc
parisc iommu: fix panic due to trying to allocate too large region
2016-01-28 21:49:36 -08:00
parport
pci
powerpc/pci/rpadlpar: Fix device reference leaks
2017-06-08 00:46:53 +02:00
pcmcia
pinctrl
pinctrl: sh-pfc: Do not unconditionally support PIN_CONFIG_BIAS_DISABLE
2017-06-20 14:04:07 +02:00
platform
platform/x86: acer-wmi: setup accelerometer when ACPI device was found
2017-06-20 14:04:46 +02:00
pnp
ACPI / PNP: Reserve ACPI resources at the fs_initcall_sync stage
2017-06-08 00:47:06 +02:00
power
wm831x_power: Use IRQF_ONESHOT to request threaded IRQs
2016-03-03 15:06:20 -08:00
pps
ps3
ptp
pwm
rapidio
regulator
regulator: tps65910: Work around silicon erratum SWCZ010
2017-02-10 11:04:08 +01:00
remoteproc
remoteproc: avoid stack overflow in debugfs file
2016-02-19 14:22:37 -08:00
reset
rpmsg
rtc
rtc: s35390a: improve irq handling
2017-06-20 14:04:40 +02:00
s390
scsi: zfcp: trace HBA FSF response by default on dismiss or timedout late response
2017-11-02 07:09:50 +01:00
sbus
scsi
scsi: qla2xxx: Fix an integer overflow in sysfs code
2017-11-02 10:46:01 +01:00
sfi
sh
sn
spi
spi: spi-xilinx: cleanup a check in xilinx_spi_txrx_bufs()
2016-08-27 11:40:41 +02:00
ssb
ssb: Fix error routine when fallback SPROM fails
2017-06-20 14:03:20 +02:00
ssbi
staging
staging:iio:resolver:ad2s1210 fix negative IIO_ANGL_VEL read
2017-11-02 10:45:59 +01:00
target
target: Avoid mappedlun symlink creation during lun shutdown
2017-11-01 22:12:44 +01:00
tc
thermal
thermal: hwmon: Properly report critical temperature in sysfs
2017-02-10 11:03:35 +01:00
tty
serial: efm32: Fix parity management in 'efm32_uart_console_get_options()'
2017-11-02 07:16:26 +01:00
uio
uio: fix dmem_region_start computation
2017-02-10 11:04:03 +01:00
usb
usb: r8a66597-hcd: decrease timeout
2017-11-02 07:16:28 +01:00
uwb
uwb: hwa-rc: fix NULL-deref at probe
2017-06-08 00:47:05 +02:00
vfio
vfio/pci: Fix integer overflows, bitmask check
2017-06-20 14:04:13 +02:00
vhost
vhost/scsi: potential memory corruption
2015-10-01 12:07:34 +02:00
video
xen, fbfront: fix connecting to backend
2017-06-20 14:04:45 +02:00
virt
virtio
virtio_balloon: init 1st buffer in stats vq
2017-06-20 14:04:37 +02:00
vlynq
vme
vme: Fix wrong pointer utilization in ca91cx42_slave_get
2017-06-20 14:04:07 +02:00
w1
watchdog
watchdog: rc32434_wdt: fix ioctl error handling
2016-06-07 10:42:46 +02:00
xen
xen-pciback: Add name prefix to global 'permissive' variable
2017-02-06 23:32:50 +01:00
zorro
Kconfig
Makefile