Benjamin Randazzo b6878d9e03 md: use kzalloc() when bitmap is disabled ... In drivers/md/md.c get_bitmap_file() uses kmalloc() for creating a mdu_bitmap_file_t called "file". 5769 file = kmalloc(sizeof(*file), GFP_NOIO); 5770 if (!file) 5771 return -ENOMEM; This structure is copied to user space at the end of the function. 5786 if (err == 0 && 5787 copy_to_user(arg, file, sizeof(*file))) 5788 err = -EFAULT But if bitmap is disabled only the first byte of "file" is initialized with zero, so it's possible to read some bytes (up to 4095) of kernel space memory from user space. This is an information leak. 5775 /* bitmap disabled, zero the first byte and copy out */ 5776 if (!mddev->bitmap_info.file) 5777 file->pathname[0] = '\0'; Signed-off-by: Benjamin Randazzo <benjamin@randazzo.fr> Signed-off-by: NeilBrown <neilb@suse.com>		2015-08-03 14:56:02 +10:00
..
bcache	bcache: don't embed 'return' statements in closure macros	2015-07-11 09:57:32 -06:00
persistent-data	dm btree: silence lockdep lock inversion in dm_btree_del()	2015-07-06 10:45:02 -04:00
bitmap.c	Some md fixes for 4.2	2015-07-25 11:24:58 -07:00
bitmap.h	md-cluster: re-add capabilities	2015-04-22 07:59:39 +10:00
dm-bio-prison.c	dm bio prison: add dm_cell_promote_or_release()	2015-05-29 14:19:06 -04:00
dm-bio-prison.h	dm bio prison: add dm_cell_promote_or_release()	2015-05-29 14:19:06 -04:00
dm-bio-record.h	dm: Refactor for new bio cloning/splitting	2013-11-23 22:33:55 -08:00
dm-bufio.c	dm bufio: fix time comparison to use time_after_eq()	2015-02-09 13:06:48 -05:00
dm-bufio.h	dm snapshot: use dm-bufio prefetch	2014-01-14 23:23:03 -05:00
dm-builtin.c	dm sysfs: fix a module unload race	2014-01-14 23:23:04 -05:00
dm-cache-block-types.h	dm cache: revert "remove remainder of distinct discard block size"	2014-11-10 15:25:30 -05:00
dm-cache-metadata.c	dm cache: add fail io mode and needs_check flag	2015-06-11 17:13:00 -04:00
dm-cache-metadata.h	dm cache: add fail io mode and needs_check flag	2015-06-11 17:13:00 -04:00
dm-cache-policy-cleaner.c	dm cache: pass a new 'critical' flag to the policies when requesting writeback work	2015-05-29 14:19:04 -04:00
dm-cache-policy-internal.h	dm cache: age and write back cache entries even without active IO	2015-06-11 17:13:01 -04:00
dm-cache-policy-mq.c	dm cache: switch the "default" cache replacement policy from mq to smq	2015-06-17 12:40:38 -04:00
dm-cache-policy-smq.c	dm cache policy smq: fix alloc_bitset check that always evaluates as false	2015-07-27 07:58:15 -04:00
dm-cache-policy.c	dm cache: add policy name to status output	2014-01-16 13:44:11 -05:00
dm-cache-policy.h	dm cache: age and write back cache entries even without active IO	2015-06-11 17:13:01 -04:00
dm-cache-target.c	dm cache: fix device destroy hang due to improper prealloc_used accounting	2015-07-29 14:32:09 -04:00
dm-crypt.c	dm crypt: add comments to better describe crypto processing logic	2015-05-29 14:19:02 -04:00
dm-delay.c	dm delay: use msecs_to_jiffies for time conversion	2015-04-15 12:10:21 -04:00
dm-era-target.c	dm era: check for a non-NULL metadata object before closing it	2014-06-03 13:44:08 -04:00
dm-exception-store.c	dm: replace simple_strtoul	2012-07-27 15:07:59 +01:00
dm-exception-store.h
dm-flakey.c	block: Abstract out bvec iterator	2013-11-23 22:33:47 -08:00
dm-io.c	dm io: deal with wandering queue limits when handling REQ_DISCARD and REQ_WRITE_SAME	2015-02-27 14:53:32 -05:00
dm-ioctl.c	dm: only initialize the request_queue once	2015-04-30 10:25:21 -04:00
dm-kcopyd.c	dm: stop using WQ_NON_REENTRANT	2013-08-23 09:02:13 -04:00
dm-linear.c	block: Abstract out bvec iterator	2013-11-23 22:33:47 -08:00
dm-log-userspace-base.c	dm log userspace base: fix compile warning	2015-04-15 12:10:20 -04:00
dm-log-userspace-transfer.c	dm log userspace transfer: match wait_for_completion_timeout return type	2015-04-15 12:10:20 -04:00
dm-log-userspace-transfer.h
dm-log-writes.c	dm log writes: use ULL suffix for 64-bit constants	2015-05-29 14:19:01 -04:00
dm-log.c	dm: use memweight()	2012-07-30 17:25:16 -07:00
dm-mpath.c	dm mpath: fix leak of dm_mpath_io structure in blk-mq .queue_rq error path	2015-05-27 17:37:22 -04:00
dm-mpath.h
dm-path-selector.c
dm-path-selector.h
dm-queue-length.c	dm: reject trailing characters in sccanf input	2012-03-28 18:41:26 +01:00
dm-raid.c	dm raid: add support for the MD RAID0 personality	2015-05-29 14:19:00 -04:00
dm-raid1.c	dm raid1: keep issuing IO after leg failure	2015-05-29 14:19:02 -04:00
dm-region-hash.c	block: Abstract out bvec iterator	2013-11-23 22:33:47 -08:00
dm-round-robin.c	dm: reject trailing characters in sccanf input	2012-03-28 18:41:26 +01:00
dm-service-time.c	dm: reject trailing characters in sccanf input	2012-03-28 18:41:26 +01:00
dm-snap-persistent.c	dm snapshot: remove unnecessary NULL checks before vfree() calls	2015-02-09 13:06:49 -05:00
dm-snap-transient.c	md: Add in export.h for files using EXPORT_SYMBOL	2011-10-31 19:31:19 -04:00
dm-snap.c	block: remove management of bi_remaining when restoring original bi_end_io	2015-05-22 08:58:55 -06:00
dm-stats.c	dm stats: add support for request-based DM devices	2015-06-17 12:40:41 -04:00
dm-stats.h	dm stats: support precise timestamps	2015-06-17 12:40:40 -04:00
dm-stripe.c	dm stripe: drop useless exit point from dm_stripe_init()	2015-05-29 14:19:01 -04:00
dm-switch.c	dm switch: efficiently support repetitive patterns	2014-08-01 12:30:37 -04:00
dm-sysfs.c	dm: add 'use_blk_mq' module param and expose in per-device ro sysfs attr	2015-04-15 12:10:17 -04:00
dm-table.c	Revert "block, dm: don't copy bios for request clones"	2015-06-26 10:11:58 -04:00
dm-target.c	dm: allocate requests in target when stacking on blk-mq devices	2015-02-09 13:06:47 -05:00
dm-thin-metadata.c	dm thin metadata: fix a race when entering fail mode	2015-06-11 17:13:06 -04:00
dm-thin-metadata.h	dm thin metadata: add dm_thin_remove_range()	2015-06-11 17:13:04 -04:00
dm-thin.c	dm thin: return -ENOSPC when erroring retry list due to out of data space	2015-07-26 17:39:19 -04:00
dm-uevent.c	md: Add in export.h for files using EXPORT_SYMBOL	2011-10-31 19:31:19 -04:00
dm-uevent.h
dm-verity.c	block: remove management of bi_remaining when restoring original bi_end_io	2015-05-22 08:58:55 -06:00
dm-zero.c	dm crypt, dm zero: update author name following legal name change	2014-07-10 16:44:14 -04:00
dm.c	dm: fix use after free crash due to incorrect cleanup sequence	2015-07-13 09:14:11 -04:00
dm.h	- Revert block and DM core changes the removed request-based DM's	2015-06-26 12:35:01 -07:00
faulty.c	md: rename ->stop to ->free	2015-02-04 08:35:52 +11:00
Kconfig	dm crypt: update wiki page URL	2015-07-27 07:58:16 -04:00
linear.c	md: rename ->stop to ->free	2015-02-04 08:35:52 +11:00
linear.h
Makefile	dm cache: add stochastic-multi-queue (smq) policy	2015-06-11 17:12:59 -04:00
md-cluster.c	Fix read-balancing during node failure	2015-07-24 13:37:59 +10:00
md-cluster.h	Fix read-balancing during node failure	2015-07-24 13:37:59 +10:00
md.c	md: use kzalloc() when bitmap is disabled	2015-08-03 14:56:02 +10:00
md.h	writeback: separate out include/linux/backing-dev-defs.h	2015-06-02 08:33:34 -06:00
multipath.c	md: rename ->stop to ->free	2015-02-04 08:35:52 +11:00
multipath.h
raid0.c	md/raid0: fix restore to sector variable in raid0_make_request	2015-05-21 09:14:25 +10:00
raid0.h	md: add proper merge_bvec handling to RAID0 and Linear.	2012-03-19 12:46:39 +11:00
raid1.c	md/raid1: extend spinlock to protect raid1_end_read_request against inconsistencies	2015-08-03 12:29:42 +10:00
raid1.h	md: make ->congested robust against personality changes.	2015-02-04 08:35:52 +11:00
raid5.c	md/raid5: clear R5_NeedReplace when no longer needed.	2015-07-24 13:38:04 +10:00
raid5.h	md/raid5: avoid races when changing cache size.	2015-07-22 14:04:15 +10:00
raid10.c	md/raid10: always set reshape_safe when initializing reshape_position.	2015-07-22 14:08:24 +10:00
raid10.h	md: make ->congested robust against personality changes.	2015-02-04 08:35:52 +11:00