asgardius/android_kernel_motorola_sm6225
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
android_kernel_motorola_sm6225/drivers
History
Jonathan Brassow ebfd32bba9 dm log: userspace fix overhead_size calcuations 
This patch fixes two bugs that revolve around the miscalculation and
misuse of the variable 'overhead_size'.  'overhead_size' is the size of
the various header structures used during communication.

The first bug is the use of 'sizeof' with the pointer of a structure
instead of the structure itself - resulting in the wrong size being
computed.  This is then used in a check to see if the payload
(data_size) would be to large for the preallocated structure.  Since the
bug produces a smaller value for the overhead, it was possible for the
structure to be breached.  (Although the current users of the code do
not currently send enough data to trigger this bug.)

The second bug is that the 'overhead_size' value is used to compute how
much of the preallocated space should be cleared before populating it
with fresh data.  This should have simply been 'sizeof(struct cn_msg)'
not overhead_size.  The fact that 'overhead_size' was computed
incorrectly made this problem "less bad" - leaving only a pointer's
worth of space at the end uncleared.  Thus, this bug was never producing
a bad result, but still needs to be fixed - especially now that the
value is computed correctly.

Cc: stable@kernel.org
Signed-off-by: Jonathan Brassow <jbrassow@redhat.com
Signed-off-by: Alasdair G Kergon <agk@redhat.com>
2010-02-16 18:42:53 +00:00
..
accessibility
acpi Merge branch 'bugzilla-14954' into release 2010-01-20 01:26:22 -05:00
amba
ata [libata] Call flush_dcache_page after PIO data transfers in libata-sff.c 2010-02-04 01:04:50 -05:00
atm drivers/atm: Correct code taking the size of a pointer 2009-12-13 19:56:33 -08:00
auxdisplay
base Revert "sysdev: fix prototype for memory_sysdev_class show/store functions" 2010-01-20 15:02:13 -08:00
block cciss: Make cciss_seq_show handle holes in the h->drv[] array 2010-02-05 13:15:36 +01:00
bluetooth Bluetooth: Fix memory leak in Marvell BT-over-SDIO driver 2010-02-03 19:08:30 -08:00
cdrom
char Merge branch 'x86-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip 2010-02-11 14:01:10 -08:00
clocksource cs5535: add a generic clock event MFGPT driver 2009-12-15 08:53:28 -08:00
connector connector: Delete buggy notification code. 2010-02-02 15:58:48 -08:00
cpufreq [CPUFREQ] Fix ondemand to not request targets outside policy limits 2010-01-13 10:55:16 -05:00
cpuidle drivers/cpuidle/governors/menu.c: fix undefined reference to `__udivdi3' 2010-01-11 09:34:07 -08:00
crypto crypto: padlock-sha - Add import/export support 2010-02-02 06:50:25 +11:00
dca
dio
dma drivers/dma: Correct NULL test 2010-02-10 12:07:28 -07:00
edac Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/bp/bp 2010-02-11 14:07:13 -08:00
eisa
firewire firewire: ohci: retransmit isochronous transmit packets on cycle loss 2010-02-14 15:10:41 +01:00
firmware firmware: only allow EDD on x86 2009-12-15 08:53:34 -08:00
gpio gpio: adp5588-gpio: new driver for ADP5588 GPIO expanders 2010-01-11 09:34:07 -08:00
gpu drm/radeon/kms: make sure retry count increases. 2010-02-15 15:24:48 +10:00
hid Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid 2010-01-13 16:10:13 -08:00
hwmon hwmon: (w83781d) Request I/O ports individually for probing 2010-02-05 19:58:36 +01:00
i2c i2c-tiny-usb: Fix on big-endian systems 2010-02-05 17:48:13 +01:00
ide
idle cpumask: convert drivers/idle/i7300_idle.c to cpumask_var_t 2009-12-17 11:43:25 +10:30
ieee1394 firewire, ieee1394: update Kconfig help 2009-12-29 19:58:17 +01:00
ieee802154
infiniband Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/roland/infiniband 2010-02-11 14:01:25 -08:00
input Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input 2010-02-11 14:03:42 -08:00
isdn Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6 2010-01-12 20:53:29 -08:00
leds leds: leds-pwm: Set led_classdev max_brightness 2009-12-17 11:42:34 +00:00
lguest lguest: fix bug in setting guest GDT entry 2010-01-04 12:33:33 -08:00
macintosh powerpc/macintosh: Make Open Firmware device id constant 2010-01-15 13:26:04 +11:00
mca
md dm log: userspace fix overhead_size calcuations 2010-02-16 18:42:53 +00:00
media V4L/DVB: dvb-core: fix initialization of feeds list in demux filter 2010-02-08 10:47:17 -02:00
memstick
message [SCSI] mptfusion : mptscsih_abort return value should be SUCCESS instead of value 0. 2010-02-08 13:40:17 -06:00
mfd mfd: Fix asic3 build 2010-01-29 21:03:09 +01:00
misc Merge git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi-misc-2.6 2009-12-17 16:38:48 -08:00
mmc mmc_test: block addressed cards 2010-02-11 13:59:42 -08:00
mtd Merge branch 'for-linus' of git://git.infradead.org/ubi-2.6 2010-01-28 12:57:50 -08:00
net drivers/net: Correct NULL test 2010-02-08 22:44:18 -08:00
nubus
of
oprofile Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/percpu 2009-12-14 09:58:24 -08:00
parisc parisc: Fixup last users of irq_chip->typename 2009-12-16 03:48:56 +00:00
parport parport_pc.c: use correct length in strncmp 2009-12-16 07:20:12 -08:00
pci CS5536: apply pci quirk for BIOS SMBUS bug 2010-02-05 07:36:50 -08:00
pcmcia Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jbarnes/pci-2.6 2009-12-30 13:13:24 -08:00
platform Merge branch 'misc' into release 2010-01-20 01:23:27 -05:00
pnp Merge branch 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux-acpi-2.6 2009-12-16 12:33:19 -08:00
power wm97xx_battery: Handle missing platform data gracefully 2010-01-29 17:00:18 +03:00
pps
ps3
rapidio
regulator regulator/lp3971: vol_map out of bounds in lp3971_{ldo,dcdc}_set_voltage() 2010-02-12 11:39:49 +00:00
rtc rtc-fm3130: add missing braces 2010-02-02 18:11:21 -08:00
s390 Merge git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi-rc-fixes-2.6 2010-02-11 14:05:55 -08:00
sbus bbc_envctrl: Clean up properly if kthread_run() fails. 2010-01-04 15:31:10 -08:00
scsi [SCSI] qla2xxx: Obtain proper host structure during response-queue processing. 2010-02-08 13:45:55 -06:00
serial uartlite: fix crash when using as console 2010-02-02 18:11:22 -08:00
sfi
sh
sn ioc3/ioc4: fix error path on driver registration 2009-12-15 08:53:27 -08:00
spi spi: spi_sh_msiof: Fixed data sampling on the correct edge 2010-02-02 11:29:15 +09:00
ssb
staging Merge branch 'drm-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/airlied/drm-2.6 2010-02-01 10:46:49 -08:00
tc
telephony
thermal Merge branch 'misc-2.6.33' into release 2009-12-16 14:22:32 -05:00
uio const: constify remaining dev_pm_ops 2009-12-15 08:53:25 -08:00
usb usb: r8a66597-hcd: Fix up spinlock recursion in root hub polling. 2010-02-05 11:53:28 +09:00
uwb
video imxfb: correct location of callbacks in suspend and resume 2010-02-02 18:11:22 -08:00
virtio virtio: fix section mismatch warnings 2010-01-16 12:15:39 -08:00
vlynq
w1
watchdog [WATCHDOG] sbc_fitpc2_wdt: fix I/O space access technique. 2010-01-25 19:48:49 +00:00
xen xen: fix hang on suspend. 2010-01-13 10:01:35 +00:00
zorro
Kconfig firewire, ieee1394: update Kconfig help 2009-12-29 19:58:17 +01:00
Makefile