korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2024-11-15 00:04:15 +08:00
Code Issues Packages Projects Releases Wiki Activity
286e877181
linux/drivers
History
Vishal Verma 286e877181 libnvdimm: fix ars_status output length calculation 
Commit efda1b5d87 ("acpi, nfit, libnvdimm: fix / harden ars_status output length handling")
Introduced additional hardening for ambiguity in the ACPI spec for
ars_status output sizing. However, it had a couple of cases mixed up.
Where it should have been checking for (and returning) "out_field[1] -
4" it was using "out_field[1] - 8" and vice versa.

This caused a four byte discrepancy in the buffer size passed on to
the command handler, and in some cases, this caused memory corruption
like:

  ./daxdev-errors.sh: line 76: 24104 Aborted   (core dumped) ./daxdev-errors $busdev $region
  malloc(): memory corruption
  Program received signal SIGABRT, Aborted.
  [...]
  #5  0x00007ffff7865a2e in calloc () from /lib64/libc.so.6
  #6  0x00007ffff7bc2970 in ndctl_bus_cmd_new_ars_status (ars_cap=ars_cap@entry=0x6153b0) at ars.c:136
  #7  0x0000000000401644 in check_ars_status (check=0x7fffffffdeb0, bus=0x604c20) at daxdev-errors.c:144
  #8  test_daxdev_clear_error (region_name=<optimized out>, bus_name=<optimized out>)
      at daxdev-errors.c:332

Cc: <stable@vger.kernel.org>
Cc: Dave Jiang <dave.jiang@intel.com>
Cc: Keith Busch <keith.busch@intel.com>
Cc: Lukasz Dorau <lukasz.dorau@intel.com>
Cc: Dan Williams <dan.j.williams@intel.com>
Fixes: efda1b5d87 ("acpi, nfit, libnvdimm: fix / harden ars_status output length handling")
Signed-off-by: Vishal Verma <vishal.l.verma@intel.com>
Reviewed-by: Keith Busch <keith.busch@intel.com>
Signed-of-by: Dave Jiang <dave.jiang@intel.com>
2018-08-20 08:56:38 -07:00
..
accessibility
acpi acpi/nfit: queue issuing of ars when an uc error notification comes in 2018-07-27 15:28:28 -07:00
amba Merge branch 'for-linus' of git://git.armlinux.org.uk/~rmk/linux-arm 2018-06-06 13:49:25 -07:00
android treewide: kzalloc() -> kcalloc() 2018-06-12 16:19:22 -07:00
ata treewide: devm_kzalloc() -> devm_kcalloc() 2018-06-12 16:19:22 -07:00
atm treewide: kzalloc() -> kcalloc() 2018-06-12 16:19:22 -07:00
auxdisplay treewide: kmalloc() -> kmalloc_array() 2018-06-12 16:19:22 -07:00
base Power management changes for 4.18-rc2 2018-06-22 05:57:36 +09:00
bcma dma-mapping updates for 4.18: 2018-06-04 10:58:12 -07:00
block for-linus-20180623 2018-06-24 06:33:54 +08:00
bluetooth bluetooth: hci_nokia: Don't include linux/unaligned/le_struct.h directly. 2018-06-17 08:38:55 +09:00
bus - Error path bug fix for overflow tests (Dan) 2018-06-12 18:28:00 -07:00
cdrom treewide: kmalloc() -> kmalloc_array() 2018-06-12 16:19:22 -07:00
char Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2018-06-24 06:31:54 +08:00
clk docs: Fix some broken references 2018-06-15 18:10:01 -03:00
clocksource Merge branch 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2018-06-24 19:16:42 +08:00
connector Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2018-06-06 18:39:49 -07:00
cpufreq cpufreq: intel_pstate: Fix scaling max/min limits with Turbo 3.0 2018-06-19 10:40:29 +02:00
cpuidle powerpc updates for 4.18 2018-06-07 10:23:33 -07:00
crypto Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2018-06-24 06:31:54 +08:00
dax device-dax: avoid hang on error before devm_memremap_pages() 2018-07-31 17:05:42 -07:00
dca
devfreq treewide: devm_kzalloc() -> devm_kcalloc() 2018-06-12 16:19:22 -07:00
dio
dma fix a series of Documentation/ broken file name references 2018-06-15 18:10:01 -03:00
dma-buf
edac treewide: kzalloc() -> kcalloc() 2018-06-12 16:19:22 -07:00
eisa
extcon treewide: kzalloc() -> kcalloc() 2018-06-12 16:19:22 -07:00
firewire treewide: kmalloc() -> kmalloc_array() 2018-06-12 16:19:22 -07:00
firmware efi/libstub/tpm: Initialize efi_physical_addr_t vars to zero for mixed mode 2018-06-22 10:58:27 +02:00
fmc treewide: kzalloc() -> kcalloc() 2018-06-12 16:19:22 -07:00
fpga
fsi
gpio treewide: devm_kzalloc() -> devm_kcalloc() 2018-06-12 16:19:22 -07:00
gpu Fixes for v4.18-rc2: 2018-06-22 11:03:43 +10:00
hid Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid 2018-06-20 16:42:39 +09:00
hsi
hv treewide: kzalloc() -> kcalloc() 2018-06-12 16:19:22 -07:00
hwmon hwmon: (nct6775) Fix loop limit 2018-06-16 16:40:36 -07:00
hwspinlock hwspinlock updates for v4.18 2018-06-11 12:09:19 -07:00
hwtracing treewide: devm_kzalloc() -> devm_kcalloc() 2018-06-12 16:19:22 -07:00
i2c Merge branch 'i2c/for-4.18' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux 2018-06-14 16:21:46 +09:00
ide treewide: kzalloc() -> kcalloc() 2018-06-12 16:19:22 -07:00
idle
iio treewide: devm_kzalloc() -> devm_kcalloc() 2018-06-12 16:19:22 -07:00
infiniband 4.18-rc 2018-06-21 07:22:30 +09:00
input docs: Fix some broken references 2018-06-15 18:10:01 -03:00
iommu - Error path bug fix for overflow tests (Dan) 2018-06-12 18:28:00 -07:00
ipack treewide: kzalloc() -> kcalloc() 2018-06-12 16:19:22 -07:00
irqchip irqchip/gic-v3-its: Fix reprogramming of redistributors on CPU hotplug 2018-06-22 14:22:02 +02:00
isdn treewide: Use array_size() in vmalloc() 2018-06-12 16:19:22 -07:00
leds treewide: devm_kzalloc() -> devm_kcalloc() 2018-06-12 16:19:22 -07:00
lightnvm for-linus-20180623 2018-06-24 06:33:54 +08:00
macintosh powerpc updates for 4.18 2018-06-07 10:23:33 -07:00
mailbox treewide: devm_kzalloc() -> devm_kcalloc() 2018-06-12 16:19:22 -07:00
mcb
md md/dm-writecache: Don't request pointer dummy_addr when not required 2018-07-30 09:40:04 -07:00
media Solve a series of broken links for files under Documentation: 2018-06-17 05:25:18 +09:00
memory - Error path bug fix for overflow tests (Dan) 2018-06-12 18:28:00 -07:00
memstick treewide: kmalloc() -> kmalloc_array() 2018-06-12 16:19:22 -07:00
message treewide: kmalloc() -> kmalloc_array() 2018-06-12 16:19:22 -07:00
mfd Merge branch 'i2c/for-4.18' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux 2018-06-14 16:21:46 +09:00
misc Merge branch 'i2c/for-4.18' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux 2018-06-14 16:21:46 +09:00
mmc treewide: devm_kzalloc() -> devm_kcalloc() 2018-06-12 16:19:22 -07:00
mtd - Error path bug fix for overflow tests (Dan) 2018-06-12 18:28:00 -07:00
mux
net Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2018-06-21 07:13:42 +09:00
nfc treewide: devm_kmalloc() -> devm_kmalloc_array() 2018-06-12 16:19:22 -07:00
ntb - Error path bug fix for overflow tests (Dan) 2018-06-12 18:28:00 -07:00
nubus Char/Misc driver patches for 4.18-rc1 2018-06-05 16:20:22 -07:00
nvdimm libnvdimm: fix ars_status output length calculation 2018-08-20 08:56:38 -07:00
nvme nvme-pci: limit max IO size and segments to avoid high order allocations 2018-06-21 18:59:46 +02:00
nvmem treewide: kzalloc() -> kcalloc() 2018-06-12 16:19:22 -07:00
of - Error path bug fix for overflow tests (Dan) 2018-06-12 18:28:00 -07:00
opp PM / OPP: Update voltage in case freq == old_freq 2018-06-19 15:53:32 +05:30
oprofile treewide: Use array_size() in vmalloc() 2018-06-12 16:19:22 -07:00
parisc dma-mapping updates for 4.18: 2018-06-04 10:58:12 -07:00
parport docs: Fix some broken references 2018-06-15 18:10:01 -03:00
pci - Error path bug fix for overflow tests (Dan) 2018-06-12 18:28:00 -07:00
pcmcia treewide: kzalloc() -> kcalloc() 2018-06-12 16:19:22 -07:00
perf drivers/bus: arm-cci: fix build warnings 2018-05-29 16:38:16 +01:00
phy Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2018-06-06 18:39:49 -07:00
pinctrl pinctrl: mt7622: fix a kernel panic when pio don't work as EINT controller 2018-06-18 07:55:57 +02:00
platform fix a series of Documentation/ broken file name references 2018-06-15 18:10:01 -03:00
pnp media updates for v4.18-rc1 2018-06-07 12:34:37 -07:00
power treewide: devm_kzalloc() -> devm_kcalloc() 2018-06-12 16:19:22 -07:00
powercap treewide: kzalloc() -> kcalloc() 2018-06-12 16:19:22 -07:00
pps
ps3
ptp ptp: replace getnstimeofday64() with ktime_get_real_ts64() 2018-06-20 07:59:53 +09:00
pwm pwm: Changes for v4.18-rc1 2018-06-14 16:25:43 +09:00
rapidio treewide: Use array_size() in vmalloc() 2018-06-12 16:19:22 -07:00
ras
regulator treewide: devm_kzalloc() -> devm_kcalloc() 2018-06-12 16:19:22 -07:00
remoteproc treewide: use PHYS_ADDR_MAX to avoid type casting ULLONG_MAX 2018-06-15 07:55:25 +09:00
reset - Error path bug fix for overflow tests (Dan) 2018-06-12 18:28:00 -07:00
rpmsg rpmsg: smd: do not use mananged resources for endpoints and channels 2018-06-04 12:35:03 -07:00
rtc - New Device Support 2018-06-11 07:20:17 -07:00
s390 s390, dcssblk: kaddr and pfn can be NULL to ->direct_access() 2018-07-30 09:33:03 -07:00
sbus fix a series of Documentation/ broken file name references 2018-06-15 18:10:01 -03:00
scsi for-linus-20180623 2018-06-24 06:33:54 +08:00
sfi
sh treewide: kzalloc() -> kcalloc() 2018-06-12 16:19:22 -07:00
siox
slimbus treewide: kzalloc() -> kcalloc() 2018-06-12 16:19:22 -07:00
sn
soc treewide: use PHYS_ADDR_MAX to avoid type casting ULLONG_MAX 2018-06-15 07:55:25 +09:00
soundwire docs: Fix more broken references 2018-06-15 18:11:26 -03:00
spi treewide: devm_kzalloc() -> devm_kcalloc() 2018-06-12 16:19:22 -07:00
spmi
ssb
staging media: v4l: fix broken video4linux docs locations 2018-06-15 18:10:01 -03:00
target treewide: Use array_size() in vzalloc() 2018-06-12 16:19:22 -07:00
tc
tee
thermal - Error path bug fix for overflow tests (Dan) 2018-06-12 18:28:00 -07:00
thunderbolt
tty vfs/y2038: inode timestamps conversion to timespec64 2018-06-15 07:31:07 +09:00
uio treewide: kzalloc() -> kcalloc() 2018-06-12 16:19:22 -07:00
usb vfs/y2038: inode timestamps conversion to timespec64 2018-06-15 07:31:07 +09:00
uwb treewide: kmalloc() -> kmalloc_array() 2018-06-12 16:19:22 -07:00
vfio VFIO updates for v4.18 2018-06-12 13:11:26 -07:00
vhost virtio, vhost: features, fixes 2018-06-16 06:35:02 +09:00
video Solve a series of broken links for files under Documentation: 2018-06-17 05:25:18 +09:00
virt treewide: kzalloc() -> kcalloc() 2018-06-12 16:19:22 -07:00
virtio virtio, vhost: features, fixes 2018-06-16 06:35:02 +09:00
visorbus
vlynq
vme
w1 Char/Misc driver patches for 4.18-rc1 2018-06-05 16:20:22 -07:00
watchdog MIPS changes for 4.18 2018-06-12 12:56:02 -07:00
xen xen: fixes for 4.18-rc2 2018-06-23 20:44:11 +08:00
zorro - Introduce arithmetic overflow test helper functions (Rasmus) 2018-06-06 17:27:14 -07:00
Kconfig
Makefile