2
0
mirror of https://github.com/edk2-porting/linux-next.git synced 2024-12-17 09:43:59 +08:00
linux-next/drivers
Alex Williamson c8dbca165b vfio/iommu_type1: Avoid overflow
Coverity reports use of a tained scalar used as a loop boundary.
For the most part, any values passed from userspace for a DMA mapping
size, IOVA, or virtual address are valid, with some alignment
constraints.  The size is ultimately bound by how many pages the user
is able to lock, IOVA is tested by the IOMMU driver when doing a map,
and the virtual address needs to pass get_user_pages.  The only
problem I can find is that we do expect the __u64 user values to fit
within our variables, which might not happen on 32bit platforms.  Add
a test for this and return error on overflow.  Also propagate use of
the type-correct local variables throughout the function.

The above also points to the 'end' variable, which can be zero if
we're operating at the very top of the address space.  We try to
account for this, but our loop botches it.  Rework the loop to use
the remaining size as our loop condition rather than the IOVA vs end.

Detected by Coverity: CID 714659

Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2014-05-30 11:35:54 -06:00
..
accessibility
acpi Merge branch 'acpi-video' 2014-05-16 23:43:56 +02:00
amba ARM: SoC: driver changes 2014-04-05 15:37:40 -07:00
ata Merge branch 'for-3.15-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/libata 2014-05-21 18:35:42 +09:00
atm
auxdisplay
base drivercore: deferral race condition fix 2014-04-29 15:44:05 +01:00
bcma
block floppy: don't write kernel-only members to FDRAWCMD ioctl output 2014-05-05 07:46:56 -07:00
bluetooth Bluetooth: Add support for Lite-on [04ca:3007] 2014-04-25 09:47:16 +03:00
bus bus: mvebu-mbus: allow several windows with the same target/attribute 2014-04-24 03:48:08 +00:00
cdrom
char This fixes a BUG_ON-causing regression that was introduced during the 2014-05-21 18:56:35 +09:00
clk Clock framework and driver fixes, all of which fix user-visible 2014-05-21 18:55:17 +09:00
clocksource Merge branch 'clockevents/3.15-fixes' of git://git.linaro.org/people/daniel.lezcano/linux into timers/urgent 2014-04-29 19:26:58 +02:00
connector net: Use netlink_ns_capable to verify the permisions of netlink messages 2014-04-24 13:44:54 -04:00
cpufreq ACPI and power management fixes for 3.15-rc6 2014-05-21 17:58:34 +09:00
cpuidle Merge branch 'pm-cpuidle' 2014-04-08 13:27:40 +02:00
crypto crypto: caam - add allocation failure handling in SPRINTFCAT macro 2014-04-28 18:17:18 +08:00
dca
devfreq
dio
dma dmaengine: fix dmaengine_unmap failure 2014-05-21 14:02:37 -07:00
edac Merge branch 'v4l_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media 2014-04-04 09:50:07 -07:00
eisa
extcon
firewire
firmware iscsi_ibft: Fix finding Broadcom specific ibft sign 2014-05-13 14:54:14 -04:00
fmc
gpio gpio: mcp23s08: Bug fix of SPI device tree registration. 2014-05-09 10:28:16 +02:00
gpu Merge branch 'drm-fixes-3.15' of git://people.freedesktop.org/~deathsimple/linux into drm-fixes 2014-05-22 09:15:57 +10:00
hid Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid 2014-05-07 16:07:58 -07:00
hsi
hv Drivers: hv: vmbus: Negotiate version 3.0 when running on ws2012r2 hosts 2014-04-16 14:14:07 -07:00
hwmon hwmon: (ntc_thermistor) Fix OF device ID mapping 2014-05-25 17:23:08 +02:00
hwspinlock
i2c i2c: rcar: bail out on zero length transfers 2014-05-14 18:59:57 +02:00
ide
idle intel_idle: fix IVT idle state table setting 2014-04-21 23:36:07 +02:00
iio iio: adc: Nothing in ADC should be a bool CONFIG 2014-04-26 11:22:16 +01:00
infiniband Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2014-05-23 15:29:43 -07:00
input Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input 2014-05-08 14:06:45 -07:00
iommu iommu/amd: fix enabling exclusion range for an exact device 2014-05-13 12:33:12 +02:00
ipack
irqchip mvebu irqchip ifxes for v3.15 2014-04-29 19:23:22 +02:00
isdn hisax/icc: add missing semicolon after label 2014-04-22 21:22:47 -04:00
leds Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/cooloney/linux-leds 2014-04-10 09:06:10 -07:00
lguest drivers/lguest/page_tables.c: rename do_set_pte() 2014-04-07 16:35:52 -07:00
macintosh
mailbox
mcb drivers: mcb: fix memory leak in chameleon_parse_cells() error path 2014-04-16 12:28:47 -07:00
md A dm-crypt fix for a cpu hotplug crash that switches from using per-cpu 2014-05-21 17:57:31 +09:00
media Merge branch 'v4l_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media 2014-05-21 19:01:08 +09:00
memory memory: mvebu-devbus: fix the conversion of the bus width 2014-04-17 04:14:30 +00:00
memstick
message PCI changes for the v3.15 merge window: 2014-04-01 15:14:04 -07:00
mfd mmc: rtsx: Revert "mmc: rtsx: add support for pre_req and post_req" 2014-05-08 08:44:50 +01:00
misc misc: Grammar s/addition/additional/ 2014-04-16 12:28:47 -07:00
mmc mmc: rtsx: Revert "mmc: rtsx: add support for pre_req and post_req" 2014-05-08 08:44:50 +01:00
mtd MTD update for 3.15-rc5 2014-05-07 16:28:52 -07:00
net bonding: Send ALB learning packets using the right source 2014-05-22 15:47:58 -04:00
nfc
ntb ntb: Use pci_enable_msix_range() instead of pci_enable_msix() 2014-04-07 10:59:20 -07:00
nubus
of of: make of_update_property() usable earlier in the boot process 2014-05-14 15:27:36 +01:00
oprofile
parisc
parport
pci PCI updates for v3.15: 2014-05-21 18:57:25 +09:00
pcmcia PCI changes for the v3.15 merge window: 2014-04-01 15:14:04 -07:00
phy phy: fix kernel oops in phy_lookup() 2014-04-24 12:53:38 -07:00
pinctrl sh-pfc: r8a7791: Fix definition of MOD_SEL3 2014-04-23 16:09:53 +02:00
platform alienware-wmi: cover some scenarios where memory allocations would fail 2014-04-10 12:11:56 -04:00
pnp asmlinkage: Add explicit __visible to drivers/*, lib/*, kernel/* 2014-05-05 16:07:46 -07:00
power power/reset: vexpress: Fix restart/power off operation 2014-04-24 17:20:50 +01:00
powercap CPU hotplug notifiers registration fixes for 3.15-rc1 2014-04-07 14:55:46 -07:00
pps
ps3
ptp ptp: fix kconfig dependency warnings 2014-05-12 00:27:26 -04:00
pwm Shiraz has moved 2014-04-18 16:40:08 -07:00
rapidio rapidio: rework device hierarchy and introduce mport class of devices 2014-04-07 16:36:07 -07:00
regulator regulator: pbias: Convert to use regmap helper functions 2014-04-14 22:16:25 +01:00
remoteproc
reset
rpmsg
rtc drivers/rtc/rtc-hym8563.c: set uie_unsupported 2014-05-11 17:55:48 +09:00
s390 s390/chsc: fix SEI usage on old FW levels 2014-04-17 12:46:28 +02:00
sbus
scsi SCSI fixes on 20140524 2014-05-25 10:13:50 -07:00
sfi
sh drivers: sh: compile drivers/sh/pm_runtime.c if ARCH_SHMOBILE_MULTI 2014-05-12 16:05:01 +09:00
sn
spi Merge remote-tracking branches 'spi/fix/pxa2xx' and 'spi/fix/qup' into spi-linus 2014-05-13 19:08:34 +01:00
spmi
ssb
staging Merge branch 'v4l_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media 2014-05-21 19:01:08 +09:00
target target: fix memory leak on XCOPY 2014-05-17 15:49:40 -07:00
tc
thermal Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/rzhang/linux 2014-04-10 09:15:46 -07:00
tty tty: Fix lockless tty buffer race 2014-05-03 18:14:28 -04:00
uio
usb USB: Nokia 5300 should be treated as unusual dev 2014-05-03 19:41:07 -04:00
uwb uwb: don't call spin_unlock_irq in a USB completion handler 2014-04-24 12:45:40 -07:00
vfio vfio/iommu_type1: Avoid overflow 2014-05-30 11:35:54 -06:00
vhost Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending 2014-04-12 16:51:08 -07:00
video video: Kconfig: move drm and fb into separate menus 2014-04-17 08:10:20 +03:00
virt
virtio
vlynq
vme vme_tsi148: Utilize to_pci_dev() macro 2014-04-16 14:08:37 -07:00
w1 w1: avoid recursive device_add 2014-04-16 14:07:51 -07:00
watchdog CPU hotplug notifiers registration fixes for 3.15-rc1 2014-04-07 14:55:46 -07:00
xen Xen bug fixes for 3.15-rc5 2014-05-13 11:21:01 +09:00
zorro
Kconfig
Makefile SH Driver Update for v3.15 2014-05-22 04:26:23 +09:00