kernel-ark/drivers/scsi
Mahesh Rajashekhara b4789b8e6b aacraid: prevent invalid pointer dereference
It appears that driver runs into a problem here if fibsize is too small
because we allocate user_srbcmd with fibsize size only but later we
access it until user_srbcmd->sg.count to copy it over to srbcmd.

It is not correct to test (fibsize < sizeof(*user_srbcmd)) because this
structure already includes one sg element and this is not needed for
commands without data.  So, we would recommend to add the following
(instead of test for fibsize == 0).

Signed-off-by: Mahesh Rajashekhara <Mahesh.Rajashekhara@pmcs.com>
Reported-by: Nico Golde <nico@ngolde.de>
Reported-by: Fabian Yamaguchi <fabs@goesec.de>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2013-11-19 16:27:39 -08:00
..
aacraid aacraid: prevent invalid pointer dereference 2013-11-19 16:27:39 -08:00
aic7xxx [SCSI] aic7xxx: fix swapped arguments in ahc_find_pci_device 2013-09-10 14:48:16 -07:00
aic7xxx_old
aic94xx
arcmsr SCSI: remove unnecessary pci_set_drvdata() 2013-10-14 15:26:04 +02:00
arm
be2iscsi [SCSI] be2iscsi: Bump driver version 2013-10-25 09:58:11 +01:00
bfa Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2013-11-15 16:47:22 -08:00
bnx2fc Pull Request for 3.13 2013-11-10 12:19:15 +08:00
bnx2i Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2013-11-15 16:47:22 -08:00
csiostor Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2013-11-15 16:47:22 -08:00
cxgbi treewide: Add __GFP_NOWARN to k.alloc calls with v.alloc fallbacks 2013-08-20 13:06:40 +02:00
device_handler [SCSI] scsi_dh_alua: ALUA handler attach should succeed while TPG is transitioning 2013-10-25 11:19:33 +01:00
dpt
esas2r [SCSI] esas2r: Cleanup snprinf formatting of firmware version 2013-10-25 09:58:59 +01:00
fcoe SCSI for-linus on 20131110 2013-11-14 12:25:38 +09:00
fnic Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2013-11-15 16:47:22 -08:00
ibmvscsi [SCSI] ibmvfc: Fix for offlining devices during error recovery 2013-09-06 11:41:34 -07:00
isci [SCSI] isci: Fix a infinite loop. 2013-08-26 12:51:30 +04:00
libfc fcp: Do not interpret check condition as underrun 2013-09-04 13:52:35 -07:00
libsas
lpfc Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2013-11-15 16:47:22 -08:00
megaraid Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2013-11-15 16:47:22 -08:00
mpt2sas [SCSI] mpt2sas: Remove phys on topology change. 2013-09-03 07:27:58 -07:00
mpt3sas [SCSI] Allow MPT Fusion SAS 3.0 driver to be built into the kernel 2013-09-06 11:42:53 -07:00
mvsas SCSI: remove unnecessary pci_set_drvdata() 2013-10-14 15:26:04 +02:00
osd SCSI: OSD: convert class code to use dev_groups 2013-07-25 16:34:39 -07:00
pcmcia
pm8001 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2013-11-15 16:47:22 -08:00
qla2xxx Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2013-11-15 16:47:22 -08:00
qla4xxx Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2013-11-15 16:47:22 -08:00
sym53c8xx_2 treewide: Fix common typo in "identify" 2013-10-14 15:31:06 +02:00
ufs Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2013-11-15 16:47:22 -08:00
.gitignore
3w-9xxx.c
3w-9xxx.h
3w-sas.c
3w-sas.h
3w-xxxx.c
3w-xxxx.h
53c700_d.h_shipped
53c700.c
53c700.h
53c700.scr
a100u2w.c
a100u2w.h
a2091.c
a2091.h
a3000.c
a3000.h
a4000t.c
advansys.c [SCSI] advansys: Remove 'last_reset' references 2013-10-25 11:44:54 +01:00
aha152x.c
aha152x.h
aha1542.c
aha1542.h
aha1740.c
aha1740.h
aic7xxx_old.c
atari_NCR5380.c
atari_scsi.c
atari_scsi.h
atp870u.c SCSI: remove unnecessary pci_set_drvdata() 2013-10-14 15:26:04 +02:00
atp870u.h
BusLogic.c [SCSI] buslogic: Added check for DMA mapping errors 2013-10-25 09:57:57 +01:00
BusLogic.h [SCSI] BusLogic: Port driver to 64-bit. 2013-06-26 18:32:47 -07:00
bvme6000_scsi.c
ch.c
constants.c [SCSI] scsi constants: command, sense key + additional sense strings 2013-07-09 22:52:29 +01:00
dc395x.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2013-11-15 16:47:22 -08:00
dc395x.h
dmx3191d.c
dpt_i2o.c [SCSI] dpt_i2o: return SCSI_MLQUEUE_HOST_BUSY when in reset 2013-10-25 11:40:42 +01:00
dpti.h [SCSI] dpt_i2o: Remove DPTI_STATE_IOCTL 2013-10-25 11:36:26 +01:00
dtc.c
dtc.h
eata_generic.h
eata_pio.c [SCSI] eata_pio: off by one in eata_pio_detect() 2013-09-03 07:27:58 -07:00
eata_pio.h
eata.c
esp_scsi.c esp_scsi: Fix tag state corruption when autosensing. 2013-08-01 18:08:34 -07:00
esp_scsi.h esp_scsi: Fix tag state corruption when autosensing. 2013-08-01 18:08:34 -07:00
fdomain.c
fdomain.h
FlashPoint.c [SCSI] BusLogic: Port driver to 64-bit. 2013-06-26 18:32:47 -07:00
g_NCR5380_mmio.c
g_NCR5380.c
g_NCR5380.h
gdth_ioctl.h
gdth_proc.c
gdth_proc.h
gdth.c SCSI: remove unnecessary pci_set_drvdata() 2013-10-14 15:26:04 +02:00
gdth.h
gvp11.c
gvp11.h
hosts.c [SCSI] Add 'eh_deadline' to limit SCSI EH runtime 2013-10-25 12:17:59 +01:00
hpsa_cmd.h
hpsa.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2013-11-15 16:47:22 -08:00
hpsa.h [SCSI] hpsa: remove unneeded variable 2013-08-26 12:51:31 +04:00
hptiop.c
hptiop.h
imm.c
imm.h
in2000.c
in2000.h
initio.c
initio.h
ipr.c [SCSI] ipr: Add sereral new CCIN definitions for new adapters support 2013-08-26 12:51:32 +04:00
ipr.h [SCSI] ipr: Add sereral new CCIN definitions for new adapters support 2013-08-26 12:51:32 +04:00
ips.c
ips.h
iscsi_boot_sysfs.c
iscsi_tcp.c [SCSI] iscsi_tcp: consider session state in iscsi_sw_sk_state_check 2013-10-25 09:58:13 +01:00
iscsi_tcp.h
jazz_esp.c
Kconfig SCSI misc on 20130903 2013-09-03 15:48:06 -07:00
lasi700.c
libiscsi_tcp.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2013-07-09 18:24:39 -07:00
libiscsi.c [SCSI] IB/iser: Add Discovery support 2013-08-26 18:53:49 +04:00
libsrp.c
mac53c94.c
mac53c94.h
mac_esp.c
mac_scsi.c
mac_scsi.h
Makefile [SCSI] esas2r: ATTO Technology ExpressSAS 6G SAS/SATA RAID Adapter Driver 2013-09-03 07:27:58 -07:00
megaraid.c
megaraid.h
mesh.c
mesh.h
mvme16x_scsi.c
mvme147.c
mvme147.h
mvumi.c SCSI: remove unnecessary pci_set_drvdata() 2013-10-14 15:26:04 +02:00
mvumi.h
ncr53c8xx.c treewide: Fix common typo in "identify" 2013-10-14 15:31:06 +02:00
ncr53c8xx.h
NCR53c406a.c
NCR5380.c
NCR5380.h
NCR_D700.c
NCR_D700.h
NCR_Q720.c
NCR_Q720.h
nsp32_debug.c
nsp32_io.h
nsp32.c
nsp32.h
osst_detect.h
osst_options.h
osst.c
osst.h
pas16.c
pas16.h
pmcraid.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2013-11-19 15:50:47 -08:00
pmcraid.h
ppa.c
ppa.h
ps3rom.c
qla1280.c
qla1280.h
qlogicfas408.c
qlogicfas408.h
qlogicfas.c
qlogicpti.c
qlogicpti.h
raid_class.c
script_asm.pl
scsi_debug.c [SCSI] scsi_debug: fix sparse warnings related to data integrity field 2013-10-25 09:58:12 +01:00
scsi_devinfo.c
scsi_error.c [SCSI] scsi_error: Escalate to LUN reset if abort fails 2013-10-25 12:18:30 +01:00
scsi_ioctl.c
scsi_lib_dma.c
scsi_lib.c ARM: 7796/1: scsi: Use dma_max_pfn(dev) helper for bounce_limit calculations 2013-10-31 14:49:26 +00:00
scsi_logging.h
scsi_module.c
scsi_netlink.c
scsi_pm.c [SCSI] sd: Add error handling during flushing caches 2013-10-25 09:58:13 +01:00
scsi_priv.h
scsi_proc.c
scsi_sas_internal.h
scsi_scan.c
scsi_sysctl.c
scsi_sysfs.c [SCSI] Add 'eh_deadline' to limit SCSI EH runtime 2013-10-25 12:17:59 +01:00
scsi_tgt_if.c
scsi_tgt_lib.c
scsi_tgt_priv.h
scsi_trace.c
scsi_transport_api.h
scsi_transport_fc_internal.h
scsi_transport_fc.c drivers: avoid format strings in names passed to alloc_workqueue() 2013-07-03 16:07:41 -07:00
scsi_transport_iscsi.c [SCSI] scsi_transport_iscsi: Add support to set CHAP entries 2013-10-25 09:58:01 +01:00
scsi_transport_sas.c
scsi_transport_spi.c
scsi_transport_srp_internal.h
scsi_transport_srp.c scsi_transport_srp: Add periodic reconnect support 2013-11-08 14:43:16 -08:00
scsi_typedefs.h
scsi.c [SCSI] remove check for 'resetting' 2013-10-25 12:00:23 +01:00
scsi.h
scsicam.c
sd_dif.c
sd.c SCSI for-linus on 20131110 2013-11-14 12:25:38 +09:00
sd.h [SCSI] Derive the FLUSH_TIMEOUT from the basic I/O timeout 2013-10-25 09:58:16 +01:00
ses.c
sg.c [SCSI] Revert "sg: use rwsem to solve race during exclusive open" 2013-10-25 10:59:54 +01:00
sgiwd93.c
sim710.c
sni_53c710.c
sr_ioctl.c
sr_vendor.c
sr.c
sr.h
st_options.h
st.c [SCSI] st: convert class code to use dev_groups 2013-08-21 10:10:50 -07:00
st.h
stex.c SCSI: remove unnecessary pci_set_drvdata() 2013-10-14 15:26:04 +02:00
storvsc_drv.c Drivers: hv: remove HV_DRV_VERSION 2013-08-02 11:34:30 +08:00
sun3_NCR5380.c
sun3_scsi_vme.c
sun3_scsi.c
sun3_scsi.h
sun3x_esp.c
sun_esp.c
sym53c416.c
sym53c416.h
t128.c
t128.h
tmscsim.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2013-11-15 16:47:22 -08:00
tmscsim.h [SCSI] tmscsim: Move 'last_reset' into host structure 2013-10-25 11:51:37 +01:00
u14-34f.c
ultrastor.c
ultrastor.h
virtio_scsi.c virtio_scsi: verify if queue is broken after virtqueue_get_buf() 2013-11-11 11:53:26 +10:30
vmw_pvscsi.c SCSI: remove unnecessary pci_set_drvdata() 2013-10-14 15:26:04 +02:00
vmw_pvscsi.h
wd33c93.c
wd33c93.h
wd7000.c
zalon.c
zorro7xx.c