davidlt/kernel-ark
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
c991d168cb
kernel-ark/fs
History
Bastian Blank 712a30e63c splice: fix user pointer access in get_iovec_page_array() 
Commit 8811930dc7 ("splice: missing user
pointer access verification") added the proper access_ok() calls to
copy_from_user_mmap_sem() which ensures we can copy the struct iovecs
from userspace to the kernel.

But we also must check whether we can access the actual memory region
pointed to by the struct iovec to fix the access checks properly.

Signed-off-by: Bastian Blank <waldi@debian.org>
Acked-by: Oliver Pinter <oliver.pntr@gmail.com>
Cc: Jens Axboe <jens.axboe@oracle.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Pekka Enberg <penberg@cs.helsinki.fi>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-02-10 10:27:21 -08:00
..
9p
adfs mount options: fix adfs 2008-02-08 09:22:39 -08:00
affs mount options: fix affs 2008-02-08 09:22:39 -08:00
afs mount options: fix afs 2008-02-08 09:22:39 -08:00
autofs mount options: fix autofs 2008-02-08 09:22:40 -08:00
autofs4 mount options: fix autofs4 2008-02-08 09:22:39 -08:00
befs mount options: fix befs 2008-02-08 09:22:40 -08:00
bfs iget: stop BFS from using iget() and read_inode() 2008-02-07 08:42:27 -08:00
cifs iget: stop CIFS from using iget() and read_inode() 2008-02-07 08:42:27 -08:00
coda
configfs
cramfs
debugfs libfs: allow error return from simple attributes 2008-02-08 09:22:34 -08:00
devpts mount options: fix devpts 2008-02-08 09:22:40 -08:00
dlm
ecryptfs
efs iget: stop EFS from using iget() and read_inode() 2008-02-07 08:42:27 -08:00
exportfs
ext2 mount options: fix ext2 2008-02-08 09:22:40 -08:00
ext3 ext3: replace all adds to little endians variables with le*_add_cpu 2008-02-08 09:22:32 -08:00
ext4 ext4: Add new "development flag" to the ext4 filesystem 2008-02-10 01:11:44 -05:00
fat mount options: fix fat 2008-02-08 09:22:40 -08:00
freevxfs iget: stop FreeVXFS from using iget() and read_inode() 2008-02-07 08:42:28 -08:00
fuse mount options: fix fuse 2008-02-08 09:22:40 -08:00
gfs2 iget: use iget_failed() in GFS2 2008-02-07 08:42:27 -08:00
hfs
hfsplus fs/hfsplus/unicode.c: fix uninitialized var warning 2008-02-08 09:22:36 -08:00
hostfs UML: fix hostfs build 2008-02-09 11:08:33 -08:00
hpfs mount options: fix hpfs 2008-02-08 09:22:40 -08:00
hppfs iget: stop HPPFS from using iget() and read_inode() 2008-02-07 08:42:29 -08:00
hugetlbfs mount options: fix hugetlbfs 2008-02-08 09:22:40 -08:00
isofs mount options: fix isofs 2008-02-08 09:22:40 -08:00
jbd ext3 can fail badly when device stops accepting BIO_RW_BARRIER requests 2008-02-08 09:22:44 -08:00
jbd2 JBD2: Clear buffer_ordered flag for barried IO request on success 2008-02-10 01:09:32 -05:00
jffs2 Merge git://git.infradead.org/mtd-2.6 2008-02-07 10:20:31 -08:00
jfs BKL-removal: Implement a compat_ioctl handler for JFS 2008-02-07 13:45:29 -06:00
lockd
minix iget: stop the MINIX filesystem from using iget() and read_inode() 2008-02-07 08:42:28 -08:00
msdos
ncpfs mount options: fix ncpfs 2008-02-08 09:22:40 -08:00
nfs NFS: Fix a potential file corruption issue when writing 2008-02-07 19:20:20 -05:00
nfs_common
nfsd
nls
ntfs
ocfs2 byteorder: move le32_add_cpu & friends from OCFS2 to core 2008-02-08 09:22:32 -08:00
openpromfs iget: stop OPENPROMFS from using iget() and read_inode() 2008-02-07 08:42:29 -08:00
partitions Enhanced partition statistics: remove old partition statistics 2008-02-08 12:42:01 +01:00
proc revert "proc: fix the threaded proc self" 2008-02-08 15:33:32 -08:00
qnx4 iget: stop QNX4 from using iget() and read_inode() 2008-02-07 08:42:28 -08:00
ramfs
reiserfs mount options: fix reiserfs 2008-02-08 09:22:40 -08:00
romfs iget: stop ROMFS from using iget() and read_inode() 2008-02-07 08:42:28 -08:00
smbfs
sysfs sysfs: remove BUG_ON() from sysfs_remove_group() 2008-02-07 11:31:46 -08:00
sysv iget: stop the SYSV filesystem from using iget() and read_inode() 2008-02-07 08:42:29 -08:00
udf mount options: fix udf 2008-02-08 09:22:41 -08:00
ufs drop linux/ufs_fs.h from userspace export and relocate it to fs/ufs/ufs_fs.h 2008-02-08 09:22:39 -08:00
vfat
xfs Merge branch 'for-linus' of git://oss.sgi.com:8090/xfs/xfs-2.6 2008-02-07 19:12:12 -08:00
aio.c aio: negative offset should return -EINVAL 2008-02-08 09:22:33 -08:00
anon_inodes.c
attr.c
bad_inode.c iget: introduce a function to register iget failure 2008-02-07 08:42:26 -08:00
binfmt_aout.c aout: suppress A.OUT library support if !CONFIG_ARCH_SUPPORTS_AOUT 2008-02-08 09:22:30 -08:00
binfmt_elf_fdpic.c
binfmt_elf.c Remove a.out interpreter support in ELF loader 2008-02-08 09:22:41 -08:00
binfmt_em86.c
binfmt_flat.c aout: remove unnecessary inclusions of {asm, linux}/a.out.h 2008-02-08 09:22:30 -08:00
binfmt_misc.c
binfmt_script.c
binfmt_som.c aout: remove unnecessary inclusions of {asm, linux}/a.out.h 2008-02-08 09:22:30 -08:00
bio.c
block_dev.c
buffer.c buffer_head: fix private_list handling 2008-02-08 09:22:42 -08:00
char_dev.c fs/char_dev.c: chrdev_open marked static and removed from fs.h 2008-02-08 09:22:42 -08:00
compat_binfmt_elf.c
compat_ioctl.c dm ioctl: move compat code 2008-02-08 02:09:56 +00:00
compat.c
dcache.c
dcookies.c
direct-io.c
dnotify.c
dquot.c
drop_caches.c
eventfd.c
eventpoll.c
exec.c Allow executables larger than 2GB 2008-02-08 09:22:34 -08:00
fcntl.c fs: remove fastcall, it is always empty 2008-02-08 09:22:31 -08:00
fifo.c
file_table.c fs: remove fastcall, it is always empty 2008-02-08 09:22:31 -08:00
file.c
filesystems.c
fs-writeback.c write_inode_now(): avoid unnecessary synchronous write 2008-02-08 09:22:34 -08:00
generic_acl.c
inode.c iget: remove iget() and the read_inode() super op as being obsolete 2008-02-07 08:42:29 -08:00
inotify_user.c inotify: fix check for one-shot watches before destroying them 2008-02-08 09:22:22 -08:00
inotify.c
internal.h
ioctl.c fix up kerneldoc in fs/ioctl.c a little bit 2008-02-09 11:08:33 -08:00
ioprio.c
Kconfig SUNRPC xptrdma: simplify build configuration 2008-02-07 19:58:08 -05:00
Kconfig.binfmt aout: suppress A.OUT library support if !CONFIG_ARCH_SUPPORTS_AOUT 2008-02-08 09:22:30 -08:00
libfs.c libfs: rename simple_attr_close to simple_attr_release 2008-02-08 09:22:34 -08:00
locks.c Pidns: make full use of xxx_vnr() calls 2008-02-08 09:22:29 -08:00
Makefile
mbcache.c
mpage.c
namei.c fs: remove fastcall, it is always empty 2008-02-08 09:22:31 -08:00
namespace.c reduce large do_mount stack usage with noinlines 2008-02-08 09:22:44 -08:00
nfsctl.c
no-block.c
open.c remove the unused exports of sys_open/sys_read 2008-02-08 09:22:36 -08:00
pipe.c BKL-Removal: convert pipe to use unlocked_ioctl too 2008-02-08 09:22:38 -08:00
pnode.c
pnode.h
posix_acl.c
quota_v1.c
quota_v2.c
quota.c
read_write.c remove the unused exports of sys_open/sys_read 2008-02-08 09:22:36 -08:00
read_write.h
readdir.c
select.c
seq_file.c
signalfd.c
splice.c splice: fix user pointer access in get_iovec_page_array() 2008-02-10 10:27:21 -08:00
stack.c
stat.c
super.c quota: turn quotas off when remounting read-only 2008-02-08 09:22:44 -08:00
sync.c
timerfd.c
utimes.c
xattr_acl.c
xattr.c