iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/drivers
History
Michael S. Tsirkin d8316f3991 vhost: fix total length when packets are too short 
When mergeable buffers are disabled, and the
incoming packet is too large for the rx buffer,
get_rx_bufs returns success.

This was intentional in order for make recvmsg
truncate the packet and then handle_rx would
detect err != sock_len and drop it.

Unfortunately we pass the original sock_len to
recvmsg - which means we use parts of iov not fully
validated.

Fix this up by detecting this overrun and doing packet drop
immediately.

CVE-2014-0077

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2014-03-28 16:07:31 -04:00
..
accessibility
acpi
ACPI / sleep: Add extra checks for HW Reduced ACPI mode sleep states
2014-03-13 22:11:39 +01:00
amba
ata
Merge branch 'for-3.14-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/libata
2014-03-10 12:56:24 -07:00
atm
auxdisplay
base
PM / hibernate: Fix restore hang in freeze_processes()
2014-02-26 01:13:15 +01:00
bcma
Merge branch 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus
2014-01-30 17:20:32 -08:00
block
mtip32xx: fix bad use of smp_processor_id()
2014-03-10 14:32:47 -06:00
bluetooth
bus
drivers: bus: fix CCI driver kcalloc call parameters swap
2014-01-31 15:15:13 -08:00
cdrom
Merge branch 'for-3.14/drivers' of git://git.kernel.dk/linux-block
2014-01-30 11:40:10 -08:00
char
Char/Misc fixes for 3.14-rc3
2014-02-14 16:13:00 -08:00
clk
Single fix for a clock driver merged in 3.14-rc1. Without this fix the
2014-03-08 10:51:30 -08:00
clocksource
clocksource: vf_pit_timer: use complement for sched_clock reading
2014-03-06 11:34:14 +01:00
connector
cpufreq
cpufreq: Skip current frequency initialization for ->setpolicy drivers
2014-03-13 00:37:16 +01:00
cpuidle
powerpc/powernv/cpuidle: Back-end cpuidle driver for powernv platform.
2014-01-29 17:02:24 +11:00
crypto
crypto/nx/nx-842: Fix handling of vmalloc addresses
2014-02-11 11:24:49 +11:00
dca
devfreq
Merge branches 'pm-cpufreq' and 'pm-devfreq'
2014-01-29 11:48:23 +01:00
dio
dma
Merge branch 'fixes' of git://git.infradead.org/users/vkoul/slave-dma
2014-03-01 21:30:43 -06:00
edac
i7300_edac: Fix device reference count
2014-02-25 09:43:13 +01:00
eisa
extcon
ASoC: dapm: Add locking to snd_soc_dapm_xxxx_pin functions
2014-02-20 18:40:07 +09:00
firewire
Merge branch 'for-3.14-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/wq
2014-03-08 11:51:13 -08:00
firmware
firmware/google: drop 'select EFI' to avoid recursive dependency
2014-01-27 21:02:40 -08:00
fmc
drivers/fmc/fmc-write-eeprom.c: fix decimal permissions
2014-02-25 15:25:43 -08:00
gpio
gpio: tb10x: GPIO_TB10X needs to select GENERIC_IRQ_CHIP
2014-02-05 11:13:59 +01:00
gpu
Merge branch 'exynos-drm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/daeinki/drm-exynos into drm-fixes
2014-03-20 13:20:00 +10:00
hid
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid
2014-03-17 08:00:50 -07:00
hsi
hv
Drivers: hv: vmbus: Don't timeout during the initial connection with host
2014-02-07 08:27:34 -08:00
hwmon
hwmon: (max1668) Fix writing the minimum temperature
2014-02-18 15:53:49 -08:00
hwspinlock
i2c
i2c: Remove usage of orphaned symbol OF_I2C
2014-03-13 22:33:44 +01:00
ide
drivers: ide: Include appropriate header file in ide-pio-blacklist.c
2014-01-28 23:35:09 -08:00
idle
ACPI and power management updates for 3.14-rc1
2014-01-24 15:51:02 -08:00
iio
iio:gyro: bug on L3GD20H gyroscope support
2014-02-18 10:24:49 +00:00
infiniband
Merge git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending
2014-03-09 13:50:14 -07:00
input
ASoC: dapm: Add locking to snd_soc_dapm_xxxx_pin functions
2014-02-20 18:40:07 +09:00
iommu
drivers/iommu/omap-iommu-debug.c: fix decimal permissions
2014-02-25 15:25:42 -08:00
ipack
irqchip
irq-metag*: stop set_affinity vectoring to offline cpus
2014-02-25 22:35:06 +00:00
isdn
isdn/capi: Make Middleware depend on CAPI2.0
2014-03-18 15:02:57 -04:00
leds
Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/cooloney/linux-leds
2014-01-28 18:53:01 -08:00
lguest
macintosh
Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/benh/powerpc
2014-01-27 21:11:26 -08:00
mailbox
drivers/mailbox/omap: make mbox->irq signed for error handling
2014-01-23 16:36:53 -08:00
md
dm cache: fix access beyond end of origin device
2014-03-12 13:52:00 -04:00
media
[media] adv7842: Composite free-run platfrom-data fix
2014-02-04 06:46:10 -02:00
memory
memstick
drivers/memstick/host/rtsx_pci_ms.c: fix ms card data transfer bug
2014-01-23 16:37:04 -08:00
message
drivers/message/i2o/i2o_config.c: fix deadlock in compat_ioctl(I2OGETIOPS)
2014-02-10 16:01:40 -08:00
mfd
sound fixes for 3.14-rc4
2014-02-21 09:55:32 -08:00
misc
mm: fix GFP_THISNODE callers and clarify
2014-03-10 17:26:19 -07:00
mmc
Fix uses of dma_max_pfn() when converting to a limiting address
2014-02-17 23:08:41 +00:00
mtd
Just a single fix for the UBI module unload path which makes sure we do not
2014-02-27 10:36:50 -08:00
net
net/mlx4_core: pass pci_device_id.driver_data to __mlx4_init_one during reset
2014-03-27 15:35:33 -04:00
nfc
ntb
nubus
of
Device tree compatible match order bug fix
2014-02-21 14:35:05 -08:00
oprofile
parisc
parport
TTY/Serial driver patches for 3.14-rc1
2014-01-20 16:05:23 -08:00
pci
PCI: Don't check resource_size() in pci_bus_alloc_resource()
2014-03-12 11:19:20 -06:00
pcmcia
PCI changes for the v3.14 merge window:
2014-01-22 16:39:28 -08:00
phy
phy: let phy_provider_register be the last step in registering PHY
2014-02-18 12:13:16 -08:00
pinctrl
ARM: SoC fixes for 3.14-rc
2014-03-09 19:27:31 -07:00
platform
platform/chrome: Cleanups and improvements
2014-01-29 20:06:01 -08:00
pnp
PNP / ACPI: proper handling of ACPI IO/Memory resource parsing failures
2014-03-11 21:22:10 +01:00
power
Few fixes:
2014-02-14 10:32:28 -08:00
powercap
pps
ps3
ptp
pwm
pwm: lp3943: Fix potential memory leak during request
2014-02-26 15:45:12 +01:00
rapidio
rapidio/tsi721: fix tasklet termination in dma channel release
2014-03-04 07:55:49 -08:00
regulator
regulator: Fixes for v3.14-rc5
2014-03-04 08:41:42 -08:00
remoteproc
reset
rpmsg
rtc
drivers/rtc/rtc-s3c.c: fix incorrect way of save/restore of S3C2410_TICNT for TYPE_S3C64XX
2014-03-04 07:55:48 -08:00
s390
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2014-03-04 08:44:32 -08:00
sbus
Sparc: sparc_cpu_model isn't in asm/system.h any more [ver #2]
2014-02-20 13:34:11 -05:00
scsi
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2014-03-24 17:07:24 -07:00
sfi
sh
sn
spi
Merge remote-tracking branches 'spi/fix/ath79', 'spi/fix/atmel', 'spi/fix/coldfire', 'spi/fix/fsl-dspi', 'spi/fix/imx' and 'spi/fix/topcliff-pch' into spi-linus
2014-03-07 11:08:13 +08:00
ssb
Merge branch 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus
2014-01-30 17:20:32 -08:00
staging
staging/cxt1e1/linux.c: Correct arbitrary memory write in c4_ioctl()
2014-03-04 16:20:01 -08:00
target
Target/sbc: Fix sbc_copy_prot for offset scatters
2014-03-06 20:52:11 -08:00
tc
thermal
Thermal: thermal zone governor fix
2014-03-03 23:15:57 +08:00
tty
sparc: serial: Clean up the locking for -rt
2014-03-06 16:32:25 -05:00
uio
usb
Revert "xhci 1.0: Limit arbitrarily-aligned scatter gather."
2014-03-07 11:48:13 -08:00
uwb
vfio
mm: close PageTail race
2014-03-04 07:55:47 -08:00
vhost
vhost: fix total length when packets are too short
2014-03-28 16:07:31 -04:00
video
video: Kconfig: Allow more broad selection of the imxfb framebuffer driver.
2014-02-14 10:44:52 +02:00
virt
virtio
A few simple fixes. Quiet cycle.
2014-01-22 22:24:35 -08:00
vlynq
drivers/vlynq/vlynq.c: fix another resource size off by 1 error
2014-01-23 16:36:55 -08:00
vme
VME: Correct read/write alignment algorithm
2014-02-07 08:16:14 -08:00
w1
drivers/w1/masters/w1-gpio.c: add strong pullup emulation
2014-01-23 16:37:04 -08:00
watchdog
watchdog: w83697hf_wdt: return ENODEV if no device was found
2014-02-21 20:36:46 +01:00
xen
Bug-fix:
2014-02-12 12:28:05 -08:00
zorro
Kconfig
Makefile