linux/drivers/ide
Christian Engelmayer e18ed145c7 ide: memory overrun in ide_get_identity_ioctl() on big endian machines using ioctl HDIO_OBSOLETE_IDENTITY
This patch fixes a memory overrun in function ide_get_identity_ioctl() which
chooses the size of a memory buffer depending on the ioctl command that led
to the function call, however, passes that buffer to a function which needs the
buffer size to be always chosen unconditionally.

Due to conditional compilation the memory overrun can only happen on big endian
machines. The error can be triggered using ioctl HDIO_OBSOLETE_IDENTITY. Usage
of ioctl HDIO_GET_IDENTITY is safe.

Signed-off-by: Christian Engelmayer <christian.engelmayer@frequentis.com>
Acked-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2009-06-29 19:31:41 -07:00
..
aec62xx.c ide: fix ->init_chipset method to return 'int' value 2009-03-24 23:22:53 +01:00
ali14xx.c ide: remove useless subdirs from drivers/ide/ 2008-10-21 20:57:23 +02:00
alim15x3.c alim15x3: Remove historical hacks, re-enable init_hwif for PowerPC 2009-04-30 18:38:01 +02:00
amd74xx.c ide: fix ->init_chipset method to return 'int' value 2009-03-24 23:22:53 +01:00
at91_ide.c ide: IORDY handling fixes 2009-06-15 18:52:53 +02:00
atiixp.c ide: remove no longer needed IDE_HFLAG[_FORCE]_LEGACY_IRQS 2009-03-24 23:22:52 +01:00
au1xxx-ide.c ide: remove hw_regs_t typedef 2009-05-17 19:12:25 +02:00
buddha.c ide: move ack_intr() method into 'struct ide_port_ops' (take 2) 2009-06-15 18:52:58 +02:00
cmd64x.c ide cmd64x: Remove serialize setting. 2009-06-21 22:48:03 -07:00
cmd640.c cmd640: implement test_irq() method 2009-06-15 18:52:58 +02:00
cs5520.c ide cs5520: Initialize second port's interrupt number. 2009-06-24 02:36:17 -07:00
cs5530.c ide: identify data word 53 bit 1 doesn't cover words 62 and 63 (take 3) 2009-03-31 20:15:27 +02:00
cs5535.c ide: remove useless subdirs from drivers/ide/ 2008-10-21 20:57:23 +02:00
cs5536.c ide: do not access ide_drive_t 'drive_data' field directly 2009-06-15 22:13:44 +02:00
cy82c693.c ide: remove HWIF() macro 2009-01-06 17:20:52 +01:00
delkin_cb.c ide: remove hw_regs_t typedef 2009-05-17 19:12:25 +02:00
dtc2278.c ide: add IDE_HFLAG_DTC2278 host flag 2009-03-27 12:46:28 +01:00
falconide.c ide: move ack_intr() method into 'struct ide_port_ops' (take 2) 2009-06-15 18:52:58 +02:00
gayle.c ide: move ack_intr() method into 'struct ide_port_ops' (take 2) 2009-06-15 18:52:58 +02:00
hpt366.c ide: add IDE_DFLAG_NIEN_QUIRK device flag 2009-06-07 15:37:10 +02:00
ht6560b.c ide: do not access ide_drive_t 'drive_data' field directly 2009-06-15 22:13:44 +02:00
icside.c ide: do not access ide_drive_t 'drive_data' field directly 2009-06-15 22:13:44 +02:00
ide_platform.c ide: remove driver_data direct access of struct device 2009-06-15 21:30:26 -07:00
ide-4drives.c ide: remove hw_regs_t typedef 2009-05-17 19:12:25 +02:00
ide-acpi.c ide: fix resume for CONFIG_BLK_DEV_IDEACPI=y 2009-06-29 19:20:42 -07:00
ide-atapi.c Merge branch 'for-2.6.31' of git://git.kernel.org/pub/scm/linux/kernel/git/bart/ide-2.6 2009-06-20 10:11:11 -07:00
ide-cd_ioctl.c ide: remove IDE_AFLAG_NO_DOORLOCKING 2008-10-17 18:09:11 +02:00
ide-cd_verbose.c
ide-cd.c ide-cd: handle fragmented packet commands gracefully 2009-06-26 11:22:37 -07:00
ide-cd.h ide-cd: convert to using generic sense request 2009-04-28 07:37:30 +02:00
ide-cs.c ide: remove hw_regs_t typedef 2009-05-17 19:12:25 +02:00
ide-devsets.c ide: always kill the whole request on error 2009-06-25 23:57:16 -07:00
ide-disk_ioctl.c [PATCH] switch ide_disk_ops ->ioctl() to sane prototype 2008-10-21 07:47:30 -04:00
ide-disk_proc.c ide: replace IDE_TFLAG_* flags by IDE_VALID_* 2009-04-08 14:13:01 +02:00
ide-disk.c ide: BUG() on unknown requests 2009-06-15 22:16:10 +02:00
ide-disk.h [PATCH] switch ide_disk_ops ->ioctl() to sane prototype 2008-10-21 07:47:30 -04:00
ide-dma-sff.c ide: remove wmb() from ide-dma-sff.c and scc_pata.c 2009-04-08 14:12:49 +02:00
ide-dma.c ide: relax DMA info validity checking 2009-06-24 00:32:32 -07:00
ide-eh.c ide: always kill the whole request on error 2009-06-25 23:57:16 -07:00
ide-floppy_ioctl.c ide-atapi: remove pc->buf 2009-05-15 06:44:38 +02:00
ide-floppy_proc.c ide: NULL noise: drivers/ide/ide-*.c 2009-03-05 16:10:56 +01:00
ide-floppy.c ide: always kill the whole request on error 2009-06-25 23:57:16 -07:00
ide-floppy.h [PATCH] switch ide_disk_ops ->ioctl() to sane prototype 2008-10-21 07:47:30 -04:00
ide-gd.c ide-gd: implement block device ->set_capacity method (v2) 2009-06-07 13:52:52 +02:00
ide-gd.h ide: move ->failed_pc to ide_drive_t 2009-03-27 12:46:34 +01:00
ide-generic.c ide: remove hw_regs_t typedef 2009-05-17 19:12:25 +02:00
ide-h8300.c ide: remove hw_regs_t typedef 2009-05-17 19:12:25 +02:00
ide-io-std.c ide: refactor tf_read() method 2009-04-08 14:13:03 +02:00
ide-io.c ide: always kill the whole request on error 2009-06-25 23:57:16 -07:00
ide-ioctls.c ide: memory overrun in ide_get_identity_ioctl() on big endian machines using ioctl HDIO_OBSOLETE_IDENTITY 2009-06-29 19:31:41 -07:00
ide-iops.c ide: add QUANTUM FIREBALLct20 30 with firmware APL.090 to ivb_list[] 2009-06-24 00:32:32 -07:00
ide-legacy.c ide: remove hw_regs_t typedef 2009-05-17 19:12:25 +02:00
ide-lib.c Merge branch 'master' into for-2.6.31 2009-05-22 20:28:35 +02:00
ide-park.c ide: use blk_run_queue() instead of blk_start_queueing() 2009-04-28 07:37:28 +02:00
ide-pci-generic.c ide_pci_generic: add quirk for Netcell ATA RAID 2009-05-30 20:06:54 +02:00
ide-pio-blacklist.c
ide-pm.c ide: fix resume for CONFIG_BLK_DEV_IDEACPI=y 2009-06-29 19:20:42 -07:00
ide-pnp.c ide: remove hw_regs_t typedef 2009-05-17 19:12:25 +02:00
ide-probe.c ide: fix handling of unexpected IRQs vs request_irq() 2009-06-24 00:32:30 -07:00
ide-proc.c ide: replace IDE_TFLAG_* flags by IDE_VALID_* 2009-04-08 14:13:01 +02:00
ide-scan-pci.c
ide-sysfs.c ide: move sysfs support to ide-sysfs.c 2009-01-02 16:12:48 +01:00
ide-tape.c ide: BUG() on unknown requests 2009-06-15 22:16:10 +02:00
ide-taskfile.c Merge branch 'for-2.6.31' of git://git.kernel.org/pub/scm/linux/kernel/git/bart/ide-2.6 2009-06-12 09:29:42 -07:00
ide-timings.c ide: add support for CFA specified transfer modes (take 3) 2009-03-31 20:15:28 +02:00
ide-xfer-mode.c ide: don't enable IORDY at a probe time 2009-06-15 18:52:54 +02:00
ide.c ide: preserve Host Protected Area by default (v2) 2009-06-07 13:52:52 +02:00
it821x.c ide: add ->dma_clear method and remove ->dma_timeout one 2009-03-31 20:15:19 +02:00
it8172.c ide: IORDY handling fixes 2009-06-15 18:52:53 +02:00
it8213.c ide: IORDY handling fixes 2009-06-15 18:52:53 +02:00
jmicron.c ide: Switch to a common address 2008-11-02 21:40:08 +01:00
Kconfig trivial: Kconfig: .ko is normally not included in module names 2009-06-12 18:01:50 +02:00
macide.c ide: move ack_intr() method into 'struct ide_port_ops' (take 2) 2009-06-15 18:52:58 +02:00
Makefile ide: merge ide_arm and ide_generic host drivers 2009-03-31 20:15:24 +02:00
ns87415.c ide: refactor tf_read() method 2009-04-08 14:13:03 +02:00
opti621.c ide: do not access ide_drive_t 'drive_data' field directly 2009-06-15 22:13:44 +02:00
palm_bk3710.c ide: remove hw_regs_t typedef 2009-05-17 19:12:25 +02:00
pdc202xx_new.c ide: respect quirk_drives[] list on all controllers 2009-06-07 15:37:09 +02:00
pdc202xx_old.c pdc202xx_old: implement test_irq() method (take 2) 2009-06-15 18:52:59 +02:00
piix.c ide: IORDY handling fixes 2009-06-15 18:52:53 +02:00
pmac.c ide: remove hw_regs_t typedef 2009-05-17 19:12:25 +02:00
q40ide.c ide: move ack_intr() method into 'struct ide_port_ops' (take 2) 2009-06-15 18:52:58 +02:00
qd65xx.c ide: do not access ide_drive_t 'drive_data' field directly 2009-06-15 22:13:44 +02:00
qd65xx.h ide: do not access ide_drive_t 'drive_data' field directly 2009-06-15 22:13:44 +02:00
rapide.c ide: remove hw_regs_t typedef 2009-05-17 19:12:25 +02:00
rz1000.c rz1000: apply chipset quirks early (v2) 2008-12-29 20:27:33 +01:00
sc1200.c ide: identify data word 53 bit 1 doesn't cover words 62 and 63 (take 3) 2009-03-31 20:15:27 +02:00
scc_pata.c ide: remove hw_regs_t typedef 2009-05-17 19:12:25 +02:00
serverworks.c ide: fix ->init_chipset method to return 'int' value 2009-03-24 23:22:53 +01:00
setup-pci.c ide: re-implement ide_pci_init_one() on top of ide_pci_init_two() 2009-06-10 14:37:21 +02:00
sgiioc4.c sgiioc4: coding style cleanup 2009-06-15 18:52:55 +02:00
siimage.c siimage: implement test_irq() method 2009-06-15 18:53:00 +02:00
sis5513.c ide: fix ->init_chipset method to return 'int' value 2009-03-24 23:22:53 +01:00
sl82c105.c ide: do not access ide_drive_t 'drive_data' field directly 2009-06-15 22:13:44 +02:00
slc90e66.c ide: IORDY handling fixes 2009-06-15 18:52:53 +02:00
tc86c001.c ide: convert to rq pos and nr_sectors accessors 2009-05-11 09:50:54 +02:00
triflex.c ide: remove HWIF() macro 2009-01-06 17:20:52 +01:00
trm290.c ide: turn selectproc() method into dev_select() method (take 5) 2009-03-31 20:15:32 +02:00
tx4938ide.c ide: remove hw_regs_t typedef 2009-05-17 19:12:25 +02:00
tx4939ide.c Merge branch 'for-2.6.31' of git://git.kernel.org/pub/scm/linux/kernel/git/bart/ide-2.6 2009-06-12 09:29:42 -07:00
umc8672.c ide: merge ide_hwgroup_t with ide_hwif_t (v2) 2009-01-06 17:20:50 +01:00
via82cxxx.c via82cxxx: Add VIA VX855 PCI Device ID 2009-05-22 16:23:39 +02:00