iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/drivers/ide
History
Christian Engelmayer e18ed145c7 ide: memory overrun in ide_get_identity_ioctl() on big endian machines using ioctl HDIO_OBSOLETE_IDENTITY 
This patch fixes a memory overrun in function ide_get_identity_ioctl() which
chooses the size of a memory buffer depending on the ioctl command that led
to the function call, however, passes that buffer to a function which needs the
buffer size to be always chosen unconditionally.

Due to conditional compilation the memory overrun can only happen on big endian
machines. The error can be triggered using ioctl HDIO_OBSOLETE_IDENTITY. Usage
of ioctl HDIO_GET_IDENTITY is safe.

Signed-off-by: Christian Engelmayer <christian.engelmayer@frequentis.com>
Acked-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2009-06-29 19:31:41 -07:00
..
aec62xx.c
ide: fix ->init_chipset method to return 'int' value
2009-03-24 23:22:53 +01:00
ali14xx.c
ide: remove useless subdirs from drivers/ide/
2008-10-21 20:57:23 +02:00
alim15x3.c
alim15x3: Remove historical hacks, re-enable init_hwif for PowerPC
2009-04-30 18:38:01 +02:00
amd74xx.c
ide: fix ->init_chipset method to return 'int' value
2009-03-24 23:22:53 +01:00
at91_ide.c
ide: IORDY handling fixes
2009-06-15 18:52:53 +02:00
atiixp.c
ide: remove no longer needed IDE_HFLAG[_FORCE]_LEGACY_IRQS
2009-03-24 23:22:52 +01:00
au1xxx-ide.c
ide: remove hw_regs_t typedef
2009-05-17 19:12:25 +02:00
buddha.c
ide: move ack_intr() method into 'struct ide_port_ops' (take 2)
2009-06-15 18:52:58 +02:00
cmd64x.c
ide cmd64x: Remove serialize setting.
2009-06-21 22:48:03 -07:00
cmd640.c
cmd640: implement test_irq() method
2009-06-15 18:52:58 +02:00
cs5520.c
ide cs5520: Initialize second port's interrupt number.
2009-06-24 02:36:17 -07:00
cs5530.c
ide: identify data word 53 bit 1 doesn't cover words 62 and 63 (take 3)
2009-03-31 20:15:27 +02:00
cs5535.c
ide: remove useless subdirs from drivers/ide/
2008-10-21 20:57:23 +02:00
cs5536.c
ide: do not access ide_drive_t 'drive_data' field directly
2009-06-15 22:13:44 +02:00
cy82c693.c
ide: remove HWIF() macro
2009-01-06 17:20:52 +01:00
delkin_cb.c
ide: remove hw_regs_t typedef
2009-05-17 19:12:25 +02:00
dtc2278.c
ide: add IDE_HFLAG_DTC2278 host flag
2009-03-27 12:46:28 +01:00
falconide.c
ide: move ack_intr() method into 'struct ide_port_ops' (take 2)
2009-06-15 18:52:58 +02:00
gayle.c
ide: move ack_intr() method into 'struct ide_port_ops' (take 2)
2009-06-15 18:52:58 +02:00
hpt366.c
ide: add IDE_DFLAG_NIEN_QUIRK device flag
2009-06-07 15:37:10 +02:00
ht6560b.c
ide: do not access ide_drive_t 'drive_data' field directly
2009-06-15 22:13:44 +02:00
icside.c
ide: do not access ide_drive_t 'drive_data' field directly
2009-06-15 22:13:44 +02:00
ide_platform.c
ide: remove driver_data direct access of struct device
2009-06-15 21:30:26 -07:00
ide-4drives.c
ide: remove hw_regs_t typedef
2009-05-17 19:12:25 +02:00
ide-acpi.c
ide: fix resume for CONFIG_BLK_DEV_IDEACPI=y
2009-06-29 19:20:42 -07:00
ide-atapi.c
Merge branch 'for-2.6.31' of git://git.kernel.org/pub/scm/linux/kernel/git/bart/ide-2.6
2009-06-20 10:11:11 -07:00
ide-cd_ioctl.c
ide: remove IDE_AFLAG_NO_DOORLOCKING
2008-10-17 18:09:11 +02:00
ide-cd_verbose.c
block: replace sizeof(rq->cmd) with BLK_MAX_CDB
2008-04-29 14:48:55 +02:00
ide-cd.c
ide-cd: handle fragmented packet commands gracefully
2009-06-26 11:22:37 -07:00
ide-cd.h
ide-cd: convert to using generic sense request
2009-04-28 07:37:30 +02:00
ide-cs.c
ide: remove hw_regs_t typedef
2009-05-17 19:12:25 +02:00
ide-devsets.c
ide: always kill the whole request on error
2009-06-25 23:57:16 -07:00
ide-disk_ioctl.c
[PATCH] switch ide_disk_ops ->ioctl() to sane prototype
2008-10-21 07:47:30 -04:00
ide-disk_proc.c
ide: replace IDE_TFLAG_* flags by IDE_VALID_*
2009-04-08 14:13:01 +02:00
ide-disk.c
ide: BUG() on unknown requests
2009-06-15 22:16:10 +02:00
ide-disk.h
[PATCH] switch ide_disk_ops ->ioctl() to sane prototype
2008-10-21 07:47:30 -04:00
ide-dma-sff.c
ide: remove wmb() from ide-dma-sff.c and scc_pata.c
2009-04-08 14:12:49 +02:00
ide-dma.c
ide: relax DMA info validity checking
2009-06-24 00:32:32 -07:00
ide-eh.c
ide: always kill the whole request on error
2009-06-25 23:57:16 -07:00
ide-floppy_ioctl.c
ide-atapi: remove pc->buf
2009-05-15 06:44:38 +02:00
ide-floppy_proc.c
ide: NULL noise: drivers/ide/ide-*.c
2009-03-05 16:10:56 +01:00
ide-floppy.c
ide: always kill the whole request on error
2009-06-25 23:57:16 -07:00
ide-floppy.h
[PATCH] switch ide_disk_ops ->ioctl() to sane prototype
2008-10-21 07:47:30 -04:00
ide-gd.c
ide-gd: implement block device ->set_capacity method (v2)
2009-06-07 13:52:52 +02:00
ide-gd.h
ide: move ->failed_pc to ide_drive_t
2009-03-27 12:46:34 +01:00
ide-generic.c
ide: remove hw_regs_t typedef
2009-05-17 19:12:25 +02:00
ide-h8300.c
ide: remove hw_regs_t typedef
2009-05-17 19:12:25 +02:00
ide-io-std.c
ide: refactor tf_read() method
2009-04-08 14:13:03 +02:00
ide-io.c
ide: always kill the whole request on error
2009-06-25 23:57:16 -07:00
ide-ioctls.c
ide: memory overrun in ide_get_identity_ioctl() on big endian machines using ioctl HDIO_OBSOLETE_IDENTITY
2009-06-29 19:31:41 -07:00
ide-iops.c
ide: add QUANTUM FIREBALLct20 30 with firmware APL.090 to ivb_list[]
2009-06-24 00:32:32 -07:00
ide-legacy.c
ide: remove hw_regs_t typedef
2009-05-17 19:12:25 +02:00
ide-lib.c
Merge branch 'master' into for-2.6.31
2009-05-22 20:28:35 +02:00
ide-park.c
ide: use blk_run_queue() instead of blk_start_queueing()
2009-04-28 07:37:28 +02:00
ide-pci-generic.c
ide_pci_generic: add quirk for Netcell ATA RAID
2009-05-30 20:06:54 +02:00
ide-pio-blacklist.c
ide: move PIO blacklist to ide-pio-blacklist.c
2008-07-16 20:33:39 +02:00
ide-pm.c
ide: fix resume for CONFIG_BLK_DEV_IDEACPI=y
2009-06-29 19:20:42 -07:00
ide-pnp.c
ide: remove hw_regs_t typedef
2009-05-17 19:12:25 +02:00
ide-probe.c
ide: fix handling of unexpected IRQs vs request_irq()
2009-06-24 00:32:30 -07:00
ide-proc.c
ide: replace IDE_TFLAG_* flags by IDE_VALID_*
2009-04-08 14:13:01 +02:00
ide-scan-pci.c
ide: replace remaining __FUNCTION__ occurrences
2008-04-26 22:25:20 +02:00
ide-sysfs.c
ide: move sysfs support to ide-sysfs.c
2009-01-02 16:12:48 +01:00
ide-tape.c
ide: BUG() on unknown requests
2009-06-15 22:16:10 +02:00
ide-taskfile.c
Merge branch 'for-2.6.31' of git://git.kernel.org/pub/scm/linux/kernel/git/bart/ide-2.6
2009-06-12 09:29:42 -07:00
ide-timings.c
ide: add support for CFA specified transfer modes (take 3)
2009-03-31 20:15:28 +02:00
ide-xfer-mode.c
ide: don't enable IORDY at a probe time
2009-06-15 18:52:54 +02:00
ide.c
ide: preserve Host Protected Area by default (v2)
2009-06-07 13:52:52 +02:00
it821x.c
ide: add ->dma_clear method and remove ->dma_timeout one
2009-03-31 20:15:19 +02:00
it8172.c
ide: IORDY handling fixes
2009-06-15 18:52:53 +02:00
it8213.c
ide: IORDY handling fixes
2009-06-15 18:52:53 +02:00
jmicron.c
ide: Switch to a common address
2008-11-02 21:40:08 +01:00
Kconfig
trivial: Kconfig: .ko is normally not included in module names
2009-06-12 18:01:50 +02:00
macide.c
ide: move ack_intr() method into 'struct ide_port_ops' (take 2)
2009-06-15 18:52:58 +02:00
Makefile
ide: merge ide_arm and ide_generic host drivers
2009-03-31 20:15:24 +02:00
ns87415.c
ide: refactor tf_read() method
2009-04-08 14:13:03 +02:00
opti621.c
ide: do not access ide_drive_t 'drive_data' field directly
2009-06-15 22:13:44 +02:00
palm_bk3710.c
ide: remove hw_regs_t typedef
2009-05-17 19:12:25 +02:00
pdc202xx_new.c
ide: respect quirk_drives[] list on all controllers
2009-06-07 15:37:09 +02:00
pdc202xx_old.c
pdc202xx_old: implement test_irq() method (take 2)
2009-06-15 18:52:59 +02:00
piix.c
ide: IORDY handling fixes
2009-06-15 18:52:53 +02:00
pmac.c
ide: remove hw_regs_t typedef
2009-05-17 19:12:25 +02:00
q40ide.c
ide: move ack_intr() method into 'struct ide_port_ops' (take 2)
2009-06-15 18:52:58 +02:00
qd65xx.c
ide: do not access ide_drive_t 'drive_data' field directly
2009-06-15 22:13:44 +02:00
qd65xx.h
ide: do not access ide_drive_t 'drive_data' field directly
2009-06-15 22:13:44 +02:00
rapide.c
ide: remove hw_regs_t typedef
2009-05-17 19:12:25 +02:00
rz1000.c
rz1000: apply chipset quirks early (v2)
2008-12-29 20:27:33 +01:00
sc1200.c
ide: identify data word 53 bit 1 doesn't cover words 62 and 63 (take 3)
2009-03-31 20:15:27 +02:00
scc_pata.c
ide: remove hw_regs_t typedef
2009-05-17 19:12:25 +02:00
serverworks.c
ide: fix ->init_chipset method to return 'int' value
2009-03-24 23:22:53 +01:00
setup-pci.c
ide: re-implement ide_pci_init_one() on top of ide_pci_init_two()
2009-06-10 14:37:21 +02:00
sgiioc4.c
sgiioc4: coding style cleanup
2009-06-15 18:52:55 +02:00
siimage.c
siimage: implement test_irq() method
2009-06-15 18:53:00 +02:00
sis5513.c
ide: fix ->init_chipset method to return 'int' value
2009-03-24 23:22:53 +01:00
sl82c105.c
ide: do not access ide_drive_t 'drive_data' field directly
2009-06-15 22:13:44 +02:00
slc90e66.c
ide: IORDY handling fixes
2009-06-15 18:52:53 +02:00
tc86c001.c
ide: convert to rq pos and nr_sectors accessors
2009-05-11 09:50:54 +02:00
triflex.c
ide: remove HWIF() macro
2009-01-06 17:20:52 +01:00
trm290.c
ide: turn selectproc() method into dev_select() method (take 5)
2009-03-31 20:15:32 +02:00
tx4938ide.c
ide: remove hw_regs_t typedef
2009-05-17 19:12:25 +02:00
tx4939ide.c
Merge branch 'for-2.6.31' of git://git.kernel.org/pub/scm/linux/kernel/git/bart/ide-2.6
2009-06-12 09:29:42 -07:00
umc8672.c
ide: merge ide_hwgroup_t with ide_hwif_t (v2)
2009-01-06 17:20:50 +01:00
via82cxxx.c
via82cxxx: Add VIA VX855 PCI Device ID
2009-05-22 16:23:39 +02:00