What we need is only "pack_id", so do not create a heap object or copy
the whole object in. The fix efficiently copies "pack_id" only.
Signed-off-by: Kangjie Lu
---
drivers/scsi/sg.c | 12 ++--
1 file changed, 2 insertions(+), 10 deletions(-)
diff --git a/drivers/scsi/sg.c b/drivers/scs
"opcode" has been copied in from user space and checked. We should not
copy it in again, which may have been modified by malicous
multi-threading user programs through race conditions. The fix uses the
opcode fetched in the first copy.
Signed-off-by: Kangjie Lu
---
drivers/scsi/sg.c | 3 ++-
1 f
The signature is checked so that it must be "MEGANIT". After the check,
if we fetch the signature again from user space, it may have been
modified by malicious user programs through race conditions. The fix
avoids fetching the signature again.
Signed-off-by: Kangjie Lu
---
drivers/scsi/megaraid.
"user_srb->count" may be changed by malicious user races. Let's set
"user_srbcmd->count" fetched in the second copy to be the one fetched in
the first copy.
Signed-off-by: Kangjie Lu
---
drivers/scsi/aacraid/commctrl.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/scsi/aacraid/co
user_msg[0] is a size variable, which is copied in from user space and
checked. It is copied in again from user space after the check, and used
in the following execution. Malicious user programs can race to change
user_msg[0] between the two copies, leading to incorrect size. The fix
ensures to us
user_msg[0] is copied in twice from user space. It contains size and is
critical. The fix ensures it is not changed in the second copy.
Signed-off-by: Kangjie Lu
---
drivers/scsi/dpt_i2o.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/scsi/dpt_i2o.c b/drivers/scsi/dpt_i2o.c
index
Hi Kangjie,
Thank you for the patch! Yet something to improve:
[auto build test ERROR on scsi/for-next]
[also build test ERROR on v4.20 next-20181224]
[if your patch is applied to the wrong git tree, please drop us a note to help
improve the system]
url:
https://github.com/0day-ci/linux/com
Hi Kangjie,
Thank you for the patch! Perhaps something to improve:
[auto build test WARNING on scsi/for-next]
[also build test WARNING on v4.20 next-20181224]
[if your patch is applied to the wrong git tree, please drop us a note to help
improve the system]
url:
https://github.com/0day-ci/l
there was discussion about this just some days ago. CC 4-5 lists is
more than enough
On 23/12/2018, Julia Lawall wrote:
>
>
> On Sun, 23 Dec 2018, Tom Psyborg wrote:
>
>> Why do you CC this to so many lists?
>
> Because the different files are in different subsystems. The cover letter
> goes to
What we need is only "pack_id", so do not create a heap object or copy
the whole object in. The fix efficiently copies "pack_id" only.
Signed-off-by: Kangjie Lu
---
drivers/scsi/sg.c | 4 ++--
kernel/sched/core.c | 18 --
2 files changed, 14 insertions(+), 8 deletions(-)
diff
By implementing an arch_nvram_ops struct, any platform can re-use the
drivers/char/nvram.c module without needing any arch-specific code
in that module. Atari does so here.
Atari has one user of nvram_check_checksum() whereas the other "CMOS"
platforms don't use that function at all. Replace this
On powerpc, setting CONFIG_NVRAM=n builds a kernel with no NVRAM support.
Setting CONFIG_NVRAM=m enables the /dev/nvram misc device module without
enabling NVRAM support in drivers. Setting CONFIG_NVRAM=y enables the
misc device (built-in) and also enables NVRAM support in drivers.
m68k shares the
On 2018-12-25 3:24 p.m., Kangjie Lu wrote:
"opcode" has been copied in from user space and checked. We should not
copy it in again, which may have been modified by malicous
multi-threading user programs through race conditions. The fix uses the
opcode fetched in the first copy.
Signed-off-by: Ka
In SPC-3, WRITE(10)/(16) support grouping function.
Let's associate bio write hint with group number for
enabling StreamID or Turbo Write feature.
Signed-off-by: Randall Huang
---
drivers/scsi/sd.c | 14 --
1 file changed, 12 insertions(+), 2 deletions(-)
diff --git a/drivers/scsi/s
In SPC-3, WRITE(10)/(16) support grouping function.
Let's associate bio write hint with group number for
enabling StreamID or Turbo Write feature.
Signed-off-by: Randall Huang
---
drivers/scsi/sd.c | 14 --
1 file changed, 12 insertions(+), 2 deletions(-)
diff --git a/drivers/scsi/s
aac_fib_send could fail, so add a check to its return value: If it
fails, issue an error message.
Signed-off-by: Kangjie Lu
---
drivers/scsi/aacraid/dpcsup.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/scsi/aacraid/dpcsup.c b/drivers/scsi/aacraid/dpcsup.c
index ddc69738375f..0f
On 2018-12-25 3:15 p.m., Kangjie Lu wrote:
What we need is only "pack_id", so do not create a heap object or copy
the whole object in. The fix efficiently copies "pack_id" only.
Now this looks like a worthwhile optimization, in some pretty tricky
code. I can't see a security angle in it. Did yo
When match_int fails, "arg" is left uninitialized and may contain random
value, thus should not be used.
The fix checks if match_int fails, and if so, break.
Signed-off-by: Kangjie Lu
---
drivers/target/target_core_rd.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/driver
18 matches
Mail list logo
