From: Paul Gortmaker <paul.gortmaker@windriver.com>
To: stable@kernel.org, linux-kernel@vger.kernel.org
Cc: stable-review@kernel.org, Phil Blundell <philb@gnu.org>,
"David S. Miller" <davem@davemloft.net>,
Paul Gortmaker <paul.gortmaker@windriver.com>
Subject: [34-longterm 133/209] econet: fix CVE-2010-3848
Date: Thu, 14 Apr 2011 13:54:51 -0400 [thread overview]
Message-ID: <1302803767-9715-20-git-send-email-paul.gortmaker@windriver.com> (raw)
In-Reply-To: <1302803767-9715-1-git-send-email-paul.gortmaker@windriver.com>
From: Phil Blundell <philb@gnu.org>
=====================================================================
| This is a commit scheduled for the next v2.6.34 longterm release. |
| If you see a problem with using this for longterm, please comment.|
=====================================================================
commit a27e13d370415add3487949c60810e36069a23a6 upstream
Don't declare variable sized array of iovecs on the stack since this
could cause stack overflow if msg->msgiovlen is large. Instead, coalesce
the user-supplied data into a new buffer and use a single iovec for it.
Signed-off-by: Phil Blundell <philb@gnu.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
---
net/econet/af_econet.c | 62 ++++++++++++++++++++++++------------------------
1 files changed, 31 insertions(+), 31 deletions(-)
diff --git a/net/econet/af_econet.c b/net/econet/af_econet.c
index cd62e27..2e41c76 100644
--- a/net/econet/af_econet.c
+++ b/net/econet/af_econet.c
@@ -31,6 +31,7 @@
#include <linux/skbuff.h>
#include <linux/udp.h>
#include <linux/slab.h>
+#include <linux/vmalloc.h>
#include <net/sock.h>
#include <net/inet_common.h>
#include <linux/stat.h>
@@ -276,12 +277,12 @@ static int econet_sendmsg(struct kiocb *iocb, struct socket *sock,
#endif
#ifdef CONFIG_ECONET_AUNUDP
struct msghdr udpmsg;
- struct iovec iov[msg->msg_iovlen+1];
+ struct iovec iov[2];
struct aunhdr ah;
struct sockaddr_in udpdest;
__kernel_size_t size;
- int i;
mm_segment_t oldfs;
+ char *userbuf;
#endif
/*
@@ -319,17 +320,17 @@ static int econet_sendmsg(struct kiocb *iocb, struct socket *sock,
}
}
- if (len + 15 > dev->mtu) {
- mutex_unlock(&econet_mutex);
- return -EMSGSIZE;
- }
-
if (dev->type == ARPHRD_ECONET) {
/* Real hardware Econet. We're not worthy etc. */
#ifdef CONFIG_ECONET_NATIVE
unsigned short proto = 0;
int res;
+ if (len + 15 > dev->mtu) {
+ mutex_unlock(&econet_mutex);
+ return -EMSGSIZE;
+ }
+
dev_hold(dev);
skb = sock_alloc_send_skb(sk, len+LL_ALLOCATED_SPACE(dev),
@@ -405,6 +406,11 @@ static int econet_sendmsg(struct kiocb *iocb, struct socket *sock,
return -ENETDOWN; /* No socket - can't send */
}
+ if (len > 32768) {
+ err = -E2BIG;
+ goto error;
+ }
+
/* Make up a UDP datagram and hand it off to some higher intellect. */
memset(&udpdest, 0, sizeof(udpdest));
@@ -436,36 +442,26 @@ static int econet_sendmsg(struct kiocb *iocb, struct socket *sock,
/* tack our header on the front of the iovec */
size = sizeof(struct aunhdr);
- /*
- * XXX: that is b0rken. We can't mix userland and kernel pointers
- * in iovec, since on a lot of platforms copy_from_user() will
- * *not* work with the kernel and userland ones at the same time,
- * regardless of what we do with set_fs(). And we are talking about
- * econet-over-ethernet here, so "it's only ARM anyway" doesn't
- * apply. Any suggestions on fixing that code? -- AV
- */
iov[0].iov_base = (void *)&ah;
iov[0].iov_len = size;
- for (i = 0; i < msg->msg_iovlen; i++) {
- void __user *base = msg->msg_iov[i].iov_base;
- size_t iov_len = msg->msg_iov[i].iov_len;
- /* Check it now since we switch to KERNEL_DS later. */
- if (!access_ok(VERIFY_READ, base, iov_len)) {
- mutex_unlock(&econet_mutex);
- return -EFAULT;
- }
- iov[i+1].iov_base = base;
- iov[i+1].iov_len = iov_len;
- size += iov_len;
+
+ userbuf = vmalloc(len);
+ if (userbuf == NULL) {
+ err = -ENOMEM;
+ goto error;
}
+ iov[1].iov_base = userbuf;
+ iov[1].iov_len = len;
+ err = memcpy_fromiovec(userbuf, msg->msg_iov, len);
+ if (err)
+ goto error_free_buf;
+
/* Get a skbuff (no data, just holds our cb information) */
if ((skb = sock_alloc_send_skb(sk, 0,
msg->msg_flags & MSG_DONTWAIT,
- &err)) == NULL) {
- mutex_unlock(&econet_mutex);
- return err;
- }
+ &err)) == NULL)
+ goto error_free_buf;
eb = (struct ec_cb *)&skb->cb;
@@ -481,7 +477,7 @@ static int econet_sendmsg(struct kiocb *iocb, struct socket *sock,
udpmsg.msg_name = (void *)&udpdest;
udpmsg.msg_namelen = sizeof(udpdest);
udpmsg.msg_iov = &iov[0];
- udpmsg.msg_iovlen = msg->msg_iovlen + 1;
+ udpmsg.msg_iovlen = 2;
udpmsg.msg_control = NULL;
udpmsg.msg_controllen = 0;
udpmsg.msg_flags=0;
@@ -489,9 +485,13 @@ static int econet_sendmsg(struct kiocb *iocb, struct socket *sock,
oldfs = get_fs(); set_fs(KERNEL_DS); /* More privs :-) */
err = sock_sendmsg(udpsock, &udpmsg, size);
set_fs(oldfs);
+
+error_free_buf:
+ vfree(userbuf);
#else
err = -EPROTOTYPE;
#endif
+ error:
mutex_unlock(&econet_mutex);
return err;
--
1.7.4.4
next prev parent reply other threads:[~2011-04-14 17:57 UTC|newest]
Thread overview: 212+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-04-14 17:40 [34-longterm 000/209] v2.6.34.9 longterm review Paul Gortmaker
2011-04-14 17:40 ` [34-longterm 001/209] ath9k: fix retry count for A-MPDU rate control status reports Paul Gortmaker
2011-04-14 17:40 ` [34-longterm 002/209] ath9k_hw: fix antenna diversity on AR9285 Paul Gortmaker
2011-04-14 17:40 ` [34-longterm 003/209] CRED: Fix RCU warning due to previous patch fixing __task_cred()'s checks Paul Gortmaker
2011-04-14 17:40 ` [34-longterm 004/209] drm/radeon: fall back to GTT if bo creation/validation in VRAM fails Paul Gortmaker
2011-04-14 17:40 ` [34-longterm 005/209] drm/radeon/kms: handle the case of no active displays properly in the bandwidth code Paul Gortmaker
2011-04-14 17:40 ` [34-longterm 006/209] drm/i915: Unset cursor if out-of-bounds upon mode change (v4) Paul Gortmaker
2011-04-14 17:40 ` [34-longterm 007/209] serial: add support for OX16PCI958 card Paul Gortmaker
2011-04-14 17:40 ` [34-longterm 008/209] md: fix another deadlock with removing sysfs attributes Paul Gortmaker
2011-04-14 17:40 ` [34-longterm 009/209] e100/e1000*/igb*/ixgb*: Add missing read memory barrier Paul Gortmaker
2011-04-14 17:40 ` [34-longterm 010/209] ioat2: catch and recover from broken vtd configurations v6 Paul Gortmaker
2011-04-14 17:40 ` [34-longterm 011/209] Fix sget() race with failing mount Paul Gortmaker
2011-04-14 17:40 ` [34-longterm 012/209] drbd: Initialize all members of sync_conf to their defaults [Bugz 315] Paul Gortmaker
2011-04-14 17:40 ` [34-longterm 013/209] crypto: testmgr - add an option to disable cryptoalgos' self-tests Paul Gortmaker
2011-04-14 17:40 ` [34-longterm 014/209] udp: add rehash on connect() Paul Gortmaker
2011-04-14 17:40 ` [34-longterm 015/209] block: Ensure physical block size is unsigned int Paul Gortmaker
2011-04-14 17:40 ` [34-longterm 016/209] block: limit vec count in bio_kmalloc() and bio_alloc_map_data() Paul Gortmaker
2011-04-14 17:40 ` [34-longterm 017/209] block: take care not to overflow when calculating total iov length Paul Gortmaker
2011-04-14 17:40 ` [34-longterm 018/209] block: check for proper length of iov entries in blk_rq_map_user_iov() Paul Gortmaker
2011-04-14 17:40 ` [34-longterm 019/209] jme: Fix PHY power-off error Paul Gortmaker
2011-04-14 17:40 ` [34-longterm 020/209] irda: Fix parameter extraction stack overflow Paul Gortmaker
2011-04-14 17:40 ` [34-longterm 021/209] irda: Fix heap memory corruption in iriap.c Paul Gortmaker
2011-04-14 17:40 ` [34-longterm 022/209] i2c-pca-platform: Change device name of request_irq Paul Gortmaker
2011-04-14 17:40 ` [34-longterm 023/209] microblaze: Fix build with make 3.82 Paul Gortmaker
2011-04-14 17:40 ` [34-longterm 024/209] net: clear heap allocation for ETHTOOL_GRXCLSRLALL Paul Gortmaker
2011-04-14 17:40 ` [34-longterm 025/209] Staging: asus_oled: fix up some sysfs attribute permissions Paul Gortmaker
2011-04-14 17:40 ` [34-longterm 026/209] Staging: asus_oled: fix up my fixup for " Paul Gortmaker
2011-04-14 17:40 ` [34-longterm 027/209] Staging: line6: fix up " Paul Gortmaker
2011-04-14 17:40 ` [34-longterm 028/209] Staging: line6: fix up my fixup for " Paul Gortmaker
2011-04-14 17:40 ` [34-longterm 029/209] hpet: fix unwanted interrupt due to stale irq status bit Paul Gortmaker
2011-04-14 17:41 ` [34-longterm 030/209] hpet: unmap unused I/O space Paul Gortmaker
2011-04-14 17:41 ` [34-longterm 031/209] olpc_battery: Fix endian neutral breakage for s16 values Paul Gortmaker
2011-04-14 17:41 ` [34-longterm 032/209] percpu: fix list_head init bug in __percpu_counter_init() Paul Gortmaker
2011-04-14 17:41 ` [34-longterm 033/209] um: remove PAGE_SIZE alignment in linker script causing kernel segfault Paul Gortmaker
2011-04-14 17:41 ` [34-longterm 034/209] um: fix global timer issue when using CONFIG_NO_HZ Paul Gortmaker
2011-04-14 17:41 ` [34-longterm 035/209] numa: fix slab_node(MPOL_BIND) Paul Gortmaker
2011-04-14 17:41 ` [34-longterm 036/209] hwmon: (lm85) Fix ADT7468 frequency table Paul Gortmaker
2011-04-14 17:41 ` [34-longterm 037/209] mm: fix return value of scan_lru_pages in memory unplug Paul Gortmaker
2011-04-14 17:41 ` [34-longterm 038/209] mm: fix is_mem_section_removable() page_order BUG_ON check Paul Gortmaker
2011-04-14 17:41 ` [34-longterm 039/209] ssb: b43-pci-bridge: Add new vendor for BCM4318 Paul Gortmaker
2011-04-14 17:41 ` [34-longterm 040/209] sgi-xpc: XPC fails to discover partitions with all nasids above 128 Paul Gortmaker
2011-04-14 17:41 ` [34-longterm 041/209] xen: ensure that all event channels start off bound to VCPU 0 Paul Gortmaker
2011-04-14 17:41 ` [34-longterm 042/209] xen: don't bother to stop other cpus on shutdown/reboot Paul Gortmaker
2011-04-14 17:41 ` [34-longterm 043/209] ipc: initialize structure memory to zero for compat functions Paul Gortmaker
2011-04-14 17:41 ` [34-longterm 044/209] ipc: shm: fix information leak to userland Paul Gortmaker
2011-04-14 17:41 ` [34-longterm 045/209] sys_semctl: fix kernel stack leakage Paul Gortmaker
2011-04-14 17:41 ` [34-longterm 046/209] net: NETIF_F_HW_CSUM does not imply FCoE CRC offload Paul Gortmaker
2011-04-14 17:41 ` [34-longterm 047/209] drivers/char/vt_ioctl.c: fix VT_OPENQRY error value Paul Gortmaker
2011-04-14 17:41 ` [34-longterm 048/209] viafb: use proper register for colour when doing fill ops Paul Gortmaker
2011-04-14 17:41 ` [34-longterm 049/209] eCryptfs: Clear LOOKUP_OPEN flag when creating lower file Paul Gortmaker
2011-04-14 17:41 ` [34-longterm 050/209] md/raid1: really fix recovery looping when single good device fails Paul Gortmaker
2011-04-14 17:41 ` [34-longterm 051/209] md: fix return value of rdev_size_change() Paul Gortmaker
2011-04-14 17:41 ` [34-longterm 052/209] tty: prevent DOS in the flush_to_ldisc Paul Gortmaker
2011-04-14 17:41 ` [34-longterm 053/209] TTY: restore tty_ldisc_wait_idle Paul Gortmaker
2011-04-14 17:41 ` [34-longterm 054/209] tty_ldisc: Fix BUG() on hangup Paul Gortmaker
2011-04-14 17:41 ` [34-longterm 055/209] TTY: ldisc, fix open flag handling Paul Gortmaker
2011-04-14 17:41 ` [34-longterm 056/209] KVM: x86: fix information leak to userland Paul Gortmaker
2011-04-14 17:41 ` [34-longterm 057/209] KVM: VMX: Fix host userspace gsbase corruption Paul Gortmaker
2011-04-14 17:41 ` [34-longterm 058/209] firewire: ohci: fix buffer overflow in AR split packet handling Paul Gortmaker
2011-04-14 17:41 ` [34-longterm 059/209] firewire: ohci: fix race " Paul Gortmaker
2011-04-14 17:41 ` [34-longterm 060/209] ALSA: ac97: Apply quirk for Dell Latitude D610 binding Master and Headphone controls Paul Gortmaker
2011-04-14 17:41 ` [34-longterm 061/209] ALSA: HDA: Add an extra DAC for Realtek ALC887-VD Paul Gortmaker
2011-04-14 17:41 ` [34-longterm 062/209] ALSA: hda: Use "alienware" model quirk for another SSID Paul Gortmaker
2011-04-14 17:41 ` [34-longterm 063/209] netfilter: nf_conntrack: allow nf_ct_alloc_hashtable() to get highmem pages Paul Gortmaker
2011-04-14 17:41 ` [34-longterm 064/209] latencytop: fix per task accumulator Paul Gortmaker
2011-04-14 17:41 ` [34-longterm 065/209] mm/vfs: revalidate page->mapping in do_generic_file_read() Paul Gortmaker
2011-04-14 17:41 ` [34-longterm 066/209] bio: take care not overflow page count when mapping/copying user data Paul Gortmaker
2011-04-14 17:41 ` [34-longterm 067/209] drm/ttm: Clear the ghost cpu_writers flag on ttm_buffer_object_transfer Paul Gortmaker
2011-04-14 17:41 ` [34-longterm 068/209] libata: fix NULL sdev dereference race in atapi_qc_complete() Paul Gortmaker
2011-04-14 17:41 ` [34-longterm 069/209] PCI: fix size checks for mmap() on /proc/bus/pci files Paul Gortmaker
2011-04-14 17:41 ` [34-longterm 070/209] PCI: sysfs: fix printk warnings Paul Gortmaker
2011-04-14 17:41 ` [34-longterm 071/209] PCI: fix offset check for sysfs mmapped files Paul Gortmaker
2011-04-14 17:41 ` [34-longterm 072/209] efifb: check that the base address is plausible on pci systems Paul Gortmaker
2011-04-14 17:41 ` [34-longterm 073/209] USB: ftdi_sio: add device IDs for Milkymist One JTAG/serial Paul Gortmaker
2011-04-14 17:41 ` [34-longterm 074/209] USB: option: fix when the driver is loaded incorrectly for some Huawei devices Paul Gortmaker
2011-04-14 17:41 ` [34-longterm 075/209] usb: misc: sisusbvga: fix information leak to userland Paul Gortmaker
2011-04-14 17:41 ` [34-longterm 076/209] usb: misc: iowarrior: " Paul Gortmaker
2011-04-14 17:41 ` [34-longterm 077/209] usb: core: " Paul Gortmaker
2011-04-14 17:41 ` [34-longterm 078/209] USB: EHCI: fix obscure race in ehci_endpoint_disable Paul Gortmaker
2011-04-14 17:41 ` [34-longterm 079/209] USB: storage: sierra_ms: fix sysfs file attribute Paul Gortmaker
2011-04-14 17:41 ` [34-longterm 080/209] USB: atm: ueagle-atm: fix up some permissions on the sysfs files Paul Gortmaker
2011-04-14 17:41 ` [34-longterm 081/209] USB: misc: cypress_cy7c63: fix up some sysfs attribute permissions Paul Gortmaker
2011-04-14 17:41 ` [34-longterm 082/209] USB: misc: usbled: " Paul Gortmaker
2011-04-14 17:41 ` [34-longterm 083/209] USB: ftdi_sio: revert "USB: ftdi_sio: fix DTR/RTS line modes" Paul Gortmaker
2011-04-14 17:41 ` [34-longterm 084/209] USB: misc: trancevibrator: fix up a sysfs attribute permission Paul Gortmaker
2011-04-14 17:41 ` [34-longterm 085/209] USB: misc: usbsevseg: fix up some sysfs attribute permissions Paul Gortmaker
2011-04-14 17:41 ` [34-longterm 086/209] USB: ftdi_sio: Add ID for RT Systems USB-29B radio cable Paul Gortmaker
2011-04-14 17:41 ` [34-longterm 087/209] USB: serial: ftdi_sio: Vardaan USB RS422/485 converter PID added Paul Gortmaker
2011-04-14 17:41 ` [34-longterm 088/209] acpi-cpufreq: fix a memleak when unloading driver Paul Gortmaker
2011-04-14 17:41 ` [34-longterm 089/209] fuse: fix attributes after open(O_TRUNC) Paul Gortmaker
2011-04-14 17:42 ` [34-longterm 090/209] do_exit(): make sure that we run with get_fs() == USER_DS Paul Gortmaker
2011-04-14 17:42 ` [34-longterm 091/209] uml: disable winch irq before freeing handler data Paul Gortmaker
2011-04-14 17:42 ` [34-longterm 092/209] backlight: grab ops_lock before testing bd->ops Paul Gortmaker
2011-04-14 17:42 ` [34-longterm 093/209] nommu: yield CPU while disposing VM Paul Gortmaker
2011-04-14 17:42 ` [34-longterm 094/209] DECnet: don't leak uninitialized stack byte Paul Gortmaker
2011-04-14 17:42 ` [34-longterm 095/209] perf_events: Fix perf_counter_mmap() hook in mprotect() Paul Gortmaker
2011-04-14 17:42 ` [34-longterm 096/209] ARM: 6489/1: thumb2: fix incorrect optimisation in usracc Paul Gortmaker
2011-04-14 17:42 ` [34-longterm 097/209] ARM: 6482/2: Fix find_next_zero_bit and related assembly Paul Gortmaker
2011-04-14 17:42 ` [34-longterm 098/209] Staging: frontier: fix up some sysfs attribute permissions Paul Gortmaker
2011-04-14 17:42 ` [34-longterm 099/209] Staging: frontier: fix up my fixup for " Paul Gortmaker
2011-04-14 17:42 ` [34-longterm 100/209] staging: rtl8187se: Change panic to warn when RF switch turned off Paul Gortmaker
2011-04-14 17:42 ` [34-longterm 101/209] net sched: fix kernel leak in act_police Paul Gortmaker
2011-04-14 17:42 ` [34-longterm 102/209] HID: hidraw, fix a NULL pointer dereference in hidraw_ioctl Paul Gortmaker
2011-04-14 17:42 ` [34-longterm 103/209] HID: hidraw, fix a NULL pointer dereference in hidraw_write Paul Gortmaker
2011-04-14 17:42 ` [34-longterm 104/209] gianfar: Fix crashes on RX path (Was Re: [Bugme-new] [Bug 19692] New: linux-2.6.36-rc5 crash with gianfar ethernet at full line rate traffic) Paul Gortmaker
2011-04-14 17:42 ` [34-longterm 105/209] net: avoid limits overflow Paul Gortmaker
2011-04-14 17:42 ` [34-longterm 106/209] sysctl: min/max bounds are optional Paul Gortmaker
2011-04-14 17:42 ` [34-longterm 107/209] sysctl: fix min/max handling in __do_proc_doulongvec_minmax() Paul Gortmaker
2011-04-14 17:42 ` [34-longterm 108/209] sparc64: Fix race in signal instruction flushing Paul Gortmaker
2011-04-14 17:42 ` [34-longterm 109/209] sparc: Don't mask signal when we can't setup signal frame Paul Gortmaker
2011-04-14 17:42 ` [34-longterm 110/209] sparc: Prevent no-handler signal syscall restart recursion Paul Gortmaker
2011-04-14 17:42 ` [34-longterm 111/209] x86, UV: Delete unneeded boot messages Paul Gortmaker
2011-04-14 17:42 ` [34-longterm 112/209] x86, UV: Fix initialization of max_pnode Paul Gortmaker
2011-04-14 17:42 ` [34-longterm 113/209] efifb: support the EFI framebuffer on more Apple hardware Paul Gortmaker
2011-04-14 17:54 ` [34-longterm 114/209] Input: i8042 - add Sony VAIO VPCZ122GX to nomux list Paul Gortmaker
2011-04-14 17:54 ` [34-longterm 115/209] memory corruption in X.25 facilities parsing Paul Gortmaker
2011-04-14 17:54 ` [34-longterm 116/209] can-bcm: fix minor heap overflow Paul Gortmaker
2011-04-14 17:54 ` [34-longterm 117/209] V4L/DVB: ivtvfb: prevent reading uninitialized stack memory Paul Gortmaker
2011-04-14 17:54 ` [34-longterm 118/209] x25: Prevent crashing when parsing bad X.25 facilities Paul Gortmaker
2011-04-14 17:54 ` [34-longterm 119/209] crypto: padlock - Fix AES-CBC handling on odd-block-sized input Paul Gortmaker
2011-04-14 17:54 ` [34-longterm 120/209] x86-32: Separate 1:1 pagetables from swapper_pg_dir Paul Gortmaker
2011-04-14 17:54 ` [34-longterm 121/209] x86, mm: Fix CONFIG_VMSPLIT_1G and 2G_OPT trampoline Paul Gortmaker
2011-04-14 17:54 ` [34-longterm 122/209] x86-32: Fix dummy trampoline-related inline stubs Paul Gortmaker
2011-04-14 17:54 ` [34-longterm 123/209] econet: disallow NULL remote addr for sendmsg(), fixes CVE-2010-3849 Paul Gortmaker
2011-04-14 17:54 ` [34-longterm 124/209] econet: fix CVE-2010-3850 Paul Gortmaker
2011-04-14 17:54 ` [34-longterm 125/209] rds: Integer overflow in RDS cmsg handling Paul Gortmaker
2011-04-14 17:54 ` [34-longterm 126/209] net: Truncate recvfrom and sendto length to INT_MAX Paul Gortmaker
2011-04-14 17:54 ` [34-longterm 127/209] net: Limit socket I/O iovec total " Paul Gortmaker
2011-04-14 17:54 ` [34-longterm 128/209] nmi: fix clock comparator revalidation Paul Gortmaker
2011-04-14 17:54 ` [34-longterm 129/209] act_nat: use stack variable Paul Gortmaker
2011-04-14 17:54 ` [34-longterm 130/209] net sched: fix some kernel memory leaks Paul Gortmaker
2011-04-14 17:54 ` [34-longterm 131/209] Fix pktcdvd ioctl dev_minor range check Paul Gortmaker
2011-04-14 17:54 ` [34-longterm 132/209] TTY: don't allow reopen when ldisc is changing Paul Gortmaker
2011-04-14 17:54 ` Paul Gortmaker [this message]
2011-04-14 17:54 ` [34-longterm 134/209] ACPI: debugfs custom_method open to non-root Paul Gortmaker
2011-04-14 17:54 ` [34-longterm 135/209] filter: make sure filters dont read uninitialized memory Paul Gortmaker
2011-04-14 17:54 ` [34-longterm 136/209] exec: make argv/envp memory visible to oom-killer Paul Gortmaker
2011-04-14 18:19 ` Oleg Nesterov
2011-04-14 19:28 ` Paul Gortmaker
2011-04-14 17:54 ` [34-longterm 137/209] tcp: Don't change unlocked socket state in tcp_v4_err() Paul Gortmaker
2011-04-14 17:54 ` [34-longterm 138/209] tcp: Increase TCP_MAXSEG socket option minimum Paul Gortmaker
2011-04-14 17:54 ` [34-longterm 139/209] tcp: Make TCP_MAXSEG minimum more correct Paul Gortmaker
2011-04-14 17:54 ` [34-longterm 140/209] tcp: Bug fix in initialization of receive window Paul Gortmaker
2011-04-14 17:54 ` [34-longterm 141/209] tcp: avoid a possible divide by zero Paul Gortmaker
2011-04-14 17:55 ` [34-longterm 142/209] af_unix: limit unix_tot_inflight Paul Gortmaker
2011-04-14 17:55 ` [34-longterm 143/209] af_unix: limit recursion level Paul Gortmaker
2011-04-14 17:55 ` [34-longterm 144/209] net: packet: fix information leak to userland Paul Gortmaker
2011-04-14 17:55 ` [34-longterm 145/209] driver/net/benet: fix be_cmd_multicast_set() memcpy bug Paul Gortmaker
2011-04-14 17:55 ` [34-longterm 146/209] bonding: Fix slave selection bug Paul Gortmaker
2011-04-14 17:55 ` [34-longterm 147/209] filter: fix sk_filter rcu handling Paul Gortmaker
2011-04-14 17:55 ` [34-longterm 148/209] econet: Do the correct cleanup after an unprivileged SIOCSIFADDR Paul Gortmaker
2011-04-14 17:55 ` [34-longterm 149/209] econet: Fix crash in aun_incoming() Paul Gortmaker
2011-04-14 17:55 ` [34-longterm 150/209] ifb: goto resched directly if error happens and dp->tq isn't empty Paul Gortmaker
2011-04-14 17:55 ` [34-longterm 151/209] x25: decrement netdev reference counts on unload Paul Gortmaker
2011-04-14 17:55 ` [34-longterm 152/209] x86, mwait: Move mwait constants to a common header file Paul Gortmaker
2011-04-14 17:55 ` [34-longterm 153/209] x86, hotplug: Use mwait to offline a processor, fix the legacy case Paul Gortmaker
2011-04-14 17:55 ` [34-longterm 154/209] x86, hotplug: Move WBINVD back outside the play_dead loop Paul Gortmaker
2011-04-14 17:55 ` [34-longterm 155/209] x86, hotplug: In the MWAIT case of play_dead, CLFLUSH the cache line Paul Gortmaker
2011-04-14 17:55 ` [34-longterm 156/209] fuse: verify ioctl retries Paul Gortmaker
2011-04-14 17:55 ` [34-longterm 157/209] fuse: fix ioctl when server is 32bit Paul Gortmaker
2011-04-14 17:55 ` [34-longterm 158/209] ALSA: hda: Use model=lg quirk for LG P1 Express to enable playback and capture Paul Gortmaker
2011-04-14 17:55 ` [34-longterm 159/209] drm/kms: remove spaces from connector names (v2) Paul Gortmaker
2011-04-14 17:55 ` [34-longterm 160/209] nohz: Fix printk_needs_cpu() return value on offline cpus Paul Gortmaker
2011-04-14 17:55 ` [34-longterm 161/209] nohz: Fix get_next_timer_interrupt() vs cpu hotplug Paul Gortmaker
2011-04-14 17:55 ` [34-longterm 162/209] NFS: Fix panic after nfs_umount() Paul Gortmaker
2011-04-14 17:55 ` [34-longterm 163/209] nfsd: Fix possible BUG_ON firing in set_change_info Paul Gortmaker
2011-04-14 17:55 ` [34-longterm 164/209] NFS: Fix fcntl F_GETLK not reporting some conflicts Paul Gortmaker
2011-04-14 17:55 ` [34-longterm 165/209] sunrpc: prevent use-after-free on clearing XPT_BUSY Paul Gortmaker
2011-04-14 17:55 ` [34-longterm 166/209] hwmon: (adm1026) Allow 1 as a valid divider value Paul Gortmaker
2011-04-14 17:55 ` [34-longterm 167/209] hwmon: (adm1026) Fix setting fan_div Paul Gortmaker
2011-04-14 17:55 ` [34-longterm 168/209] amd64_edac: Fix interleaving check Paul Gortmaker
2011-04-14 17:55 ` [34-longterm 169/209] IB/uverbs: Handle large number of entries in poll CQ Paul Gortmaker
2011-04-14 17:55 ` [34-longterm 170/209] PM / Hibernate: Fix PM_POST_* notification with user-space suspend Paul Gortmaker
2011-04-14 17:55 ` [34-longterm 171/209] Subject: [PATCH] ACPICA: Fix Scope() op in module level code Paul Gortmaker
2011-04-14 17:55 ` [34-longterm 172/209] ACPI: EC: Add another dmi match entry for MSI hardware Paul Gortmaker
2011-04-14 17:55 ` [34-longterm 173/209] orinoco: fix TKIP countermeasure behaviour Paul Gortmaker
2011-04-14 17:55 ` [34-longterm 174/209] orinoco: clear countermeasure setting on commit Paul Gortmaker
2011-04-14 17:55 ` [34-longterm 175/209] md: fix bug with re-adding of partially recovered device Paul Gortmaker
2011-04-14 17:55 ` [34-longterm 176/209] tracing: Fix panic when lseek() called on "trace" opened for writing Paul Gortmaker
2011-04-14 17:55 ` [34-longterm 177/209] x86, gcc-4.6: Use gcc -m options when building vdso Paul Gortmaker
2011-04-14 17:55 ` [34-longterm 178/209] x86: Enable the intr-remap fault handling after local APIC setup Paul Gortmaker
2011-04-14 17:55 ` [34-longterm 179/209] x86, vt-d: Handle previous faults after enabling fault handling Paul Gortmaker
2011-04-14 17:55 ` [34-longterm 180/209] x86, vt-d: Fix the vt-d fault handling irq migration in the x2apic mode Paul Gortmaker
2011-04-14 17:55 ` [34-longterm 181/209] x86, vt-d: Quirk for masking vtd spec errors to platform error handling logic Paul Gortmaker
2011-04-14 17:55 ` [34-longterm 182/209] HID: hidraw: fix window in hidraw_release Paul Gortmaker
2011-04-14 17:55 ` [34-longterm 183/209] bfa: fix system crash when reading sysfs fc_host statistics Paul Gortmaker
2011-04-14 17:55 ` [34-longterm 184/209] install_special_mapping skips security_file_mmap check Paul Gortmaker
2011-04-14 17:55 ` [34-longterm 185/209] USB: misc: uss720.c: add another vendor/product ID Paul Gortmaker
2011-04-14 17:55 ` [34-longterm 186/209] USB: ftdi_sio: Add D.O.Tec PID Paul Gortmaker
2011-04-14 17:55 ` [34-longterm 187/209] USB: usb-storage: unusual_devs entry for the Samsung YP-CP3 Paul Gortmaker
2011-04-14 17:55 ` [34-longterm 188/209] p54usb: add 5 more USBIDs Paul Gortmaker
2011-04-14 17:55 ` [34-longterm 189/209] p54usb: New USB ID for Gemtek WUBI-100GW Paul Gortmaker
2011-04-14 17:55 ` [34-longterm 190/209] sound: Prevent buffer overflow in OSS load_mixer_volumes Paul Gortmaker
2011-04-14 17:55 ` [34-longterm 191/209] mv_xor: fix race in tasklet function Paul Gortmaker
2011-04-14 17:55 ` [34-longterm 192/209] ima: fix add LSM rule bug Paul Gortmaker
2011-04-14 17:55 ` [34-longterm 193/209] ALSA: hda: Use LPIB quirk for Dell Inspiron m101z/1120 Paul Gortmaker
2011-04-14 17:55 ` [34-longterm 194/209] block: Deprecate QUEUE_FLAG_CLUSTER and use queue_limits instead Paul Gortmaker
2011-04-14 17:55 ` [34-longterm 195/209] posix-cpu-timers: workaround to suppress the problems with mt exec Paul Gortmaker
2011-04-14 17:55 ` [34-longterm 196/209] md: fix regression with re-adding devices to arrays with no metadata Paul Gortmaker
2011-04-14 17:55 ` [34-longterm 197/209] av7110: check for negative array offset Paul Gortmaker
2011-04-14 17:55 ` [34-longterm 198/209] x25: Do not reference freed memory Paul Gortmaker
2011-04-14 17:55 ` [34-longterm 199/209] drm: fix unsigned vs signed comparison issue in modeset ctl ioctl Paul Gortmaker
2011-04-14 17:55 ` [34-longterm 200/209] net: don't allow CAP_NET_ADMIN to load non-netdev kernel modules Paul Gortmaker
2011-04-14 17:55 ` [34-longterm 201/209] ip6ip6: autoload ip6 tunnel Paul Gortmaker
2011-04-14 17:56 ` [34-longterm 202/209] hwmon: (w83627ehf) Fix max_output and step_output readings Paul Gortmaker
2011-04-14 17:56 ` [34-longterm 203/209] sunrpc/cache: fix module refcnt leak in a failure path Paul Gortmaker
2011-04-14 17:56 ` [34-longterm 204/209] sctp: Fix out-of-bounds reading in sctp_asoc_get_hmac() Paul Gortmaker
2011-04-14 17:56 ` [34-longterm 205/209] block: check for proper length of iov entries earlier in blk_rq_map_user_iov() Paul Gortmaker
2011-04-14 17:56 ` [34-longterm 206/209] ALSA: caiaq - Fix possible string-buffer overflow Paul Gortmaker
2011-04-14 17:56 ` [34-longterm 207/209] Prevent rt_sigqueueinfo and rt_tgsigqueueinfo from spoofing the signal code Paul Gortmaker
2011-04-14 17:56 ` [34-longterm 208/209] Relax si_code check in rt_sigqueueinfo and rt_tgsigqueueinfo Paul Gortmaker
2011-04-14 17:56 ` [34-longterm 209/209] niu: Fix kernel buffer overflow for ETHTOOL_GRXCLSRLALL Paul Gortmaker
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1302803767-9715-20-git-send-email-paul.gortmaker@windriver.com \
--to=paul.gortmaker@windriver.com \
--cc=davem@davemloft.net \
--cc=linux-kernel@vger.kernel.org \
--cc=philb@gnu.org \
--cc=stable-review@kernel.org \
--cc=stable@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).