1. 15 9月, 2010 2 次提交
    • L
      Merge branch 'bugfixes' of git://git.linux-nfs.org/projects/trondmy/nfs-2.6 · de8d4f5d
      Linus Torvalds 提交于
      * 'bugfixes' of git://git.linux-nfs.org/projects/trondmy/nfs-2.6:
        SUNRPC: Fix the NFSv4 and RPCSEC_GSS Kconfig dependencies
        statfs() gives ESTALE error
        NFS: Fix a typo in nfs_sockaddr_match_ipaddr6
        sunrpc: increase MAX_HASHTABLE_BITS to 14
        gss:spkm3 miss returning error to caller when import security context
        gss:krb5 miss returning error to caller when import security context
        Remove incorrect do_vfs_lock message
        SUNRPC: cleanup state-machine ordering
        SUNRPC: Fix a race in rpc_info_open
        SUNRPC: Fix race corrupting rpc upcall
        Fix null dereference in call_allocate
      de8d4f5d
    • J
      aio: check for multiplication overflow in do_io_submit · 75e1c70f
      Jeff Moyer 提交于
      Tavis Ormandy pointed out that do_io_submit does not do proper bounds
      checking on the passed-in iocb array:
      
             if (unlikely(nr < 0))
                     return -EINVAL;
      
             if (unlikely(!access_ok(VERIFY_READ, iocbpp, (nr*sizeof(iocbpp)))))
                     return -EFAULT;                      ^^^^^^^^^^^^^^^^^^
      
      The attached patch checks for overflow, and if it is detected, the
      number of iocbs submitted is scaled down to a number that will fit in
      the long.  This is an ok thing to do, as sys_io_submit is documented as
      returning the number of iocbs submitted, so callers should handle a
      return value of less than the 'nr' argument passed in.
      Reported-by: NTavis Ormandy <taviso@cmpxchg8b.com>
      Signed-off-by: NJeff Moyer <jmoyer@redhat.com>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      75e1c70f
  2. 14 9月, 2010 9 次提交
  3. 13 9月, 2010 17 次提交
  4. 12 9月, 2010 6 次提交
  5. 11 9月, 2010 6 次提交