AcoSail/kernel_optimize_test
8
0
Fork 0
forked from luck/tmp_suning_uos_patched
Code Pull Requests Activity
26498e89e8
kernel_optimize_test/fs
History
Timo Warns 3eb8e74ec7 fs/partitions/efi.c: corrupted GUID partition tables can cause kernel oops 
The kernel automatically evaluates partition tables of storage devices.
The code for evaluating GUID partitions (in fs/partitions/efi.c) contains
a bug that causes a kernel oops on certain corrupted GUID partition
tables.

This bug has security impacts, because it allows, for example, to
prepare a storage device that crashes a kernel subsystem upon connecting
the device (e.g., a "USB Stick of (Partial) Death").

	crc = efi_crc32((const unsigned char *) (*gpt), le32_to_cpu((*gpt)->header_size));

computes a CRC32 checksum over gpt covering (*gpt)->header_size bytes.
There is no validation of (*gpt)->header_size before the efi_crc32 call.

A corrupted partition table may have large values for (*gpt)->header_size.
 In this case, the CRC32 computation access memory beyond the memory
allocated for gpt, which may cause a kernel heap overflow.

Validate value of GUID partition table header size.

[akpm@linux-foundation.org: fix layout and indenting]
Signed-off-by: Timo Warns <warns@pre-sense.de>
Cc: Matt Domsch <Matt_Domsch@dell.com>
Cc: Eugene Teo <eugeneteo@kernel.sg>
Cc: Dave Jones <davej@codemonkey.org.uk>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2011-05-26 17:12:37 -07:00
..
9p Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6 2011-05-26 09:52:14 -07:00
adfs
affs vfs: push dentry_unhash on rename_dir into file systems 2011-05-26 07:26:48 -04:00
afs vfs: push dentry_unhash on rename_dir into file systems 2011-05-26 07:26:48 -04:00
autofs4 vfs: push dentry_unhash on rmdir into file systems 2011-05-26 07:26:47 -04:00
befs
bfs vfs: push dentry_unhash on rename_dir into file systems 2011-05-26 07:26:48 -04:00
btrfs Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/djm/tmem 2011-05-26 10:50:56 -07:00
cachefiles
ceph ceph: remove unnecessary dentry_unhash calls 2011-05-26 07:26:53 -04:00
cifs cifs: remove unnecessary dentry_unhash on rmdir/rename_dir 2011-05-26 07:26:59 -04:00
coda vfs: push dentry_unhash on rename_dir into file systems 2011-05-26 07:26:48 -04:00
configfs Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6 2011-05-26 09:52:14 -07:00
cramfs
debugfs debugfs: move to new strtobool 2011-05-19 16:55:28 +09:30
devpts
dlm Merge branch 'trivial' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild-2.6 2011-05-26 13:19:00 -07:00
ecryptfs vfs: push dentry_unhash on rename_dir into file systems 2011-05-26 07:26:48 -04:00
efs
exofs exofs: remove unnecessary dentry_unhash on rmdir/rename_dir 2011-05-26 07:26:57 -04:00
exportfs
ext2 ext2: remove unnecessary dentry_unhash on rmdir/rename_dir 2011-05-26 07:26:56 -04:00
ext3 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/djm/tmem 2011-05-26 10:50:56 -07:00
ext4 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/djm/tmem 2011-05-26 10:50:56 -07:00
fat Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6 2011-05-26 09:52:14 -07:00
freevxfs
fscache fscache: remove dead code under CONFIG_WORKQUEUE_DEBUGFS 2011-05-25 08:39:44 -07:00
fuse Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6 2011-05-26 09:52:14 -07:00
gfs2 Merge branch 'trivial' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild-2.6 2011-05-26 13:19:00 -07:00
hfs vfs: push dentry_unhash on rename_dir into file systems 2011-05-26 07:26:48 -04:00
hfsplus vfs: push dentry_unhash on rename_dir into file systems 2011-05-26 07:26:48 -04:00
hostfs vfs: push dentry_unhash on rename_dir into file systems 2011-05-26 07:26:48 -04:00
hpfs Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6 2011-05-26 09:52:14 -07:00
hppfs
hugetlbfs mm: don't access vm_flags as 'int' 2011-05-26 09:20:31 -07:00
isofs
jbd jbd: Fix comment to match the code in journal_start() 2011-05-24 00:27:53 +02:00
jbd2 Merge branch 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4 2011-05-26 09:53:20 -07:00
jffs2 vfs: push dentry_unhash on rename_dir into file systems 2011-05-26 07:26:48 -04:00
jfs vfs: push dentry_unhash on rename_dir into file systems 2011-05-26 07:26:48 -04:00
lockd
logfs Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6 2011-05-26 09:52:14 -07:00
minix vfs: push dentry_unhash on rename_dir into file systems 2011-05-26 07:26:48 -04:00
ncpfs memcg: add the pagefault count into memcg stats 2011-05-26 17:12:36 -07:00
nfs nfs: remove unnecessary dentry_unhash on rmdir/rename_dir 2011-05-26 07:26:57 -04:00
nfs_common
nfsd
nilfs2 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6 2011-05-26 09:52:14 -07:00
nls
notify
ntfs
ocfs2 Merge branch 'linux-next' of git://git.kernel.org/pub/scm/linux/kernel/git/jlbec/ocfs2 2011-05-26 10:55:15 -07:00
omfs vfs: push dentry_unhash on rename_dir into file systems 2011-05-26 07:26:48 -04:00
openpromfs
partitions fs/partitions/efi.c: corrupted GUID partition tables can cause kernel oops 2011-05-26 17:12:37 -07:00
proc fs/proc/vmcore.c: add hook to read_from_oldmem() to check for non-ram pages 2011-05-26 17:12:37 -07:00
pstore
qnx4
quota vmscan: change shrinker API by passing shrink_control struct 2011-05-25 08:39:26 -07:00
ramfs
reiserfs vfs: push dentry_unhash on rename_dir into file systems 2011-05-26 07:26:48 -04:00
romfs
squashfs
sysfs
sysv vfs: push dentry_unhash on rename_dir into file systems 2011-05-26 07:26:48 -04:00
ubifs Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6 2011-05-26 09:52:14 -07:00
udf vfs: push dentry_unhash on rename_dir into file systems 2011-05-26 07:26:48 -04:00
ufs ufs: fix truncated values handling 64 bit metadata 2011-05-26 17:12:33 -07:00
xfs Merge branch 'for-linus' of git://oss.sgi.com/xfs/xfs 2011-05-26 10:49:11 -07:00
aio.c
anon_inodes.c
attr.c
bad_inode.c
binfmt_aout.c
binfmt_elf_fdpic.c
binfmt_elf.c
binfmt_em86.c
binfmt_flat.c
binfmt_misc.c
binfmt_script.c
binfmt_som.c
bio-integrity.c
bio.c
block_dev.c block: move bd_set_size() above rescan_partitions() in __blkdev_get() 2011-05-23 08:50:48 -07:00
buffer.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/djm/tmem 2011-05-26 10:50:56 -07:00
char_dev.c
compat_binfmt_elf.c
compat_ioctl.c
compat.c
dcache.c vmscan: change shrinker API by passing shrink_control struct 2011-05-25 08:39:26 -07:00
dcookies.c
direct-io.c
drop_caches.c vmscan: change shrinker API by passing shrink_control struct 2011-05-25 08:39:26 -07:00
eventfd.c
eventpoll.c
exec.c coredump: add support for exe_file in core name 2011-05-26 17:12:36 -07:00
fcntl.c
fhandle.c
fifo.c
file_table.c
file.c
filesystems.c
fs_struct.c
fs-writeback.c
generic_acl.c
inode.c vmscan: change shrinker API by passing shrink_control struct 2011-05-25 08:39:26 -07:00
internal.h
ioctl.c
ioprio.c
Kconfig Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6 2011-05-26 09:52:14 -07:00
Kconfig.binfmt
libfs.c libfs: drop unneeded dentry_unhash 2011-05-26 07:26:50 -04:00
locks.c
Makefile
mbcache.c vmscan: change shrinker API by passing shrink_control struct 2011-05-25 08:39:26 -07:00
mpage.c mm/fs: add hooks to support cleancache 2011-05-26 10:01:43 -06:00
namei.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6 2011-05-26 09:52:14 -07:00
namespace.c fs/namespace.c: bound mount propagation fix 2011-05-26 07:26:44 -04:00
nfsctl.c
no-block.c
open.c
pipe.c
pnode.c
pnode.h
posix_acl.c
read_write.c
read_write.h
readdir.c
select.c
seq_file.c
signalfd.c
splice.c splice: add wakeup_pipe_readers() 2011-05-23 19:58:53 +02:00
stack.c
stat.c
statfs.c
super.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/djm/tmem 2011-05-26 10:50:56 -07:00
sync.c
timerfd.c timerfd: Manage cancelable timers in timerfd 2011-05-23 13:59:53 +02:00
utimes.c
xattr_acl.c
xattr.c