raspi/linux
1
0
Fork 1
mirror of https://github.com/raspberrypi/linux.git synced 2025-12-06 18:09:56 +00:00
Code Issues Projects Releases Wiki Activity
Files
c4097c64d03afaf1212a76729b6758f662e901b1
linux/drivers/scsi
History
Jann Horn 6e51bfa950 scsi: sg: mitigate read/write abuse 
commit 26b5b874af upstream.

As Al Viro noted in commit 128394eff3 ("sg_write()/bsg_write() is not fit
to be called under KERNEL_DS"), sg improperly accesses userspace memory
outside the provided buffer, permitting kernel memory corruption via
splice().  But it doesn't just do it on ->write(), also on ->read().

As a band-aid, make sure that the ->read() and ->write() handlers can not
be called in weird contexts (kernel context or credentials different from
file opener), like for ib_safe_file_access().

If someone needs to use these interfaces from different security contexts,
a new interface should be written that goes through the ->ioctl() handler.

I've mostly copypasted ib_safe_file_access() over as sg_safe_file_access()
because I couldn't find a good common header - please tell me if you know a
better way.

[mkp: s/_safe_/_check_/]

Fixes: 1da177e4c3 ("Linux-2.6.12-rc2")
Cc: <stable@vger.kernel.org>
Signed-off-by: Jann Horn <jannh@google.com>
Acked-by: Douglas Gilbert <dgilbert@interlog.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2018-07-11 16:29:14 +02:00
..
aacraid
scsi: aacraid: Insure command thread is not recursively stopped
2018-05-25 16:17:50 +02:00
aic7xxx
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
aic94xx
scsi: libsas: move bus_reset_handler() to target_reset_handler()
2017-08-25 17:21:10 -04:00
arcmsr
arcmsr: add const to bin_attribute structures
2017-08-10 19:40:50 -04:00
arm
scsi: fas216: fix sense buffer initialization
2018-04-26 11:02:10 +02:00
be2iscsi
scsi: be2iscsi: Replace PCI pool old API
2017-08-07 14:04:01 -04:00
bfa
scsi: bfa: fix type conversion warning
2018-02-25 11:08:01 +01:00
bnx2fc
scsi: bnx2fc: Fix check in SCSI completion handler for timed out request
2018-05-25 16:17:46 +02:00
bnx2i
scsi: bnx2i: Simplify cpu hotplug code
2017-07-26 21:51:25 -04:00
csiostor
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
cxgbi
scsi: cxgb4i: fix Tx skb leak
2017-12-25 14:26:25 +01:00
cxlflash
scsi: cxlflash: Reset command ioasc
2018-02-16 20:23:12 +01:00
device_handler
scsi: scsi_dh_alua: remove synchronous STPG support
2017-06-26 12:44:35 -04:00
dpt
sched/wait: Rename wait_queue_t => wait_queue_entry_t
2017-06-20 12:18:27 +02:00
esas2r
scsi: esas2r: constify pci_device_id.
2017-08-24 22:28:52 -04:00
fcoe
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
fnic
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
hisi_sas
scsi: hisi_sas: fix the risk of freeing slot twice
2017-12-20 10:10:32 +01:00
ibmvscsi
scsi: ibmvfc: fix misdefined reserved field in ibmvfc_fcp_rsp_info
2018-02-28 10:19:38 +01:00
ibmvscsi_tgt
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
isci
scsi: isci: Fix infinite loop in while loop
2018-06-21 04:02:46 +09:00
libfc
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
libsas
scsi: libsas: defer ata device eh commands to libata
2018-05-25 16:17:34 +02:00
lpfc
scsi: lpfc: Fix frequency of Release WQE CQEs
2018-05-25 16:17:51 +02:00
megaraid
scsi: megaraid_sas: Do not log an error if FW successfully initializes.
2018-06-21 04:02:43 +09:00
mpt3sas
scsi: mpt3sas: Do not mark fw_event workqueue as WQ_MEM_RECLAIM
2018-05-25 16:17:49 +02:00
mvsas
scsi: mvsas: fix wrong endianness of sgpio api
2018-05-25 16:17:50 +02:00
osd
block: fix blk_rq_append_bio
2018-01-02 20:31:05 +01:00
pcmcia
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
pm8001
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
qedf
Merge branch 'fixes' into misc
2017-09-07 12:12:43 -07:00
qedi
scsi: qedi: Fix kernel crash during port toggle
2018-05-25 16:17:49 +02:00
qla2xxx
scsi: qla2xxx: Mask off Scope bits in retry delay
2018-07-03 11:24:57 +02:00
qla4xxx
scsi: qla4xxx: skip error recovery in case of register disconnect.
2018-05-25 16:17:48 +02:00
smartpqi
scsi: smartpqi: allow static build ("built-in")
2018-02-22 15:42:14 +01:00
snic
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
sym53c8xx_2
scsi: sym53c8xx_2: iterator underflow in sym_getsync()
2018-05-25 16:17:47 +02:00
ufs
scsi: ufs: Enable quirk to ignore sending WRITE_SAME command
2018-05-25 16:17:46 +02:00
.gitignore
3w-9xxx.c
Replace <asm/uaccess.h> with <linux/uaccess.h> globally
2016-12-24 11:46:01 -08:00
3w-9xxx.h
scsi: Update 3ware driver email addresses
2016-12-14 15:25:12 -05:00
3w-sas.c
Replace <asm/uaccess.h> with <linux/uaccess.h> globally
2016-12-24 11:46:01 -08:00
3w-sas.h
scsi: Update 3ware driver email addresses
2016-12-14 15:25:12 -05:00
3w-xxxx.c
Replace <asm/uaccess.h> with <linux/uaccess.h> globally
2016-12-24 11:46:01 -08:00
3w-xxxx.h
scsi: Update 3ware driver email addresses
2016-12-14 15:25:12 -05:00
53c700_d.h_shipped
53c700.c
scsi: 53c700: move bus reset to host reset
2017-08-25 17:21:11 -04:00
53c700.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
53c700.scr
a100u2w.c
a100u2w.h
a2091.c
scsi: drop bus reset for wd33c93-compatible boards
2017-08-25 17:21:10 -04:00
a2091.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
a3000.c
scsi: drop bus reset for wd33c93-compatible boards
2017-08-25 17:21:10 -04:00
a3000.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
a4000t.c
advansys.c
scsi: advansys: fix uninitialized data access
2017-04-04 19:39:39 -04:00
aha152x.c
scsi: aha152x: drop host reset
2017-08-25 17:21:11 -04:00
aha152x.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
aha1542.c
scsi: aha1542: constify pnp_device_id
2017-08-24 22:29:07 -04:00
aha1542.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
aha1740.c
aha1740.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
am53c974.c
atari_scsi.c
scsi: NCR5380: Move bus reset to host reset
2017-08-25 17:21:11 -04:00
atp870u.c
atp870u.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
BusLogic.c
scsi: BusLogic: fix incorrect spelling of adatper_reset_req
2017-04-21 10:31:33 -04:00
BusLogic.h
scsi: BusLogic: fix incorrect spelling of adatper_reset_req
2017-04-21 10:31:33 -04:00
bvme6000_scsi.c
ch.c
scsi: ch: add refcounting
2017-08-24 22:29:06 -04:00
constants.c
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
dc395x.c
dc395x.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
dmx3191d.c
scsi: NCR5380: Move bus reset to host reset
2017-08-25 17:21:11 -04:00
dpt_i2o.c
scsi: dpt_i2o: remove redundant null check on array device
2017-08-10 19:55:35 -04:00
dpti.h
eata_generic.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
eata_pio.c
eata_pio.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
eata.c
scsi: eata: remove 'arg_done' from eata2x_eh_host_reset()
2017-08-25 17:21:12 -04:00
esp_scsi.c
scsi: esp_scsi: Always clear msg_out_len after MESSAGE OUT phase
2017-08-10 19:55:35 -04:00
esp_scsi.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
fdomain.c
scsi: fdomain: move bus reset to host reset
2017-08-25 17:21:10 -04:00
fdomain.h
scsi: fdomain: move bus reset to host reset
2017-08-25 17:21:10 -04:00
FlashPoint.c
g_NCR5380.c
scsi: NCR5380: Move bus reset to host reset
2017-08-25 17:21:11 -04:00
gdth_ioctl.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
gdth_proc.c
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
gdth_proc.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
gdth.c
scsi: gdth: avoid buffer overflow warning
2017-08-07 14:04:01 -04:00
gdth.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
gvp11.c
scsi: drop bus reset for wd33c93-compatible boards
2017-08-25 17:21:10 -04:00
gvp11.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
hosts.c
scsi: core: Avoid that ATA error handling can trigger a kernel hang or oops
2018-03-15 10:54:29 +01:00
hpsa_cmd.h
scsi: hpsa: update identify physical device structure
2017-06-12 20:48:00 -04:00
hpsa.c
scsi: hpsa: disable device during shutdown
2018-07-03 11:24:57 +02:00
hpsa.h
scsi: hpsa: add support for legacy boards
2017-08-24 22:28:55 -04:00
hptiop.c
scsi: hptiop: Simplify reset handling
2017-08-25 17:21:10 -04:00
hptiop.h
imm.c
scsi: imm: drop duplicate bus_reset handler
2017-08-25 17:21:11 -04:00
imm.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
initio.c
initio.h
ipr.c
scsi: ipr: Set no_report_opcodes for RAID arrays
2017-08-22 22:23:36 -04:00
ipr.h
scsi: ipr: Fix scsi-mq lockdep issue
2017-08-08 11:49:51 -04:00
ips.c
sched/wait: Rename wait_queue_t => wait_queue_entry_t
2017-06-20 12:18:27 +02:00
ips.h
sched/wait: Rename wait_queue_t => wait_queue_entry_t
2017-06-20 12:18:27 +02:00
iscsi_boot_sysfs.c
iscsi_tcp.c
scsi: iscsi_tcp: set BDI_CAP_STABLE_WRITES when data digest enabled
2018-05-25 16:17:49 +02:00
iscsi_tcp.h
jazz_esp.c
Kconfig
Merge tag 'scsi-misc' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi
2017-09-13 10:47:14 -07:00
lasi700.c
parisc/scsi/lasi700: Fix section mismatches
2017-08-22 16:34:36 +02:00
libiscsi_tcp.c
libiscsi.c
scsi: libiscsi: Allow sd_shutdown on bad transport
2018-04-12 12:32:14 +02:00
mac53c94.c
scsi: Convert to using %pOF instead of full_name
2017-08-07 14:04:02 -04:00
mac53c94.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
mac_esp.c
scsi: mac_esp: Fix PIO transfers for MESSAGE IN phase
2017-08-10 19:55:34 -04:00
mac_scsi.c
scsi: NCR5380: Move bus reset to host reset
2017-08-25 17:21:11 -04:00
Makefile
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
megaraid.c
scsi: megaraid: fix format-overflow warning
2017-08-07 14:04:01 -04:00
megaraid.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
mesh.c
mesh.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
mvme16x_scsi.c
mvme147.c
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
mvme147.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
mvumi.c
scsi: mvumi: remove code handling zero scsi_sg_count(scmd) case
2017-04-24 18:16:49 -04:00
mvumi.h
ncr53c8xx.c
ncr53c8xx.h
NCR53c406a.c
NCR5380.c
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
NCR5380.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
NCR_D700.c
NCR_D700.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
NCR_Q720.c
dma-coherent: remove the DMA_MEMORY_MAP and DMA_MEMORY_IO flags
2017-09-01 11:59:17 +02:00
NCR_Q720.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
nsp32_debug.c
nsp32_io.h
nsp32.c
scsi: nsp32: drop bus reset
2017-08-25 17:21:11 -04:00
nsp32.h
osst_detect.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
osst_options.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
osst.c
scsi: osst: silence underflow warning in osst_verify_frame()
2017-08-24 22:29:01 -04:00
osst.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
pmcraid.c
scsi: pmcraid: fix duplicated code for different branches
2017-08-24 22:29:05 -04:00
pmcraid.h
scsi: pmcraid: Replace PCI pool old API
2017-08-07 14:04:01 -04:00
ppa.c
scsi: ppa: drop duplicate bus_reset handler
2017-08-25 17:21:11 -04:00
ppa.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
ps3rom.c
qla1280.c
ia64, scsi: update references for the device-io book
2017-05-16 08:44:21 -03:00
qla1280.h
qlogicfas408.c
scsi: qlogicfas: move bus_reset to host_reset
2017-08-25 17:21:11 -04:00
qlogicfas408.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
qlogicfas.c
scsi: qlogicfas: move bus_reset to host_reset
2017-08-25 17:21:11 -04:00
qlogicpti.c
scsi: qlogicpti: fixup qlogicpti_reset() definition
2017-08-28 22:15:46 -04:00
qlogicpti.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
raid_class.c
script_asm.pl
scsi_common.c
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
scsi_debug.c
scsi: scsi_debug: write_same: fix error report
2017-12-20 10:10:28 +01:00
scsi_debugfs.c
scsi: core: Fix a scsi_show_rq() NULL pointer dereference
2017-12-20 10:10:20 +01:00
scsi_debugfs.h
scsi: Implement blk_mq_ops.show_rq()
2017-04-26 15:09:04 -06:00
scsi_devinfo.c
scsi: devinfo: fix format of the device list
2018-04-26 11:02:10 +02:00
scsi_dh.c
scsi: dh: add new rdac devices
2018-03-19 08:42:53 +01:00
scsi_error.c
scsi: core: Avoid that ATA error handling can trigger a kernel hang or oops
2018-03-15 10:54:29 +01:00
scsi_ioctl.c
scsi: Suppress gcc 7 fall-through warnings reported with W=1
2017-08-25 17:08:07 -04:00
scsi_lib_dma.c
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
scsi_lib.c
scsi: core: Make SCSI Status CONDITION MET equivalent to GOOD
2018-05-25 16:17:50 +02:00
scsi_logging.c
scsi_logging.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
scsi_module.c
scsi_netlink.c
netlink: extended ACK reporting
2017-04-13 13:58:20 -04:00
scsi_pm.c
scsi_priv.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
scsi_proc.c
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
scsi_sas_internal.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
scsi_scan.c
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
scsi_sysctl.c
scsi_sysfs.c
scsi: core: check for device state in __scsi_remove_target()
2018-02-22 15:42:31 +01:00
scsi_trace.c
scsi_transport_api.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
scsi_transport_fc.c
scsi: fc: check for rport presence in fc_block_scsi_eh
2017-10-11 14:33:12 -04:00
scsi_transport_iscsi.c
scsi: iscsi: respond to netlink with unicast when appropriate
2018-06-21 04:02:43 +09:00
scsi_transport_sas.c
scsi: scsi_transport_sas: switch to bsg-lib for SMP passthrough
2017-08-29 21:51:45 -04:00
scsi_transport_spi.c
scsi: merge __scsi_execute into scsi_execute
2017-02-23 16:57:19 -05:00
scsi_transport_srp.c
scsi: scsi_transport_srp: Fix shost to rport translation
2018-06-05 11:41:59 +02:00
scsi_typedefs.h
scsi.c
Merge branch 'fixes' into misc
2017-09-07 12:12:43 -07:00
scsi.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
scsicam.c
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
sd_dif.c
sd_zbc.c
scsi: sd_zbc: Avoid that resetting a zone fails sporadically
2018-06-11 22:49:17 +02:00
sd.c
scsi: sd: Keep disk read-only when re-reading partition
2018-05-25 16:17:49 +02:00
sd.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
sense_codes.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
ses.c
scsi: ses: don't ask for diagnostic pages repeatedly during probe
2018-03-19 08:42:51 +01:00
sg.c
scsi: sg: mitigate read/write abuse
2018-07-11 16:29:14 +02:00
sgiwd93.c
scsi: drop bus reset for wd33c93-compatible boards
2017-08-25 17:21:10 -04:00
sim710.c
sni_53c710.c
scsi: remove incorrect __exit markups
2017-03-15 19:27:46 -04:00
sr_ioctl.c
sr: pass down correctly sized SCSI sense buffer
2018-05-30 07:51:49 +02:00
sr_vendor.c
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
sr.c
cdrom: do not call check_disk_change() inside cdrom_open()
2018-05-30 07:52:34 +02:00
sr.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
st_options.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
st.c
scsi: st: fix blk_get_queue usage
2017-08-08 11:49:51 -04:00
st.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
stex.c
scsi: stex: make S6flag static
2017-04-26 18:32:29 -04:00
storvsc_drv.c
scsi: storvsc: Set up correct queue depth values for IDE devices
2018-06-21 04:02:46 +09:00
sun3_scsi_vme.c
sun3_scsi.c
scsi: NCR5380: Move bus reset to host reset
2017-08-25 17:21:11 -04:00
sun3x_esp.c
sun_esp.c
scsi: sun_esp: fix device reference leaks
2017-06-27 21:46:55 -04:00
sym53c416.c
sym53c416.h
virtio_scsi.c
scsi: virtio: virtio_scsi: Set can_queue to the length of the virtqueue.
2017-08-24 22:28:51 -04:00
vmw_pvscsi.c
scsi: vmw-pvscsi: return DID_BUS_BUSY for adapter-initated aborts
2018-06-21 04:02:52 +09:00
vmw_pvscsi.h
scsi: vmw_pvscsi: switch to pci_alloc_irq_vectors
2017-01-11 22:31:03 -05:00
wd33c93.c
scsi: drop bus reset for wd33c93-compatible boards
2017-08-25 17:21:10 -04:00
wd33c93.h
wd719x.c
wd719x.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
xen-scsifront.c
scsi: xen-scsifront: Remove code that zeroes driver-private command data
2017-06-12 21:02:04 -04:00
zalon.c
parisc/scsi/zalon: Fix section mismatches
2017-08-22 16:34:36 +02:00
zorro7xx.c