WSL2-Linux-Kernel/drivers
Al Viro 137d01df51 Fix missing sanity check in /dev/sg
What happens is that a write to /dev/sg is given a request with non-zero
->iovec_count combined with zero ->dxfer_len.  Or with ->dxferp pointing
to an array full of empty iovecs.

Having write permission to /dev/sg shouldn't be equivalent to the
ability to trigger BUG_ON() while holding spinlocks...

Found by Dmitry Vyukov and syzkaller.

[ The BUG_ON() got changed to a WARN_ON_ONCE(), but this fixes the
  underlying issue.  - Linus ]

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Cc: stable@vger.kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2017-02-19 09:54:31 -08:00
..
accessibility
acpi Merge branch 'libnvdimm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm 2017-02-06 19:36:04 -08:00
amba
android
ata ata: sata_mv:- Handle return value of devm_ioremap. 2017-01-06 15:45:32 -05:00
atm Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
auxdisplay auxdisplay: fix new ht16k33 build errors 2017-01-11 09:27:30 +01:00
base Merge branches 'pm-core-fixes' and 'pm-cpufreq-fixes' 2017-02-06 14:52:10 +01:00
bcma Revert "bcma: init serial console directly from ChipCommon code" 2017-01-17 14:23:44 +02:00
block xen-blkfront: correct maximum segment accounting 2017-01-23 13:27:42 -05:00
bluetooth Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2016-12-16 10:24:44 -08:00
bus cpu/hotplug: Cleanup state names 2016-12-25 10:47:44 +01:00
cdrom Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
char Revert "hwrng: core - zeroize buffers with random data" 2017-02-08 18:06:03 -08:00
clk One fix for Samsung Exynos524x SoCs where recent IOMMU patches have 2017-01-21 18:46:45 -08:00
clocksource clocksource/exynos_mct: Clear interrupt when cpu is shut down 2017-01-17 10:08:38 +01:00
connector
cpufreq Merge branches 'pm-core-fixes' and 'pm-cpufreq-fixes' 2017-02-06 14:52:10 +01:00
cpuidle Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
crypto Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2017-02-06 14:16:23 -08:00
dax libnvdimm for 4.10 2016-12-18 15:49:10 -08:00
dca
devfreq PM / devfreq: exynos-bus: Fix the wrong return value 2017-01-03 00:21:45 +01:00
dio Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
dma dmaengine: pl330: fix double lock 2017-01-25 15:35:11 +05:30
dma-buf
edac Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
eisa
extcon extcon: return error code on failure 2017-01-11 09:11:39 +01:00
firewire
firmware efi/fdt: Avoid FDT manipulation after ExitBootServices() 2017-02-01 21:17:49 +01:00
fmc
fpga fpga: Clarify how write_init works streaming modes 2016-11-29 15:51:49 -06:00
gpio gpio: provide lockdep keys for nested/unnested irqchips 2017-01-19 09:57:20 +01:00
gpu Merge branch 'drm-fixes-4.10' of git://people.freedesktop.org/~agd5f/linux into drm-fixes 2017-02-17 11:13:17 +10:00
hid HID: cp2112: fix gpio-callback error handling 2017-01-31 12:59:33 +01:00
hsi
hv Drivers: hv: vmbus: finally fix hv_need_to_signal_on_read() 2017-01-31 10:59:48 +01:00
hwmon hwmon: (lm90) fix temp1_max_alarm attribute 2017-01-02 10:15:28 -08:00
hwspinlock
hwtracing coresight/etm3/4x: Consolidate hotplug state space 2016-12-25 10:47:44 +01:00
i2c Revert "i2c: designware: detect when dynamic tar update is possible" 2017-02-14 22:10:26 +01:00
ide Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
idle Power management material for v4.10-rc1 2016-12-13 10:41:53 -08:00
iio iio: dht11: Use usleep_range instead of msleep for start signal 2017-01-22 13:35:40 +00:00
infiniband IB/rxe: Fix mem_check_range integer overflow 2017-02-08 12:28:30 -05:00
input Input: elan_i2c - add ELAN0605 to the ACPI table 2017-02-12 18:36:49 -08:00
iommu IOMMU Fixes for Linux v4.10-rc2 2017-01-06 10:49:36 -08:00
ipack
irqchip irqchip/mxs: Enable SKIP_SET_WAKE and MASK_ON_SUSPEND 2016-12-31 19:06:44 +00:00
isdn ISDN: eicon: silence misleading array-bounds warning 2017-01-27 11:27:34 -05:00
leds cpu/hotplug: Cleanup state names 2016-12-25 10:47:44 +01:00
lguest Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
lightnvm Char/Misc driver patches for 4.10-rc1 2016-12-13 12:11:01 -08:00
macintosh Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
mailbox ktime: Cleanup ktime_set() usage 2016-12-25 17:21:22 +01:00
mcb
md dm crypt: replace RCU read-side section with rwsem 2017-02-03 10:26:14 -05:00
media media fixes for v4.10-rc9 2017-02-16 10:22:41 -08:00
memory Fixes for drivers already queued to prevent 2016-11-30 14:58:00 +01:00
memstick drivers/memstick/core/memstick.c: avoid -Wnonnull warning 2017-01-24 16:26:14 -08:00
message Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
mfd - New Device Support 2016-12-19 08:16:26 -08:00
misc mei: bus: enable OS version only for SPT and newer 2017-01-11 07:43:57 +01:00
mmc mmc: core: fix multi-bit bus width without high-speed mode 2017-02-14 08:50:10 +01:00
mtd mtd: nand: lpc32xx: fix invalid error handling of a requested irq 2017-01-04 20:50:18 +01:00
net vxlan: fix oops in dev_fill_metadata_dst 2017-02-17 15:32:06 -05:00
nfc
ntb ntb: ntb_hw_intel: link_poll isn't clearing the pending status properly 2017-02-16 23:11:26 -05:00
nubus Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
nvdimm libnvdimm, pfn: fix memmap reservation size versus 4K alignment 2017-02-04 14:47:31 -08:00
nvme nvme-fc: use blk_rq_nr_phys_segments 2017-01-26 17:49:14 +02:00
nvmem nvmem: fix nvmem_cell_read() return type doc 2017-01-04 18:22:47 +01:00
of pci-v4.10-changes 2016-12-15 12:46:48 -08:00
oprofile Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
parisc Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
parport parisc, parport_gsc: Fixes for printk continuation lines 2017-01-28 21:54:21 +01:00
pci PCI/PME: Restore pcie_pme_driver.remove 2017-02-15 09:39:32 -06:00
pcmcia drivers/pcmcia/m32r_pcc.c: check return from add_pcc_socket 2016-12-12 18:55:06 -08:00
perf cpu/hotplug: Cleanup state names 2016-12-25 10:47:44 +01:00
phy SCSI misc on 20161213 2016-12-14 10:49:33 -08:00
pinctrl pinctrl: baytrail: Add missing spinlock usage in byt_gpio_irq_handler 2017-01-30 15:53:57 +01:00
platform platform/x86: ideapad-laptop: handle ACPI event 1 2017-01-22 12:47:06 +02:00
pnp Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
power ktime: Cleanup ktime_set() usage 2016-12-25 17:21:22 +01:00
powercap powercap / RAPL: Add Knights Mill CPUID 2016-11-30 23:41:33 +01:00
pps
ps3
ptp Merge branch 'timers-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2016-12-12 19:56:15 -08:00
pwm pwm: Changes for v4.10-rc1 2016-12-15 11:45:13 -08:00
rapidio
ras
regulator regulator: Fixes for v4.10 2017-02-03 13:46:38 -08:00
remoteproc Revert "remoteproc: Merge table_ptr and cached_table pointers" 2016-12-30 03:26:31 -08:00
reset reset: fix shared reset triggered_count decrement on error 2017-02-17 08:11:47 +01:00
rpmsg rpmsg: virtio_rpmsg_bus: fix channel creation 2016-12-30 03:12:11 -08:00
rtc rtc: jz4740: make the driver buildable as a module again 2017-01-26 23:03:21 +01:00
s390 SCSI fixes on 20170210 2017-02-11 09:01:03 -08:00
sbus Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
scsi Fix missing sanity check in /dev/sg 2017-02-19 09:54:31 -08:00
sfi
sh lib: radix-tree: check accounting of existing slot replacement users 2016-12-12 18:55:08 -08:00
sn
soc soc: ti: wkup_m3_ipc: Fix error return code in wkup_m3_ipc_probe() 2017-01-12 13:37:49 -08:00
spi spi: Fixes for v4.10 2017-01-20 12:25:11 -08:00
spmi
ssb
staging mm: avoid returning VM_FAULT_RETRY from ->page_mkwrite handlers 2017-02-08 15:41:43 -08:00
target target: Fix COMPARE_AND_WRITE ref leak for non GOOD status 2017-02-08 08:25:39 -08:00
tc
thermal Revert "thermal: thermal_hwmon: Convert to hwmon_device_register_with_info()" 2017-01-25 09:51:08 +08:00
thunderbolt Char/Misc driver patches for 4.10-rc1 2016-12-13 12:11:01 -08:00
tty sysrq: attach sysrq handler correctly for 32-bit kernel 2017-01-11 09:22:54 +01:00
uio uio-hv-generic: store physical addresses instead of virtual 2016-12-10 14:57:58 +01:00
usb USB-serial fixes for v4.10-rc7 2017-02-03 22:19:15 +01:00
uwb
vfio vfio/spapr_tce: Set window when adding additional groups to container 2017-02-07 11:48:16 -07:00
vhost vhost: fix initialization for vq->is_le 2017-02-03 23:38:57 +02:00
video fbdev: color map copying bounds checking 2017-01-24 16:26:14 -08:00
virt
virtio Revert "vring: Force use of DMA API for ARM-based systems with legacy devices" 2017-02-03 23:38:50 +02:00
vlynq
vme vme: Fix wrong pointer utilization in ca91cx42_slave_get 2017-01-11 10:42:16 +01:00
w1
watchdog Watchdog updates for v4.10 2016-12-24 11:27:45 -08:00
xen Merge branch 'stable/for-linus-4.10' of git://git.kernel.org/pub/scm/linux/kernel/git/konrad/swiotlb 2017-01-27 12:17:07 -08:00
zorro Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
Kconfig
Makefile