WSL2-Linux-Kernel/drivers
Vasiliy Kulikov b522f02184 agp: fix OOM and buffer overflow
page_count is copied from userspace.  agp_allocate_memory() tries to
check whether this number is too big, but doesn't take into account the
wrap case.  Also agp_create_user_memory() doesn't check whether
alloc_size is calculated from num_agp_pages variable without overflow.
This may lead to allocation of too small buffer with following buffer
overflow.

Another problem in agp code is not addressed in the patch - kernel memory
exhaustion (AGPIOC_RESERVE and AGPIOC_ALLOCATE ioctls).  It is not checked
whether requested pid is a pid of the caller (no check in agpioc_reserve_wrap()).
Each allocation is limited to 16KB, though, there is no per-process limit.
This might lead to OOM situation, which is not even solved in case of the
caller death by OOM killer - the memory is allocated for another (faked) process.

Signed-off-by: Vasiliy Kulikov <segoon@openwall.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
2011-04-21 11:51:04 +10:00
..
accessibility
acpi Fix common misspellings 2011-03-31 11:26:23 -03:00
amba Fix common misspellings 2011-03-31 11:26:23 -03:00
ata Fix common misspellings 2011-03-31 11:26:23 -03:00
atm Merge branch 'for-linus2' of git://git.profusion.mobi/users/lucas/linux-2.6 2011-04-07 11:14:49 -07:00
auxdisplay Fix common misspellings 2011-03-31 11:26:23 -03:00
base Fix common misspellings 2011-03-31 11:26:23 -03:00
block Fix common misspellings 2011-03-31 11:26:23 -03:00
bluetooth Merge branch 'for-linus2' of git://git.profusion.mobi/users/lucas/linux-2.6 2011-04-07 11:14:49 -07:00
cdrom Fix common misspellings 2011-03-31 11:26:23 -03:00
char agp: fix OOM and buffer overflow 2011-04-21 11:51:04 +10:00
clk
clocksource
connector connector: convert to synchronous netlink message processing 2011-03-30 17:14:33 -07:00
cpufreq Fix common misspellings 2011-03-31 11:26:23 -03:00
cpuidle
crypto Fix common misspellings 2011-03-31 11:26:23 -03:00
dca drivers/dca/dca-core.c: use list_move() instead of list_del()/list_add() combination 2011-03-22 17:44:12 -07:00
dio
dma Merge branch 'sh-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/lethal/sh-2.6 2011-04-07 12:48:45 -07:00
edac Merge branch 'for-linus2' of git://git.profusion.mobi/users/lucas/linux-2.6 2011-04-07 11:14:49 -07:00
eisa
firewire Fix common misspellings 2011-03-31 11:26:23 -03:00
firmware sigma-firmware: loader for Analog Devices' SigmaStudio 2011-03-22 17:44:15 -07:00
gpio Fix common misspellings 2011-03-31 11:26:23 -03:00
gpu drm/radeon/kms: fix IH writeback on r6xx+ on big endian machines 2011-04-20 10:45:21 +10:00
hid Merge branch 'for-linus2' of git://git.profusion.mobi/users/lucas/linux-2.6 2011-04-07 11:14:49 -07:00
hwmon Merge branch 'for-linus2' of git://git.profusion.mobi/users/lucas/linux-2.6 2011-04-07 11:14:49 -07:00
hwspinlock hwspinlock: depend on OMAP4 2011-03-18 17:15:11 -07:00
i2c Fix common misspellings 2011-03-31 11:26:23 -03:00
ide Merge branch 'for-linus2' of git://git.profusion.mobi/users/lucas/linux-2.6 2011-04-07 11:14:49 -07:00
idle
ieee802154 ieee802154: change to new flag variable 2011-03-17 14:05:34 +01:00
infiniband Fix common misspellings 2011-03-31 11:26:23 -03:00
input Merge branch 'for-linus2' of git://git.profusion.mobi/users/lucas/linux-2.6 2011-04-07 11:14:49 -07:00
isdn Fix common misspellings 2011-03-31 11:26:23 -03:00
leds Fix common misspellings 2011-03-31 11:26:23 -03:00
lguest Fix common misspellings 2011-03-31 11:26:23 -03:00
macintosh Merge branch 'for-linus2' of git://git.profusion.mobi/users/lucas/linux-2.6 2011-04-07 11:14:49 -07:00
mca
md Merge branch 'for-linus2' of git://git.profusion.mobi/users/lucas/linux-2.6 2011-04-07 11:14:49 -07:00
media Merge branch 'for-linus2' of git://git.profusion.mobi/users/lucas/linux-2.6 2011-04-07 11:14:49 -07:00
memstick Fix common misspellings 2011-03-31 11:26:23 -03:00
message Fix common misspellings 2011-03-31 11:26:23 -03:00
mfd Fix common misspellings 2011-03-31 11:26:23 -03:00
misc Fix common misspellings 2011-03-31 11:26:23 -03:00
mmc Fix common misspellings 2011-03-31 11:26:23 -03:00
mtd Merge branch 'for-linus' of git://git.infradead.org/ubifs-2.6 2011-04-07 11:31:03 -07:00
net Merge branch 'for-linus2' of git://git.profusion.mobi/users/lucas/linux-2.6 2011-04-07 11:14:49 -07:00
nfc
nubus
of Fix common misspellings 2011-03-31 11:26:23 -03:00
oprofile
parisc Fix common misspellings 2011-03-31 11:26:23 -03:00
parport Fix common misspellings 2011-03-31 11:26:23 -03:00
pci Fix common misspellings 2011-03-31 11:26:23 -03:00
pcmcia Fix common misspellings 2011-03-31 11:26:23 -03:00
platform Fix common misspellings 2011-03-31 11:26:23 -03:00
pnp Fix common misspellings 2011-03-31 11:26:23 -03:00
power drivers: Final irq namespace conversion 2011-03-29 14:48:19 +02:00
pps Fix common misspellings 2011-03-31 11:26:23 -03:00
ps3 Fix common misspellings 2011-03-31 11:26:23 -03:00
rapidio Fix common misspellings 2011-03-31 11:26:23 -03:00
regulator Fix common misspellings 2011-03-31 11:26:23 -03:00
rtc Merge branches 'x86-fixes-for-linus', 'sched-fixes-for-linus', 'timers-fixes-for-linus', 'irq-fixes-for-linus' and 'perf-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip 2011-04-07 12:12:58 -07:00
s390 Merge branch 'for-linus' of git://git390.marist.edu/pub/scm/linux-2.6 2011-04-08 07:36:14 -07:00
sbus Fix common misspellings 2011-03-31 11:26:23 -03:00
scsi Merge branch 'for-linus2' of git://git.profusion.mobi/users/lucas/linux-2.6 2011-04-07 11:14:49 -07:00
sfi Fix common misspellings 2011-03-31 11:26:23 -03:00
sh sh: Fix irq cleanup fallout 2011-03-30 00:15:49 +02:00
sn
spi Fix common misspellings 2011-03-31 11:26:23 -03:00
ssb Fix common misspellings 2011-03-31 11:26:23 -03:00
staging Merge branch 'staging-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging-2.6 2011-04-07 11:36:44 -07:00
target Fix common misspellings 2011-03-31 11:26:23 -03:00
tc
telephony Fix common misspellings 2011-03-31 11:26:23 -03:00
thermal
tty Merge branch 'sh-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/lethal/sh-2.6 2011-04-07 12:48:45 -07:00
uio Fix common misspellings 2011-03-31 11:26:23 -03:00
usb Merge branch 'for-linus2' of git://git.profusion.mobi/users/lucas/linux-2.6 2011-04-07 11:14:49 -07:00
uwb Fix common misspellings 2011-03-31 11:26:23 -03:00
vhost vhost-net: remove unlocked use of receive_queue 2011-03-13 23:08:19 +02:00
video Merge branch 'fbdev-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/lethal/fbdev-2.6 2011-04-07 12:49:17 -07:00
virtio
vlynq vlynq: Convert irq functions 2011-03-28 19:33:04 +02:00
w1 Fix common misspellings 2011-03-31 11:26:23 -03:00
watchdog watchdog: mpc8xxx_wdt: fix build 2011-04-07 20:20:24 +00:00
xen Fix common misspellings 2011-03-31 11:26:23 -03:00
zorro
Kconfig
Makefile