shinys000114/linux
1
0
Fork 0
mirror of https://github.com/hardkernel/linux.git synced 2026-04-05 12:43:09 +09:00
Code Issues Packages Projects Releases Wiki Activity
Files
c57692fcaaa8a8dd78eb3fd7b0a8a8eaae8b7666
linux/fs
History
Dan Rosenberg 8875b99e83 Btrfs: fix checks in BTRFS_IOC_CLONE_RANGE 
commit 2ebc346478 upstream.

1.  The BTRFS_IOC_CLONE and BTRFS_IOC_CLONE_RANGE ioctls should check
whether the donor file is append-only before writing to it.

2.  The BTRFS_IOC_CLONE_RANGE ioctl appears to have an integer
overflow that allows a user to specify an out-of-bounds range to copy
from the source file (if off + len wraps around).  I haven't been able
to successfully exploit this, but I'd imagine that a clever attacker
could use this to read things he shouldn't.  Even if it's not
exploitable, it couldn't hurt to be safe.

Signed-off-by: Dan Rosenberg <dan.j.rosenberg@gmail.com>
Signed-off-by: Chris Mason <chris.mason@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2010-08-02 10:20:47 -07:00
..
9p
9p: Skip check for mandatory locks when unlocking
2010-04-26 07:41:29 -07:00
adfs
adfs: remove redundant test on unsigned
2009-09-24 07:21:05 -07:00
affs
fix affs parse_options()
2010-02-09 04:50:48 -08:00
afs
FS-Cache: Handle pages pending storage that get evicted under OOM conditions
2009-11-19 18:11:35 +00:00
autofs
trivial: remove unnecessary semicolons
2009-09-21 15:14:58 +02:00
autofs4
autofs4 - fix missed case when changing to use struct path
2009-08-31 17:44:05 -10:00
befs
befs: fix leak
2010-02-23 07:37:55 -08:00
bfs
Fix failure exits in bfs_fill_super()
2010-02-09 04:50:46 -08:00
btrfs
Btrfs: fix checks in BTRFS_IOC_CLONE_RANGE
2010-08-02 10:20:47 -07:00
cachefiles
CacheFiles: Fix error handling in cachefiles_determine_cache_security()
2010-05-26 14:29:20 -07:00
cifs
CIFS: Fix a malicious redirect problem in the DNS lookup code
2010-08-02 10:20:43 -07:00
coda
headers: remove sched.h from poll.h
2009-10-04 15:05:10 -07:00
configfs
writeback: add name to backing_dev_info
2009-09-11 09:20:26 +02:00
cramfs
fs/cramfs: return f_fsid for statfs(2)
2009-04-02 19:05:08 -07:00
debugfs
debugfs: fix create mutex racy fops and private data
2009-12-18 14:04:16 -08:00
devpts
devpts_get_tty() should validate inode
2009-12-18 14:04:15 -08:00
dlm
dlm: fix socket fd translation
2009-09-30 12:19:44 -05:00
ecryptfs
ecryptfs: fix error code for missing xattrs in lower fs
2010-04-26 07:41:33 -07:00
efs
get rid of BKL in fs/efs
2009-06-17 00:36:36 -04:00
exofs
exofs: confusion between kmap() and kmap_atomic() api
2010-07-05 11:10:47 -07:00
exportfs
Merge branch 'next' into for-linus
2008-12-25 11:40:09 +11:00
ext2
Merge branch 'hwpoison' of git://git.kernel.org/pub/scm/linux/kernel/git/ak/linux-mce-2.6
2009-09-24 07:53:22 -07:00
ext3
ext3: journal all modifications in ext3_xattr_set_handle
2010-04-26 07:41:21 -07:00
ext4
ext4: correctly calculate number of blocks for fiemap
2010-05-12 14:57:10 -07:00
fat
fat: fix buffer overflow in vfat_create_shortname()
2010-04-26 07:41:13 -07:00
freevxfs
headers: smp_lock.h redux
2009-07-12 12:22:34 -07:00
fscache
FS-Cache: Provide nop fscache_stat_d() if CONFIG_FSCACHE_STATS=n
2009-11-20 21:50:44 +00:00
fuse
mm: flush dcache before writing into page to avoid alias
2010-02-09 04:50:59 -08:00
gfs2
GFS2: Fix permissions checking for setflags ioctl()
2010-07-05 11:11:14 -07:00
hfs
hfs: fix a potential buffer overflow
2009-12-18 14:04:08 -08:00
hfsplus
hfsplus: refuse to mount volumes larger than 2TB
2009-10-29 07:39:27 -07:00
hostfs
hostfs: set maximum filesize in superblock for proper LFS support
2009-06-30 18:56:03 -07:00
hpfs
headers: smp_lock.h redux
2009-07-12 12:22:34 -07:00
hppfs
hppfs: hppfs_read_file() may return -ERROR
2009-04-02 19:04:53 -07:00
hugetlbfs
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6
2009-09-24 08:32:11 -07:00
isofs
fs: Make unload_nls() NULL pointer safe
2009-09-24 07:47:42 -04:00
jbd
jbd: jbd-debug and jbd2-debug should be writable
2010-07-05 11:11:20 -07:00
jbd2
jbd: jbd-debug and jbd2-debug should be writable
2010-07-05 11:11:20 -07:00
jffs2
jffs2: Fix long-standing bug with symlink garbage collection.
2009-12-18 14:05:52 -08:00
jfs
jfs: fix diAllocExt error in resizing filesystem
2010-05-12 14:57:11 -07:00
lockd
headers: utsname.h redux
2009-09-23 18:13:10 -07:00
minix
V3 minixfs: add missing directory type checking
2009-09-23 07:39:57 -07:00
ncpfs
const: mark struct vm_struct_operations
2009-09-27 11:39:25 -07:00
nfs
NFSv4: Ensure that /proc/self/mountinfo displays the minor version number
2010-08-02 10:20:45 -07:00
nfs_common
SUNRPC: nfsacl_encode/nfsacl_decode should be exported as GPL-only
2008-12-23 15:21:32 -05:00
nfsd
NFSD: don't report compiled-out versions as present
2010-07-05 11:10:27 -07:00
nilfs2
nilfs2: fix sync silent failure
2010-05-26 14:29:21 -07:00
nls
Merge git://git.kernel.org/pub/scm/linux/kernel/git/hirofumi/fatfs-2.6
2009-09-30 09:31:14 -07:00
notify
inotify: don't leak user struct on inotify release
2010-05-26 14:29:17 -07:00
ntfs
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6
2009-09-24 08:32:11 -07:00
ocfs2
ocfs2_dlmfs: Fix math error when reading LVB.
2010-05-12 14:57:04 -07:00
omfs
const: constify remaining file_operations
2009-10-01 16:11:11 -07:00
openpromfs
zero i_uid/i_gid on inode allocation
2009-01-05 11:54:28 -05:00
partitions
fs/partition/msdos: fix unusable extended partition for > 512B sector
2010-04-01 15:58:44 -07:00
proc
revert "procfs: provide stack information for threads" and its fixup commits
2010-05-26 14:29:19 -07:00
qnx4
qnx4: remove write support
2009-09-23 07:39:30 -07:00
quota
quota: Fix possible dq_flags corruption
2010-04-26 07:41:29 -07:00
ramfs
truncate: use new helpers
2009-09-24 08:41:47 -04:00
reiserfs
reiserfs: fix corruption during shrinking of xattrs
2010-05-12 14:57:01 -07:00
romfs
fix leak in romfs_fill_super()
2010-02-09 04:50:47 -08:00
smbfs
fs: Make unload_nls() NULL pointer safe
2009-09-24 07:47:42 -04:00
squashfs
const: mark remaining super_operations const
2009-09-22 07:17:24 -07:00
sysfs
sysfs: sysfs_sd_setattr set iattrs unconditionally
2010-02-23 07:37:56 -08:00
sysv
get rid of BKL in fs/sysv
2009-06-17 00:36:37 -04:00
ubifs
const: mark struct vm_struct_operations
2009-09-27 11:39:25 -07:00
udf
udf: Try harder when looking for VAT inode
2010-01-06 15:05:00 -08:00
ufs
ufs: sector_t cannot be negative
2009-06-18 13:03:46 -07:00
xfs
xfs: add a shrinker to background inode reclaim
2010-05-12 14:57:13 -07:00
aio.c
aio.c: move EXPORT* macros to line after function
2009-09-23 07:39:29 -07:00
anon_inodes.c
headers: remove sched.h from poll.h
2009-10-04 15:05:10 -07:00
attr.c
truncate: new helpers
2009-09-24 08:41:47 -04:00
bad_inode.c
kill ->dir_notify()
2008-12-31 18:07:43 -05:00
binfmt_aout.c
Split 'flush_old_exec' into two functions
2010-02-09 04:50:49 -08:00
binfmt_elf_fdpic.c
Split 'flush_old_exec' into two functions
2010-02-09 04:50:49 -08:00
binfmt_elf.c
Split 'flush_old_exec' into two functions
2010-02-09 04:50:49 -08:00
binfmt_em86.c
Allow recursion in binfmt_script and binfmt_misc
2008-10-16 11:21:38 -07:00
binfmt_flat.c
Split 'flush_old_exec' into two functions
2010-02-09 04:50:49 -08:00
binfmt_misc.c
fs/binfmt_misc.c: add terminating newline to /proc/sys/fs/binfmt_misc/status
2009-01-06 15:59:19 -08:00
binfmt_script.c
Allow recursion in binfmt_script and binfmt_misc
2008-10-16 11:21:38 -07:00
binfmt_som.c
Split 'flush_old_exec' into two functions
2010-02-09 04:50:49 -08:00
bio-integrity.c
block: fix bugs in bio-integrity mempool usage
2010-02-09 04:50:58 -08:00
bio.c
block: fix bio_add_page for non trivial merge_bvec_fn case
2010-02-09 04:50:58 -08:00
block_dev.c
raw: fsync method is now required
2010-04-26 07:41:19 -07:00
buffer.c
Merge branch 'writeback' of git://git.kernel.dk/linux-2.6-block
2009-09-25 09:27:30 -07:00
char_dev.c
fs/char_dev.c: remove useless loop
2009-09-24 07:21:03 -07:00
compat_binfmt_elf.c
compat_ioctl.c
fs: add missing compat_ptr handling for FS_IOC_RESVSP ioctl
2009-11-12 07:25:57 -08:00
compat.c
revert "procfs: provide stack information for threads" and its fixup commits
2010-05-26 14:29:19 -07:00
dcache.c
sched: Pull up the might_sleep() check into cond_resched()
2009-07-18 15:51:44 +02:00
dcookies.c
[CVE-2009-0029] System call wrapper special cases
2009-01-14 14:15:18 +01:00
direct-io.c
block: Do away with the notion of hardsect_size
2009-05-22 23:22:54 +02:00
drop_caches.c
sysctl: remove "struct file *" argument of ->proc_handler
2009-09-24 07:21:04 -07:00
eventfd.c
anonfd: split interface into file creation and install
2009-09-23 07:39:29 -07:00
eventpoll.c
epoll: fix nested calls support
2009-06-18 13:03:41 -07:00
exec.c
revert "procfs: provide stack information for threads" and its fixup commits
2010-05-26 14:29:19 -07:00
fcntl.c
Fix race in tty_fasync() properly
2010-02-23 07:37:44 -08:00
fifo.c
[PATCH] introduce fmode_t, do annotations
2008-10-21 07:47:06 -04:00
file_table.c
vfs: take f_lock on modifying f_mode after open time
2010-03-15 08:49:37 -07:00
file.c
headers: remove sched.h from interrupt.h
2009-10-11 11:20:58 -07:00
filesystems.c
fs: Mark get_filesystem_list() as __init function.
2009-04-20 23:02:52 -04:00
fs_struct.c
Get rid of indirect include of fs_struct.h
2009-03-31 23:00:27 -04:00
fs-writeback.c
writeback: disable periodic old data writeback for !dirty_writeback_centisecs
2010-07-05 11:10:45 -07:00
generic_acl.c
New helper - current_umask()
2009-03-31 23:00:26 -04:00
inode.c
vfs: optimize touch_time() too
2009-09-24 07:47:27 -04:00
internal.h
fs: fix overflow in sys_mount() for in-kernel calls
2009-09-24 08:40:15 -04:00
ioctl.c
__generic_block_fiemap(): fix for files bigger than 4GB
2009-11-12 07:26:01 -08:00
ioprio.c
[CVE-2009-0029] System call wrappers part 28
2009-01-14 14:15:30 +01:00
Kconfig
powerpc: Cleanup Kconfig selection of hugetlbfs support
2009-10-30 15:03:54 +11:00
Kconfig.binfmt
CORE_DUMP_DEFAULT_ELF_HEADERS depends on ELF_CORE
2009-01-09 16:54:41 -08:00
libfs.c
wrong type for 'magic' argument in simple_fill_super()
2010-07-05 11:11:12 -07:00
locks.c
const: make lock_manager_operations const
2009-09-22 07:17:25 -07:00
Makefile
nilfs2: update makefile and Kconfig
2009-04-07 08:31:16 -07:00
mbcache.c
mpage.c
ext4: Properly initialize the buffer_head state
2009-05-13 15:13:42 -04:00
namei.c
fix LOOKUP_FOLLOW on automount "symlinks"
2010-03-15 08:49:32 -07:00
namespace.c
vfs: add NOFOLLOW flag to umount(2)
2010-07-05 11:11:15 -07:00
nfsctl.c
[CVE-2009-0029] System call wrappers part 27
2009-01-14 14:15:29 +01:00
no-block.c
open.c
fs: change sys_truncate length parameter type
2009-09-23 09:21:05 -07:00
pipe.c
fs: pipe.c null pointer dereference
2009-10-22 08:11:44 +09:00
pnode.c
pnode.h
posix_acl.c
CRED: Wrap task credential accesses in the filesystem subsystem
2008-11-14 10:39:05 +11:00
read_write.c
vfs: remove redundant position check in do_sendfile
2009-09-24 07:47:34 -04:00
read_write.h
readdir.c
[CVE-2009-0029] System call wrappers part 32
2009-01-14 14:15:31 +01:00
select.c
headers: remove sched.h from poll.h
2009-10-04 15:05:10 -07:00
seq_file.c
vfs: seq_file: add helpers for data filling
2009-09-24 07:47:35 -04:00
signalfd.c
[CVE-2009-0029] System call wrappers part 31
2009-01-14 14:15:31 +01:00
splice.c
Merge branch 'for-2.6.32' of git://git.kernel.dk/linux-2.6-block
2009-09-14 17:55:15 -07:00
stack.c
stat.c
Add unlocked version of inode_add_bytes() function
2010-01-06 15:05:01 -08:00
super.c
vfs: get_sb_single() - do not pass options twice
2010-01-28 15:00:47 -08:00
sync.c
fs/buffer.c: clean up EXPORT* macros
2009-09-23 07:39:29 -07:00
timerfd.c
timerfd: add flags check
2009-02-18 15:37:53 -08:00
utimes.c
[CVE-2009-0029] System call wrappers part 30
2009-01-14 14:15:30 +01:00
xattr_acl.c
xattr.c
VFS: Factor out part of vfs_setxattr so it can be called from the SELinux hook for inode_setsecctx.
2009-09-10 10:11:22 +10:00