| Message ID | 20110218210215.95EBAF89F8@sepang.rtg.net |
|---|---|
| State | Accepted |
| Headers | show |
Acked-by: Stefan Bader <stefan.bader@canonical.com> On 02/18/2011 10:02 PM, Tim Gardner wrote: > The following changes since commit 41866a96c222c7d5d3da3abffb166ff3b80e1f3b: > Steve Conklin (1): > UBUNTU: Ubuntu-2.6.31-22.73 > > are available in the git repository at: > > git://kernel.ubuntu.com/rtg/ubuntu-karmic.git CVE-2010-4163 > > Jens Axboe (1): > block: check for proper length of iov entries in blk_rq_map_user_iov(), CVE-2010-4163 > > Xiaotian Feng (1): > block: check for proper length of iov entries earlier in blk_rq_map_user_iov(), CVE-2010-4163 > > block/blk-map.c | 3 +++ > 1 files changed, 3 insertions(+), 0 deletions(-) > > From 341514d149fbeca645542fb13b2b2bb10ef5274e Mon Sep 17 00:00:00 2001 > From: Jens Axboe <jaxboe@fusionio.com> > Date: Fri, 29 Oct 2010 08:10:18 -0600 > Subject: [PATCH 1/2] block: check for proper length of iov entries in blk_rq_map_user_iov(), CVE-2010-4163 > > BugLink: http://bugs.launchpad.net/bugs/721504 > > CVE-2010-4163 > > Ensure that we pass down properly validated iov segments before > calling into the mapping or copy functions. > > Reported-by: Dan Rosenberg <drosenberg@vsecurity.com> > Cc: stable@kernel.org > Signed-off-by: Jens Axboe <jaxboe@fusionio.com> > (cherry picked from commit 9284bcf4e335e5f18a8bc7b26461c33ab60d0689) > > Signed-off-by: Tim Gardner <tim.gardner@canonical.com> > --- > block/blk-map.c | 2 ++ > 1 files changed, 2 insertions(+), 0 deletions(-) > > diff --git a/block/blk-map.c b/block/blk-map.c > index 9083cf0..30a7e51 100644 > --- a/block/blk-map.c > +++ b/block/blk-map.c > @@ -205,6 +205,8 @@ int blk_rq_map_user_iov(struct request_queue *q, struct request *rq, > unaligned = 1; > break; > } > + if (!iov[i].iov_len) > + return -EINVAL; > } > > if (unaligned || (q->dma_pad_mask & len) || map_data)
On 02/18/2011 01:02 PM, Tim Gardner wrote: > The following changes since commit 41866a96c222c7d5d3da3abffb166ff3b80e1f3b: > Steve Conklin (1): > UBUNTU: Ubuntu-2.6.31-22.73 > > are available in the git repository at: > > git://kernel.ubuntu.com/rtg/ubuntu-karmic.git CVE-2010-4163 > > Jens Axboe (1): > block: check for proper length of iov entries in blk_rq_map_user_iov(), CVE-2010-4163 > > Xiaotian Feng (1): > block: check for proper length of iov entries earlier in blk_rq_map_user_iov(), CVE-2010-4163 > > block/blk-map.c | 3 +++ > 1 files changed, 3 insertions(+), 0 deletions(-) > > From 341514d149fbeca645542fb13b2b2bb10ef5274e Mon Sep 17 00:00:00 2001 > From: Jens Axboe<jaxboe@fusionio.com> > Date: Fri, 29 Oct 2010 08:10:18 -0600 > Subject: [PATCH 1/2] block: check for proper length of iov entries in blk_rq_map_user_iov(), CVE-2010-4163 > > BugLink: http://bugs.launchpad.net/bugs/721504 > > CVE-2010-4163 > > Ensure that we pass down properly validated iov segments before > calling into the mapping or copy functions. > > Reported-by: Dan Rosenberg<drosenberg@vsecurity.com> > Cc: stable@kernel.org > Signed-off-by: Jens Axboe<jaxboe@fusionio.com> > (cherry picked from commit 9284bcf4e335e5f18a8bc7b26461c33ab60d0689) > > Signed-off-by: Tim Gardner<tim.gardner@canonical.com> > --- > block/blk-map.c | 2 ++ > 1 files changed, 2 insertions(+), 0 deletions(-) > > diff --git a/block/blk-map.c b/block/blk-map.c > index 9083cf0..30a7e51 100644 > --- a/block/blk-map.c > +++ b/block/blk-map.c > @@ -205,6 +205,8 @@ int blk_rq_map_user_iov(struct request_queue *q, struct request *rq, > unaligned = 1; > break; > } > + if (!iov[i].iov_len) > + return -EINVAL; > } > > if (unaligned || (q->dma_pad_mask& len) || map_data) Acked-by: Brad Figg <brad.figg@canonical.com>
applied
The following changes since commit 41866a96c222c7d5d3da3abffb166ff3b80e1f3b: Steve Conklin (1): UBUNTU: Ubuntu-2.6.31-22.73 are available in the git repository at: git://kernel.ubuntu.com/rtg/ubuntu-karmic.git CVE-2010-4163 Jens Axboe (1): block: check for proper length of iov entries in blk_rq_map_user_iov(), CVE-2010-4163 Xiaotian Feng (1): block: check for proper length of iov entries earlier in blk_rq_map_user_iov(), CVE-2010-4163 block/blk-map.c | 3 +++ 1 files changed, 3 insertions(+), 0 deletions(-) From 341514d149fbeca645542fb13b2b2bb10ef5274e Mon Sep 17 00:00:00 2001 From: Jens Axboe <jaxboe@fusionio.com> Date: Fri, 29 Oct 2010 08:10:18 -0600 Subject: [PATCH 1/2] block: check for proper length of iov entries in blk_rq_map_user_iov(), CVE-2010-4163 BugLink: http://bugs.launchpad.net/bugs/721504 CVE-2010-4163 Ensure that we pass down properly validated iov segments before calling into the mapping or copy functions. Reported-by: Dan Rosenberg <drosenberg@vsecurity.com> Cc: stable@kernel.org Signed-off-by: Jens Axboe <jaxboe@fusionio.com> (cherry picked from commit 9284bcf4e335e5f18a8bc7b26461c33ab60d0689) Signed-off-by: Tim Gardner <tim.gardner@canonical.com> --- block/blk-map.c | 2 ++ 1 files changed, 2 insertions(+), 0 deletions(-)