From 5bb71b55a21adae6858bc008834b8806abbb4405 Mon Sep 17 00:00:00 2001
From: Eric Sesterhenn
Date: Fri, 13 Oct 2017 20:31:07 +0200
Subject: [PATCH] Prevent out of bound reads in asn1_decoder
In some cases the asn1_decoder supplies the callback
functions with invalid parameters, which causes them
This prevents the snprintf to cause a WARN_ON_ONCE if
rem gets negative. This can happen if an earlier snprintf
truncates the string but returns the length it would require
to print the full string.
Signed-off-by: Eric Sesterhenn
---
drivers/gpu/drm/msm/msm_perf.c | 12 +++-
1 file
snprintf can return a value bigger than remain if the string does not fit.
Signed-off-by: Eric Sesterhenn
---
fs/ocfs2/stackglue.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/ocfs2/stackglue.c b/fs/ocfs2/stackglue.c
index d6c350ba25b9..b00d67b4cf43 100644
--- a/fs
When snprintf truncates the string, size might underflow
causing a WARN_ON_ONCE in the snprintf in the next iteration.
Signed-off-by: Eric Sesterhenn
---
drivers/edac/thunderx_edac.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/edac/thunderx_edac.c b/drivers/edac
Handle the snprintf calculations more gracefully in case snprintf
truncates the string.
Signed-off-by: Eric Sesterhenn
---
net/netfilter/x_tables.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/net/netfilter/x_tables.c b/net/netfilter/x_tables.c
index c83a3b5e1c6c..327617acbf05 100644
snprintf might return a value bigger than limit when the string gets
truncated, which would cause the return value to become bogus.
Signed-off-by: Eric Sesterhenn
---
fs/9p/v9fs.c | 4
1 file changed, 4 insertions(+)
diff --git a/fs/9p/v9fs.c b/fs/9p/v9fs.c
index 8fb89ddc6cc7
snprintf can return a value bigger than the size of the buffer,
in this case we return a size that is longer than the string.
Signed-off-by: Eric Sesterhenn
---
fs/debugfs/file.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/fs/debugfs/file.c b/fs/debugfs/file.c
index 6dabc4a10396
snprintf can return a value bigger than remain if the string does not fit.
Signed-off-by: Eric Sesterhenn
---
fs/ocfs2/filecheck.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/ocfs2/filecheck.c b/fs/ocfs2/filecheck.c
index 2cabbcf2f28e..66d8aee30d0f 100644
--- a/fs
, since
it checks that size < INT_MAX.
These patches prevent these warnings.
Eric Sesterhenn (7):
Handle snprintf calculations in x_tables
Handle snprintf calculation in stackglue
Fix snprintf calculation in filecheck
Prevent u32_format_array from returning a size too big
Handle snpri
imers will be used for per-cpu timer
Original patch by Peter Neubauer
(http://www.mail-archive.com/soekris-tech@lists.soekris.com/msg06462.html)
slightly modified by Conrad Kostecki and massaged
accoring to Thomas Gleixners by me.
Signed-off-by: Eric Sesterhenn
---
I am not quite sure how to in
hi,
On 09/09/2014 05:26 PM, H. Peter Anvin wrote:
> On 09/09/2014 07:54 AM, Thomas Gleixner wrote:
>>
>> @hpa: You asked whether this might affect any other e6xx devices.
>>
>> According to the atom e6xx-series datasheet the HPET is non optional
>> and always memory mapped to 0xfed0. I don't s
en
> by them. Output is via serial port only.
> At least I know, that the technical engineers at Soekris respond on
> sa...@soekris.com.
>
> Maybe the patch could be extended, that HPET would be only enabled if
> there is no ACPI present?
we are facing the same issue with thes
avoid a warning, i didnt remove it completely since it is part
of the internal api (matching unqueue_me())
Signed-off-by: Eric Sesterhenn <[EMAIL PROTECTED]>
--- linux/kernel/futex.c.orig 2008-01-25 09:53:28.0 +0100
+++ linux/kernel/futex.c2008-01-25 10:01:53.0
* Peter Zijlstra ([EMAIL PROTECTED]) wrote:
> On Mon, 2007-11-05 at 13:44 +0100, Eric Sesterhenn wrote:
> > * Peter Zijlstra ([EMAIL PROTECTED]) wrote:
> > > On Fri, 2007-11-02 at 13:36 +0100, Eric Sesterhenn wrote:
> > > > hi,
> > > >
> > > &g
* Peter Zijlstra ([EMAIL PROTECTED]) wrote:
> On Fri, 2007-11-02 at 13:36 +0100, Eric Sesterhenn wrote:
> > hi,
> >
> > I get the following crash with 2.6.24-rc1-g54866f03, the last version I
> > tested which booted fine was 2.6.24-rc1-gb1d08ac0
> >
>
> H
* Rafael J. Wysocki ([EMAIL PROTECTED]) wrote:
> On Friday, 2 November 2007 13:36, Eric Sesterhenn wrote:
> > hi,
> >
> > I get the following crash with 2.6.24-rc1-g54866f03, the last version I
> > tested which booted fine was 2.6.24-rc1-gb1d08ac0
>
> D
hi,
I get the following crash with 2.6.24-rc1-g54866f03, the last version I
tested which booted fine was 2.6.24-rc1-gb1d08ac0
Netconsole was active, so i took a picture:
http://www.cccmz.de/~snakebyte/pdrm2410.jpg
Here is the message typed:
BUG: unable to handle kernel paging request at virtual
* Venki Pallipadi ([EMAIL PROTECTED]) wrote:
> Can you check the test patch below (over latest git) and let me know whether
> it
> resolves the issue.
>
the patch fixes the issue for me,
thanks a lot.
Eric
> Enable C3 without bm control only for CST based C3.
>
> Signed-off-by: Venkatesh Pall
* Pallipadi, Venkatesh ([EMAIL PROTECTED]) wrote:
> This means things should work fine with processor.max_cstate=2 boot
> option
> as well. Can you please double check that.
yes, system boots fine with this kernel parameter
> Also, please send in the acpidump from your system.
here we go, if you
* Michal Piotrowski ([EMAIL PROTECTED]) wrote:
> Hi Eric,
>
> On 26/07/07, Eric Sesterhenn / Snakebyte <[EMAIL PROTECTED]> wrote:
> > * Len Brown ([EMAIL PROTECTED]) wrote:
> > > > > > > [ 13.506890] ACPI Exception (processor_throttling-0084):
&
* Len Brown ([EMAIL PROTECTED]) wrote:
> > > > > [ 13.506890] ACPI Exception (processor_throttling-0084):
> > > > > AE_NOT_FOUND, Evaluating _PTC [20070126]
> > > > > [ 13.507101] ACPI Exception (processor_throttling-0147):
> > > > > AE_NOT_FOUND, Evaluating _TSS [20070126]
>
> Note that the
* Michal Piotrowski ([EMAIL PROTECTED]) wrote:
> On 24/07/07, Eric Sesterhenn / Snakebyte <[EMAIL PROTECTED]> wrote:
> > see second 13 to 510, after pressing it about ten
> > times, it continues booting.
>
> Probing IDE interface...
>
> [ 13.867939] VP_IDE:
y optimize the if away entirely and changes the unlikely() to a
likely().
Remaining problem is, that if likely/unlikely profiling is turned on,
gcc does not optimize away a likely(0), and they still show up in the
stats... guess heisenbug is involved in this :-)
Signed-off-by: Eric Sesterhe
hi,
i got the following BUG while running the syscalls.sh
from ltp-full-20070531 on an ext3 partition, it is easily reproducible
for me
[ 476.338068] [ cut here ]
[ 476.338223] kernel BUG at fs/buffer.c:1821!
[ 476.338324] invalid opcode: [#1]
[ 476.338423] PREEMP
hi,
another coverity patch i forgot to resend,
original thread here
http://marc.info/?l=linux-kernel&m=115144559823592&w=2
In case drive == N_DRIVE, we get one past the drive_params array.
Signed-off-by: Eric Sesterhenn <[EMAIL PROTECTED]>
--- linux-2.6/drivers/block/floppy.c.o
hi,
while running my usual stuff on 2.6.20-rc1-git5, sfuzz
(http://www.digitaldwarf.be/products/sfuzz.c)
did the following, to produce the lockdep warning below:
socket(1, 3, 1)
accept(3,
"\x54\x1f\x6d\x30\x0b\x0b\x44\xb2\x6c\x57\x8f\xcd\x12\x8b\x67\xa0", 32)
accept(3,
"\x7d\xa
826ab8
[ 851.811572]
On a damaged filesystem we might have a full stack and should
not progress further, and return instead of calling BUG()
Signed-off-by: Eric Sesterhenn
--- linux-2.6.19/fs/jfs/jfs_xtree.c.orig2006-12-18 14:37:07.0
+0100
+++ linux-2.6.19/fs/jfs/jfs_xtree.c 2006
27 matches
Mail list logo
