y
between the data obtained in the two copies. In case an inconsistency is
detected, an error code -EINVAL will be returned.
Signed-off-by: Wenwen Wang
---
drivers/virt/vboxguest/vboxguest_linux.c | 11 ++-
1 file changed, 6 insertions(+), 5 deletions(-)
diff --git a/drivers/virt/
in the first copy and only copies the
remaining part of the command from userspace.
Signed-off-by: Wenwen Wang <wang6...@umn.edu>
---
drivers/scsi/sg.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/scsi/sg.c b/drivers/scsi/sg.c
index c198b963..0ad8106
in the first copy and only copies the
remaining part of the command from userspace.
Signed-off-by: Wenwen Wang
---
drivers/scsi/sg.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/scsi/sg.c b/drivers/scsi/sg.c
index c198b963..0ad8106 100644
--- a/drivers/scsi/sg.c
+++ b
inconsistent data.
To avoid such issues, this patch adds a check after the second copy in the
function diva_xdi_write(). If the adapter number is not equal to the one
obtained in the first copy, (-4) will be returned to divas_write(), which
will then return an error code -EINVAL.
Signed-off-by: Wenwen Wang
inconsistent data.
To avoid such issues, this patch adds a check after the second copy in the
function diva_xdi_write(). If the adapter number is not equal to the one
obtained in the first copy, (-4) will be returned to divas_write(), which
will then return an error code -EINVAL.
Signed-off-by: Wenwen Wang
as to ensure these
checks will not be bypassed.
Signed-off-by: Wenwen Wang <wang6...@umn.edu>
---
drivers/crypto/chelsio/chtls/chtls_main.c | 10 +++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/drivers/crypto/chelsio/chtls/chtls_main.c
b/drivers/crypto/chelsio/chtls/chtls_
as to ensure these
checks will not be bypassed.
Signed-off-by: Wenwen Wang
---
drivers/crypto/chelsio/chtls/chtls_main.c | 10 +++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/drivers/crypto/chelsio/chtls/chtls_main.c
b/drivers/crypto/chelsio/chtls/chtls_main.c
index 007c45c
and a malicious userspace process can race to change the 'type'
field between the two copies to cause inconsistent data. Depending on how
the data is used in the future, such an inconsistency may cause potential
security risks.
For above reasons, we should take out the second copy.
Signed-off-by: Wenwen
and a malicious userspace process can race to change the 'type'
field between the two copies to cause inconsistent data. Depending on how
the data is used in the future, such an inconsistency may cause potential
security risks.
For above reasons, we should take out the second copy.
Signed-off-by: Wenwen
transferred messages 'status' is not
equal to 'num'.
Signed-off-by: Wenwen Wang <wang6...@umn.edu>
---
drivers/i2c/i2c-core-smbus.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/i2c/i2c-core-smbus.c b/drivers/i2c/i2c-core-smbus.c
index 7d7700f..e7a2d2f 100644
--- a/drivers/i
transferred messages 'status' is not
equal to 'num'.
Signed-off-by: Wenwen Wang
---
drivers/i2c/i2c-core-smbus.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/i2c/i2c-core-smbus.c b/drivers/i2c/i2c-core-smbus.c
index 7d7700f..e7a2d2f 100644
--- a/drivers/i2c/i2c-core-smbus.c
+++ b
error
message.
This patch initializes the first byte of msgbuf1 with 0 to avoid such
undefined behaviors or security issues.
Signed-off-by: Wenwen Wang <wang6...@umn.edu>
---
drivers/i2c/i2c-core-smbus.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/i2c/i2c-core-smbus.c b/drivers/
error
message.
This patch initializes the first byte of msgbuf1 with 0 to avoid such
undefined behaviors or security issues.
Signed-off-by: Wenwen Wang
---
drivers/i2c/i2c-core-smbus.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/i2c/i2c-core-smbus.c b/drivers/i2c/i2c-core-smbus.c
On Sat, May 5, 2018 at 5:28 AM, Peter Rosin <p...@axentia.se> wrote:
> On 2018-05-05 03:43, Wenwen Wang wrote:
>> In i2c_smbus_xfer_emulated(), there are two buffers: msgbuf0 and msgbuf1,
>> which are used to save a series of messages, as mentioned in the comment.
>
On Sat, May 5, 2018 at 5:28 AM, Peter Rosin wrote:
> On 2018-05-05 03:43, Wenwen Wang wrote:
>> In i2c_smbus_xfer_emulated(), there are two buffers: msgbuf0 and msgbuf1,
>> which are used to save a series of messages, as mentioned in the comment.
>> According to the value
the 'ioc_number' copied after the
second copy to make sure it is not changed since the first copy.
Signed-off-by: Wenwen Wang <wang6...@umn.edu>
---
drivers/scsi/mpt3sas/mpt3sas_ctl.c | 5 +
1 file changed, 5 insertions(+)
diff --git a/drivers/scsi/mpt3sas/mpt3sas_ctl.c
b/drivers/scsi/m
the 'ioc_number' copied after the
second copy to make sure it is not changed since the first copy.
Signed-off-by: Wenwen Wang
---
drivers/scsi/mpt3sas/mpt3sas_ctl.c | 5 +
1 file changed, 5 insertions(+)
diff --git a/drivers/scsi/mpt3sas/mpt3sas_ctl.c
b/drivers/scsi/mpt3sas/mpt3sas_ctl.c
index
(). If 'type' is modified by user, there
could be some issues such as uninitialized uses.
To fix this problem, we need to recheck the type after the second fetch to
make sure it is not UHID_CREATE.
Signed-off-by: Wenwen Wang <wang6...@umn.edu>
---
drivers/hid/uhid.c | 10 --
1 file chan
(). If 'type' is modified by user, there
could be some issues such as uninitialized uses.
To fix this problem, we need to recheck the type after the second fetch to
make sure it is not UHID_CREATE.
Signed-off-by: Wenwen Wang
---
drivers/hid/uhid.c | 10 --
1 file changed, 8 insertions(+), 2
demonstrated in the error
message.
This patch checks the return value of i2c_transfer() and also initializes
the first byte of msgbuf1 with 0 to avoid undefined behaviors or security
issues.
Signed-off-by: Wenwen Wang <wang6...@umn.edu>
---
drivers/i2c/i2c-core-smbus.c | 3 +++
1 file chan
demonstrated in the error
message.
This patch checks the return value of i2c_transfer() and also initializes
the first byte of msgbuf1 with 0 to avoid undefined behaviors or security
issues.
Signed-off-by: Wenwen Wang
---
drivers/i2c/i2c-core-smbus.c | 3 +++
1 file changed, 3 insertions(+)
diff --
On Fri, May 4, 2018 at 10:38 AM, Peter Rosin <p...@axentia.se> wrote:
> On 2018-05-04 16:59, Wenwen Wang wrote:
>> On Fri, May 4, 2018 at 2:27 AM, Peter Rosin <p...@axentia.se> wrote:
>>> On 2018-05-04 09:17, Wenwen Wang wrote:
>>>> On Fri, May 4, 201
On Fri, May 4, 2018 at 10:38 AM, Peter Rosin wrote:
> On 2018-05-04 16:59, Wenwen Wang wrote:
>> On Fri, May 4, 2018 at 2:27 AM, Peter Rosin wrote:
>>> On 2018-05-04 09:17, Wenwen Wang wrote:
>>>> On Fri, May 4, 2018 at 1:49 AM, Peter Rosin wrote:
>>>&g
On Fri, May 4, 2018 at 2:27 AM, Peter Rosin <p...@axentia.se> wrote:
> On 2018-05-04 09:17, Wenwen Wang wrote:
>> On Fri, May 4, 2018 at 1:49 AM, Peter Rosin <p...@axentia.se> wrote:
>>> On 2018-05-04 07:28, Wenwen Wang wrote:
>>>> On Fri, May 4, 2018
On Fri, May 4, 2018 at 2:27 AM, Peter Rosin wrote:
> On 2018-05-04 09:17, Wenwen Wang wrote:
>> On Fri, May 4, 2018 at 1:49 AM, Peter Rosin wrote:
>>> On 2018-05-04 07:28, Wenwen Wang wrote:
>>>> On Fri, May 4, 2018 at 12:04 AM, Peter Rosin wrote:
>>>&g
On Fri, May 4, 2018 at 5:08 AM, Dilger, Andreas
<andreas.dil...@intel.com> wrote:
> On May 3, 2018, at 22:19, Wenwen Wang <wang6...@umn.edu> wrote:
>>
>> On Tue, May 1, 2018 at 3:46 AM, Dan Carpenter <dan.carpen...@oracle.com>
>> wrote:
>>> On Mo
On Fri, May 4, 2018 at 5:08 AM, Dilger, Andreas
wrote:
> On May 3, 2018, at 22:19, Wenwen Wang wrote:
>>
>> On Tue, May 1, 2018 at 3:46 AM, Dan Carpenter
>> wrote:
>>> On Mon, Apr 30, 2018 at 05:56:10PM -0500, Wenwen Wang wrote:
>>>> However, given th
such as null pointer
dereference.
This patch saves the pointer returned by the first invocation and removes
the second invocation. If the returned pointer is not NULL, the memory
content is copied according to the original code.
Signed-off-by: Wenwen Wang <wang6...@umn.edu>
---
drivers/staging
such as null pointer
dereference.
This patch saves the pointer returned by the first invocation and removes
the second invocation. If the returned pointer is not NULL, the memory
content is copied according to the original code.
Signed-off-by: Wenwen Wang
---
drivers/staging/media/atomisp/pci
On Fri, May 4, 2018 at 1:49 AM, Peter Rosin <p...@axentia.se> wrote:
> On 2018-05-04 07:28, Wenwen Wang wrote:
>> On Fri, May 4, 2018 at 12:04 AM, Peter Rosin <p...@axentia.se> wrote:
>>> On 2018-05-04 06:08, Wenwen Wang wrote:
>>>> On Thu, May 3, 201
On Fri, May 4, 2018 at 1:49 AM, Peter Rosin wrote:
> On 2018-05-04 07:28, Wenwen Wang wrote:
>> On Fri, May 4, 2018 at 12:04 AM, Peter Rosin wrote:
>>> On 2018-05-04 06:08, Wenwen Wang wrote:
>>>> On Thu, May 3, 2018 at 3:34 PM, Peter Rosin wrote:
>>>&g
Signed-off-by: Wenwen Wang <wang6...@umn.edu>
---
net/sched/cls_rsvp.h | 3 +++
1 file changed, 3 insertions(+)
diff --git a/net/sched/cls_rsvp.h b/net/sched/cls_rsvp.h
index 4f12976..7ced8fc 100644
--- a/net/sched/cls_rsvp.h
+++ b/net/sched/cls_rsvp.h
@@ -590,6 +590,9 @@ static int rsvp_chan
Signed-off-by: Wenwen Wang
---
net/sched/cls_rsvp.h | 3 +++
1 file changed, 3 insertions(+)
diff --git a/net/sched/cls_rsvp.h b/net/sched/cls_rsvp.h
index 4f12976..7ced8fc 100644
--- a/net/sched/cls_rsvp.h
+++ b/net/sched/cls_rsvp.h
@@ -590,6 +590,9 @@ static int rsvp_change(struct net *net, st
On Fri, May 4, 2018 at 12:27 AM, Dan Carpenter wrote:
> There is no security problem here. The user is allowed to choose either
> v1 or v3. Using a double read race condition to choose v1 is not
> going to cause problems. It's slightly more complicated than just
>
On Fri, May 4, 2018 at 12:27 AM, Dan Carpenter wrote:
> There is no security problem here. The user is allowed to choose either
> v1 or v3. Using a double read race condition to choose v1 is not
> going to cause problems. It's slightly more complicated than just
> choosing it directly but that
On Fri, May 4, 2018 at 12:04 AM, Peter Rosin <p...@axentia.se> wrote:
> On 2018-05-04 06:08, Wenwen Wang wrote:
>> On Thu, May 3, 2018 at 3:34 PM, Peter Rosin <p...@axentia.se> wrote:
>>> On 2018-05-03 00:36, Wenwen Wang wrote:
>>>> In i2c_smbus_xfer_
On Fri, May 4, 2018 at 12:04 AM, Peter Rosin wrote:
> On 2018-05-04 06:08, Wenwen Wang wrote:
>> On Thu, May 3, 2018 at 3:34 PM, Peter Rosin wrote:
>>> On 2018-05-03 00:36, Wenwen Wang wrote:
>>>> In i2c_smbus_xfer_emulated(), there are two buffers: msgbuf0 an
On Tue, May 1, 2018 at 3:46 AM, Dan Carpenter <dan.carpen...@oracle.com> wrote:
> On Mon, Apr 30, 2018 at 05:56:10PM -0500, Wenwen Wang wrote:
>> However, given that the user data resides in the user space, a malicious
>> user-space process can race to change the data b
On Tue, May 1, 2018 at 3:46 AM, Dan Carpenter wrote:
> On Mon, Apr 30, 2018 at 05:56:10PM -0500, Wenwen Wang wrote:
>> However, given that the user data resides in the user space, a malicious
>> user-space process can race to change the data between the two copies. By
>> d
On Thu, May 3, 2018 at 3:34 PM, Peter Rosin <p...@axentia.se> wrote:
> On 2018-05-03 00:36, Wenwen Wang wrote:
>> In i2c_smbus_xfer_emulated(), there are two buffers: msgbuf0 and msgbuf1,
>> which are used to save a series of messages, as mentioned in the comment.
>
On Thu, May 3, 2018 at 3:34 PM, Peter Rosin wrote:
> On 2018-05-03 00:36, Wenwen Wang wrote:
>> In i2c_smbus_xfer_emulated(), there are two buffers: msgbuf0 and msgbuf1,
>> which are used to save a series of messages, as mentioned in the comment.
>> According to the value
On Thu, May 3, 2018 at 8:39 AM, Marcelo Ricardo Leitner
<marcelo.leit...@gmail.com> wrote:
> On Thu, May 03, 2018 at 08:31:28AM -0500, Wenwen Wang wrote:
>> On Thu, May 3, 2018 at 7:46 AM, Marcelo Ricardo Leitner
>> <marcelo.leit...@gmail.com> wrote:
>> > On T
On Thu, May 3, 2018 at 8:39 AM, Marcelo Ricardo Leitner
wrote:
> On Thu, May 03, 2018 at 08:31:28AM -0500, Wenwen Wang wrote:
>> On Thu, May 3, 2018 at 7:46 AM, Marcelo Ricardo Leitner
>> wrote:
>> > On Thu, May 03, 2018 at 07:01:51AM -0500, Wenwen Wang wrote:
>>
On Thu, May 3, 2018 at 7:46 AM, Marcelo Ricardo Leitner
<marcelo.leit...@gmail.com> wrote:
> On Thu, May 03, 2018 at 07:01:51AM -0500, Wenwen Wang wrote:
>> On Wed, May 2, 2018 at 8:48 PM, Marcelo Ricardo Leitner
>> <marcelo.leit...@gmail.com> wrote:
>> > On W
On Thu, May 3, 2018 at 7:46 AM, Marcelo Ricardo Leitner
wrote:
> On Thu, May 03, 2018 at 07:01:51AM -0500, Wenwen Wang wrote:
>> On Wed, May 2, 2018 at 8:48 PM, Marcelo Ricardo Leitner
>> wrote:
>> > On Wed, May 02, 2018 at 08:27:05PM -0500, Wenwen Wang wrote:
>>
On Wed, May 2, 2018 at 8:48 PM, Marcelo Ricardo Leitner
<marcelo.leit...@gmail.com> wrote:
> On Wed, May 02, 2018 at 08:27:05PM -0500, Wenwen Wang wrote:
>> On Wed, May 2, 2018 at 8:24 PM, Marcelo Ricardo Leitner
>> <marcelo.leit...@gmail.com> wrote:
>> > On W
On Wed, May 2, 2018 at 8:48 PM, Marcelo Ricardo Leitner
wrote:
> On Wed, May 02, 2018 at 08:27:05PM -0500, Wenwen Wang wrote:
>> On Wed, May 2, 2018 at 8:24 PM, Marcelo Ricardo Leitner
>> wrote:
>> > On Wed, May 02, 2018 at 08:15:45PM -0500, Wenwen Wang wrote:
>>
On Wed, May 2, 2018 at 8:24 PM, Marcelo Ricardo Leitner
<marcelo.leit...@gmail.com> wrote:
> On Wed, May 02, 2018 at 08:15:45PM -0500, Wenwen Wang wrote:
>> In sctp_setsockopt_maxseg(), the integer 'val' is compared against min_len
>> and max_len to check whether it is in
On Wed, May 2, 2018 at 8:24 PM, Marcelo Ricardo Leitner
wrote:
> On Wed, May 02, 2018 at 08:15:45PM -0500, Wenwen Wang wrote:
>> In sctp_setsockopt_maxseg(), the integer 'val' is compared against min_len
>> and max_len to check whether it is in the appropriate range. If it is n
ned.
Signed-off-by: Wenwen Wang <wang6...@umn.edu>
---
net/sctp/socket.c | 22 +++---
1 file changed, 11 insertions(+), 11 deletions(-)
diff --git a/net/sctp/socket.c b/net/sctp/socket.c
index 80835ac..03e1cc3 100644
--- a/net/sctp/socket.c
+++ b/net/sctp/socket.c
@@ -3212,
ned.
Signed-off-by: Wenwen Wang
---
net/sctp/socket.c | 22 +++---
1 file changed, 11 insertions(+), 11 deletions(-)
diff --git a/net/sctp/socket.c b/net/sctp/socket.c
index 80835ac..03e1cc3 100644
--- a/net/sctp/socket.c
+++ b/net/sctp/socket.c
@@ -3212,6 +3212,7 @@ static
Hi Marcelo,
I guess I worked on an old version of the kernel. I will re-submit the
patch. Sorry :(
Wenwen
On Wed, May 2, 2018 at 6:23 PM, Marcelo Ricardo Leitner
<marcelo.leit...@gmail.com> wrote:
> Hi Wenwen,
>
> On Wed, May 02, 2018 at 05:12:45PM -0500, We
Hi Marcelo,
I guess I worked on an old version of the kernel. I will re-submit the
patch. Sorry :(
Wenwen
On Wed, May 2, 2018 at 6:23 PM, Marcelo Ricardo Leitner
wrote:
> Hi Wenwen,
>
> On Wed, May 02, 2018 at 05:12:45PM -0500, Wenwen Wang wrote:
>> In sctp_setsockopt_maxseg
such as null pointer
dereference.
This patch saves the pointer returned by the first invocation and removes
the second invocation. If the returned pointer is not NULL, the memory
content is copied according to the original code.
Signed-off-by: Wenwen Wang <wang6...@umn.edu>
---
drivers/staging
such as null pointer
dereference.
This patch saves the pointer returned by the first invocation and removes
the second invocation. If the returned pointer is not NULL, the memory
content is copied according to the original code.
Signed-off-by: Wenwen Wang
---
drivers/staging/media/atomisp/pci
er msgbuf1 with 0 to avoid undefined
behaviors or security issues.
Signed-off-by: Wenwen Wang <wang6...@umn.edu>
---
drivers/i2c/i2c-core-smbus.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/i2c/i2c-core-smbus.c b/drivers/i2c/i2c-core-smbus.c
index b5aec33..0fcc
er msgbuf1 with 0 to avoid undefined
behaviors or security issues.
Signed-off-by: Wenwen Wang
---
drivers/i2c/i2c-core-smbus.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/i2c/i2c-core-smbus.c b/drivers/i2c/i2c-core-smbus.c
index b5aec33..0fcca75 100644
--- a/drivers/
ned.
Signed-off-by: Wenwen Wang <wang6...@umn.edu>
---
net/sctp/socket.c | 21 ++---
1 file changed, 10 insertions(+), 11 deletions(-)
diff --git a/net/sctp/socket.c b/net/sctp/socket.c
index 80835ac..2beb601 100644
--- a/net/sctp/socket.c
+++ b/net/sctp/socket.c
@@ -3212,
ned.
Signed-off-by: Wenwen Wang
---
net/sctp/socket.c | 21 ++---
1 file changed, 10 insertions(+), 11 deletions(-)
diff --git a/net/sctp/socket.c b/net/sctp/socket.c
index 80835ac..2beb601 100644
--- a/net/sctp/socket.c
+++ b/net/sctp/socket.c
@@ -3212,6 +3212,7 @@ static
ication to
l->backlog[imp].len (if imp is TIPC_SYSTEM_IMPORTANCE) to avoid such
security issues. An error code will be returned if an unexpected value of
l->backlog[imp].len is generated.
Signed-off-by: Wenwen Wang <wang6...@umn.edu>
---
net/tipc/link.c | 5 +
1 file changed, 5
ication to
l->backlog[imp].len (if imp is TIPC_SYSTEM_IMPORTANCE) to avoid such
security issues. An error code will be returned if an unexpected value of
l->backlog[imp].len is generated.
Signed-off-by: Wenwen Wang
---
net/tipc/link.c | 5 +
1 file changed, 5 insertions(+)
diff -
., LOV_USER_MAGIC_V3, an error code will be
returned: -EINVAL.
Signed-off-by: Wenwen Wang <wang6...@umn.edu>
---
drivers/staging/lustre/lustre/llite/dir.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/staging/lustre/lustre/llite/dir.c
b/drivers/staging/lustre/lustre/llite/dir.c
., LOV_USER_MAGIC_V3, an error code will be
returned: -EINVAL.
Signed-off-by: Wenwen Wang
---
drivers/staging/lustre/lustre/llite/dir.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/staging/lustre/lustre/llite/dir.c
b/drivers/staging/lustre/lustre/llite/dir.c
index d10d272..80d44ca
On Mon, Apr 30, 2018 at 5:38 PM, Dilger, Andreas
<andreas.dil...@intel.com> wrote:
> On Apr 29, 2018, at 07:20, Greg Kroah-Hartman <gre...@linuxfoundation.org>
> wrote:
>>
>> On Sat, Apr 28, 2018 at 04:04:25PM +, Dilger, Andreas wrote:
>>> On Apr
On Mon, Apr 30, 2018 at 5:38 PM, Dilger, Andreas
wrote:
> On Apr 29, 2018, at 07:20, Greg Kroah-Hartman
> wrote:
>>
>> On Sat, Apr 28, 2018 at 04:04:25PM +, Dilger, Andreas wrote:
>>> On Apr 27, 2018, at 17:45, Wenwen Wang wrote:
>>>> [PATCH] stagin
tually
copied to user-space. This inconsistent data may also cause undefined
behaviors based on how ops->get_rxnfc() is implemented.
This patch simply re-verifies the flow_type field of "info" after the
second copy. If the value is not as expected, an error code will be
returned.
tually
copied to user-space. This inconsistent data may also cause undefined
behaviors based on how ops->get_rxnfc() is implemented.
This patch simply re-verifies the flow_type field of "info" after the
second copy. If the value is not as expected, an error code will be
returne
er msgbuf1 with 0 to avoid undefined
behaviors or security issues.
Signed-off-by: Wenwen Wang <wang6...@umn.edu>
---
drivers/i2c/i2c-core-smbus.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/i2c/i2c-core-smbus.c b/drivers/i2c/i2c-core-smbus.c
index b5aec33..0fcc
er msgbuf1 with 0 to avoid undefined
behaviors or security issues.
Signed-off-by: Wenwen Wang
---
drivers/i2c/i2c-core-smbus.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/i2c/i2c-core-smbus.c b/drivers/i2c/i2c-core-smbus.c
index b5aec33..0fcca75 100644
--- a/drivers/
tually
copied to user-space. This inconsistent data may also cause undefined
behaviors based on how ops->get_rxnfc() is implemented.
This patch re-verifies the flow_type field of "info" after the second copy.
If the value is not as expected, an error code will be returned.
Signed-off
tually
copied to user-space. This inconsistent data may also cause undefined
behaviors based on how ops->get_rxnfc() is implemented.
This patch re-verifies the flow_type field of "info" after the second copy.
If the value is not as expected, an error code will be returned.
Signed-
On Sun, Apr 29, 2018 at 8:20 AM, Greg Kroah-Hartman
<gre...@linuxfoundation.org> wrote:
> On Sat, Apr 28, 2018 at 04:04:25PM +, Dilger, Andreas wrote:
>> On Apr 27, 2018, at 17:45, Wenwen Wang <wang6...@umn.edu> wrote:
>> > [PATCH] staging: luster: llite: fix po
On Sun, Apr 29, 2018 at 8:20 AM, Greg Kroah-Hartman
wrote:
> On Sat, Apr 28, 2018 at 04:04:25PM +, Dilger, Andreas wrote:
>> On Apr 27, 2018, at 17:45, Wenwen Wang wrote:
>> > [PATCH] staging: luster: llite: fix potential missing-check bug when
>> > copying lumv
&
such as null pointer
dereference.
This patch saves the pointer returned by the first invocation and removes
the second invocation. If the returned pointer is not NULL, the memory
content is copied according to the original code.
Signed-off-by: Wenwen Wang <wang6...@umn.edu>
---
drivers/staging
such as null pointer
dereference.
This patch saves the pointer returned by the first invocation and removes
the second invocation. If the returned pointer is not NULL, the memory
content is copied according to the original code.
Signed-off-by: Wenwen Wang
---
drivers/staging/media/atomisp/pci
., LOV_USER_MAGIC_V3, an error code will be
returned: -EINVAL.
Signed-off-by: Wenwen Wang <wang6...@umn.edu>
---
drivers/staging/lustre/lustre/llite/dir.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/staging/lustre/lustre/llite/dir.c
b/drivers/staging/lustre/lustre/llite/dir.c
., LOV_USER_MAGIC_V3, an error code will be
returned: -EINVAL.
Signed-off-by: Wenwen Wang
---
drivers/staging/lustre/lustre/llite/dir.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/staging/lustre/lustre/llite/dir.c
b/drivers/staging/lustre/lustre/llite/dir.c
index d10d272..80d44ca
201 - 277 of 277 matches
Mail list logo