projects / linux.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 42a681d) | patch
sg_write()/bsg_write() is not fit to be called under KERNEL_DS
authorAl Viro <viro@zeniv.linux.org.uk>
Fri, 16 Dec 2016 18:42:06 +0000 (13:42 -0500)
committerBen Hutchings <ben@decadent.org.uk>
Wed, 4 Jan 2017 19:39:36 +0000 (19:39 +0000)
commit91866ed73c696a7109f90674554500096146a420
tree033bf637154655d62c2ef64ddacd8b34faf6a394tree | snapshot
parent42a681de5f862c2ea33859ead97f185d7122023acommit | diff
sg_write()/bsg_write() is not fit to be called under KERNEL_DS

Both damn things interpret userland pointers embedded into the payload;
worse, they are actually traversing those.  Leaving aside the bad
API design, this is very much _not_ safe to call with KERNEL_DS.
Bail out early if that happens.

Cc: stable@vger.kernel.org
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Gbp-Pq: Topic bugfix/all
Gbp-Pq: Name sg_write-bsg_write-is-not-fit-to-be-called-under-KER.patch
block/bsg.c diff | blob | history
drivers/scsi/sg.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.