mirror/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
2c2ed8bfd899b84ecbf71d28fcc2cc4ace36c8d9
linux/drivers/scsi
History
David Jeffery 2c2ed8bfd8 [SCSI] st: fix possible memory use after free after MTSETBLK ioctl 
A memory use after free bug can manifest if the MTSETBLK or SET_DENS_AND_BLK
ioctl features are used to set the tape's blocksize from 0 to non-zero.
After the driver sets the new block size, in this one case it calls
normalize_buffer() to free the device's internal data buffers.  However, the
ioctl code assumes there is always a buffer and does not check or allocate
a buffer if there isn't one.  So any following ioctl calls can corrupt
a part of memory by writing data to memory that the st driver had freed.

This patch removes the normalize_buffer() call and the specialness of
changing from a 0 to non-zero blocksize to fix the possible use of
memory after it has been freed by the st driver.

signed-off-by: David Jeffery <djeffery@redhat.com>
Acked-by: Kai Makisara <kai.makisara@kolumbus.fi>
Signed-off-by: James Bottomley <James.Bottomley@suse.de>
2009-10-02 14:11:58 -05:00
..
aacraid
Replace all DMA_nBIT_MASK macro with DMA_BIT_MASK(n)
2009-04-13 15:04:33 -07:00
aic7xxx
trivial: fix typo in aic7xxx comment
2009-09-21 15:15:53 +02:00
aic7xxx_old
aic94xx
dma-mapping: replace all DMA_32BIT_MASK macro with DMA_BIT_MASK(32)
2009-04-07 08:31:11 -07:00
arcmsr
dma-mapping: replace all DMA_32BIT_MASK macro with DMA_BIT_MASK(32)
2009-04-07 08:31:11 -07:00
arm
Merge branch 'master' into devel
2009-03-28 20:30:18 +00:00
be2iscsi
[SCSI] be2iscsi: Moving to pci_pools v3
2009-10-02 14:01:55 -05:00
bfa
[SCSI] bfa: Brocade BFA FC SCSI driver
2009-10-02 09:47:40 -05:00
bnx2i
[SCSI] libiscsi: iscsi_session_setup to allow for private space
2009-10-02 14:01:39 -05:00
cxgb3i
[SCSI] libiscsi: iscsi_session_setup to allow for private space
2009-10-02 14:01:39 -05:00
device_handler
[SCSI] scsi_dh_rdac: Fix for returning correct mode select cmd return info
2009-10-02 09:45:09 -05:00
dpt
trivial: fix typo milisecond/millisecond for documentation and source comments.
2009-06-12 18:01:46 +02:00
fcoe
includecheck fix: drivers/scsi, libfcoe.c
2009-09-20 16:01:02 +05:30
fnic
[SCSI] fcoe, fnic, libfc: modifies current code paths to use EM anchor list
2009-08-22 17:52:08 -05:00
ibmvscsi
includecheck fix: drivers/scsi, ibmvscsi.c
2009-09-20 16:01:29 +05:30
libfc
[SCSI] libfc: don't swap OX_ID and RX_ID when sending BA_RJT
2009-09-10 12:08:03 -05:00
libsas
[SCSI] libsas: fix wide port hotplug issues
2009-07-30 09:54:39 -05:00
lpfc
[SCSI] Deprecate SCSI_PROT_*_CONVERT operations
2009-10-02 09:46:25 -05:00
megaraid
trivial: fix typo "to to" in multiple files
2009-09-21 15:14:55 +02:00
mpt2sas
[SCSI] mpt2sas: Bump version 02.100.03.00
2009-10-02 09:49:24 -05:00
mvsas
[SCSI] mvsas: Support Areca SAS/SATA HBA, ARC-1300/1320
2009-10-02 09:44:45 -05:00
osd
[SCSI] Merge branch 'linus'
2009-06-12 10:02:03 -05:00
pcmcia
[SCSI] nsp_cs: fix buf overflow
2009-08-22 17:52:22 -05:00
qla2xxx
[SCSI] qla2xxx: Update version number to 8.03.01-k6.
2009-09-12 09:35:23 -05:00
qla4xxx
trivial: fix typo "to to" in multiple files
2009-09-21 15:14:55 +02:00
sym53c8xx_2
sym53c8xx: ratelimit parity errors
2009-06-21 11:12:17 -05:00
.gitignore
[SCSI] 53c7xx: fix removal fallout
2008-01-11 18:22:30 -06:00
3w-9xxx.c
[SCSI] 3w-9xxx: scsi_dma_unmap fix
2009-05-15 12:23:32 -04:00
3w-9xxx.h
[SCSI] 3w-9xxx: add power management support
2009-03-13 15:46:42 -05:00
3w-xxxx.c
[SCSI] 3w-xxxx: scsi_dma_unmap fix
2009-05-15 12:24:59 -04:00
3w-xxxx.h
[SCSI] 3w-xxxx: scsi_dma_unmap fix
2009-05-15 12:24:59 -04:00
53c700_d.h_shipped
53c700.c
[SCSI] Let scsi_cmnd->cmnd use request->cmd buffer
2008-05-02 10:18:22 -05:00
53c700.h
53c700.scr
a100u2w.c
dma-mapping: replace all DMA_32BIT_MASK macro with DMA_BIT_MASK(32)
2009-04-07 08:31:11 -07:00
a100u2w.h
a2091.c
[SCSI] a2091: make 2 functions static
2009-04-03 10:17:31 -05:00
a2091.h
[SCSI] a2091: make 2 functions static
2009-04-03 10:17:31 -05:00
a3000.c
[SCSI] a3000: make 2 functions static
2009-04-03 10:17:17 -05:00
a3000.h
[SCSI] a3000: make 2 functions static
2009-04-03 10:17:17 -05:00
a4000t.c
scsi: a4000 - Correct driver unregistration in case of failure
2009-04-22 20:39:06 +02:00
advansys.c
[SCSI] advansys: use request_firmware
2009-04-03 09:25:23 -05:00
aha152x.c
drivers/scsi: use nr_irqs
2008-10-16 16:52:06 +02:00
aha152x.h
[SCSI] aha152x: fix debug mode symbol conflict
2007-08-04 09:11:06 -05:00
aha1542.c
[SCSI] aha1542: minor irq handler cleanups
2008-04-27 12:19:55 -05:00
aha1542.h
aha1740.c
scsi: remove driver_data direct access of struct device
2009-06-15 21:30:27 -07:00
aha1740.h
aic7xxx_old.c
Remove pointless casts from void pointers
2008-02-06 10:41:01 -08:00
atari_NCR5380.c
Remove multiple KERN_ prefixes from printk formats
2009-07-08 10:30:03 -07:00
atari_scsi.c
m68k: section mismatch fixes: Atari SCSI
2009-03-26 21:15:29 +01:00
atari_scsi.h
atp870u.c
dma-mapping: replace all DMA_32BIT_MASK macro with DMA_BIT_MASK(32)
2009-04-07 08:31:11 -07:00
atp870u.h
BusLogic.c
dma-mapping: replace all DMA_32BIT_MASK macro with DMA_BIT_MASK(32)
2009-04-07 08:31:11 -07:00
BusLogic.h
[SCSI] BusLogic: make FlashPoint support x86-32 only
2008-04-07 12:15:44 -05:00
bvme6000_scsi.c
scsi/m68k: Kill NCR_700_detect() warnings
2009-03-24 16:38:25 -07:00
ch.c
[SCSI] ch: Check NULL for kmalloc() return
2009-08-22 17:52:22 -05:00
constants.c
[SCSI] update scsi/constants.c
2009-08-22 17:51:50 -05:00
dc395x.c
[SCSI] Remove random noop unchecked_isa_dma users
2008-04-07 12:15:40 -05:00
dc395x.h
dmx3191d.c
dpt_i2o.c
dma-mapping: replace all DMA_32BIT_MASK macro with DMA_BIT_MASK(32)
2009-04-07 08:31:11 -07:00
dpti.h
drivers/scsi/dpt_i2o.c: fix build on alpha
2008-05-08 10:46:56 -07:00
dtc.c
[SCSI] NCR5380: Fix bugs and canonicalize irq handler usage
2007-11-25 12:19:26 +02:00
dtc.h
eata_generic.h
eata_pio.c
[SCSI] Clean up my email address and use a single standard address for everything
2008-12-29 11:24:12 -06:00
eata_pio.h
eata.c
block: convert to pos and nr_sectors accessors
2009-05-11 09:50:54 +02:00
esp_scsi.c
[SCSI] esp_scsi: Use DIV_ROUND_UP
2008-12-29 11:24:14 -06:00
esp_scsi.h
sparc: Kill SBUS DVMA layer.
2008-08-29 02:13:10 -07:00
fd_mcs.c
[SCSI] fd_mcs: convert to accessors and !use_sg cleanup
2008-01-11 18:22:35 -06:00
fdomain.c
[SCSI] Clean up my email address and use a single standard address for everything
2008-12-29 11:24:12 -06:00
fdomain.h
FlashPoint.c
[SCSI] FlashPoint: fix off-by-one errors
2008-04-27 12:19:55 -05:00
g_NCR5380_mmio.c
g_NCR5380.c
[SCSI] NCR5380: Fix bugs and canonicalize irq handler usage
2007-11-25 12:19:26 +02:00
g_NCR5380.h
gdth_ioctl.h
gdth_proc.c
[SCSI] gdth: fix overlapping snprintf users
2009-06-09 10:31:46 -05:00
gdth_proc.h
block: unify request timeout handling
2008-10-09 08:56:13 +02:00
gdth.c
dma-mapping: replace all DMA_32BIT_MASK macro with DMA_BIT_MASK(32)
2009-04-07 08:31:11 -07:00
gdth.h
block: unify request timeout handling
2008-10-09 08:56:13 +02:00
gvp11.c
[SCSI] a2091, gvp11: kill warn_unused_result warnings
2009-01-02 12:16:18 -06:00
gvp11.h
hosts.c
fix race that can give duplicate host number
2009-06-21 10:52:42 -05:00
hptiop.c
[SCSI] hptiop: Add RR44xx adapter support
2009-10-02 09:45:22 -05:00
hptiop.h
[SCSI] hptiop: Add RR44xx adapter support
2009-10-02 09:45:22 -05:00
ibmmca.c
[SCSI] Clean up my email address and use a single standard address for everything
2008-12-29 11:24:12 -06:00
imm.c
[SCSI] replace __FUNCTION__ with __func__
2008-07-27 10:31:49 -04:00
imm.h
in2000.c
[SCSI] Clean up my email address and use a single standard address for everything
2008-12-29 11:24:12 -06:00
in2000.h
initio.c
dma-mapping: replace all DMA_32BIT_MASK macro with DMA_BIT_MASK(32)
2009-04-07 08:31:11 -07:00
initio.h
[SCSI] Clean up my email address and use a single standard address for everything
2008-12-29 11:24:12 -06:00
ipr.c
ipr: differentiate pci-x and pci-e based adapters
2009-06-21 10:52:47 -05:00
ipr.h
[SCSI] ipr: fix buffer overflow
2009-08-22 17:52:12 -05:00
ips.c
dma-mapping: replace all DMA_32BIT_MASK macro with DMA_BIT_MASK(32)
2009-04-07 08:31:11 -07:00
ips.h
removed unused #include <linux/version.h>'s
2008-08-23 12:14:12 -07:00
iscsi_tcp.c
[SCSI] libiscsi: iscsi_session_setup to allow for private space
2009-10-02 14:01:39 -05:00
iscsi_tcp.h
[SCSI] iscsi_tcp: hook iscsi_tcp into new libiscsi_tcp module
2008-12-29 11:24:22 -06:00
jazz_esp.c
[SCSI] jazz_esp, sgiwd93, sni_53c710, sun3x_esp: fix platform driver hotplug/coldplug
2008-04-27 12:33:04 -05:00
Kconfig
[SCSI] be2iscsi: add 10Gbps iSCSI - BladeEngine 2 driver
2009-10-02 09:50:33 -05:00
lasi700.c
dma-mapping: replace all DMA_32BIT_MASK macro with DMA_BIT_MASK(32)
2009-04-07 08:31:11 -07:00
libiscsi_tcp.c
libiscsi: don't run scsi eh if iscsi task is making progress
2009-06-21 10:52:39 -05:00
libiscsi.c
[SCSI] libiscsi: iscsi_session_setup to allow for private space
2009-10-02 14:01:39 -05:00
libsrp.c
[SCSI] libsrp: fix memory leak in srp_ring_free()
2009-09-12 09:35:34 -05:00
mac53c94.c
Remove multiple KERN_ prefixes from printk formats
2009-07-08 10:30:03 -07:00
mac53c94.h
mac_esp.c
[SCSI] mac_esp: fix for quadras with two esp chips
2008-12-29 11:24:19 -06:00
mac_scsi.c
m68k: machw.h cleanup
2008-12-28 20:00:03 +01:00
mac_scsi.h
Makefile
[SCSI] be2iscsi: add 10Gbps iSCSI - BladeEngine 2 driver
2009-10-02 09:50:33 -05:00
megaraid.c
dma-mapping: replace all DMA_32BIT_MASK macro with DMA_BIT_MASK(32)
2009-04-07 08:31:11 -07:00
megaraid.h
trivial: typo (en|dis|avail|remove)bale -> (en|dis|avail|remove)able
2009-06-12 18:01:45 +02:00
mesh.c
[SCSI] SCSI: remove dev->power.power_state from mesh driver
2008-06-05 09:23:44 -05:00
mesh.h
mvme16x_scsi.c
scsi/m68k: Kill NCR_700_detect() warnings
2009-03-24 16:38:25 -07:00
mvme147.c
[SCSI] wd33c93: fix up cut and paste error
2008-04-07 12:19:07 -05:00
mvme147.h
ncr53c8xx.c
[SCSI] ncr53c8xx: div reaches -1
2009-06-15 10:09:30 -05:00
ncr53c8xx.h
[SCSI] ncr53c8xx: Call scsi_host_put in release
2007-10-12 14:51:18 -04:00
NCR53c406a.c
[SCSI] remove use_sg_chaining
2008-01-30 13:14:02 -06:00
NCR5380.c
[SCSI] Clean up my email address and use a single standard address for everything
2008-12-29 11:24:12 -06:00
NCR5380.h
[SCSI] NCR5380: Use scsi_eh API for REQUEST_SENSE invocation
2007-10-12 14:55:07 -04:00
NCR_D700.c
[SCSI] NCR_D700: fix IRQ handler return type
2009-05-23 15:44:09 -05:00
NCR_D700.h
NCR_Q720.c
some kmalloc/memset ->kzalloc (tree wide)
2007-07-19 10:04:50 -07:00
NCR_Q720.h
nsp32_debug.c
[SCSI] replace __FUNCTION__ with __func__
2008-07-27 10:31:49 -04:00
nsp32_io.h
nsp32.c
dma-mapping: replace all DMA_32BIT_MASK macro with DMA_BIT_MASK(32)
2009-04-07 08:31:11 -07:00
nsp32.h
removed unused #include <linux/version.h>'s
2008-08-23 12:14:12 -07:00
osst_detect.h
osst_options.h
osst.c
[SCSI] osst: replace scsi_execute_async with the block layer API
2009-03-12 12:58:10 -05:00
osst.h
[SCSI] osst: replace scsi_execute_async with the block layer API
2009-03-12 12:58:10 -05:00
pas16.c
[SCSI] NCR5380: Fix bugs and canonicalize irq handler usage
2007-11-25 12:19:26 +02:00
pas16.h
pmcraid.c
[SCSI] pmcraid: Changed driver prints to scmd/sdev_printk
2009-10-02 09:44:57 -05:00
pmcraid.h
headers: kref.h redux
2009-09-26 10:17:19 -07:00
ppa.c
[SCSI] replace __FUNCTION__ with __func__
2008-07-27 10:31:49 -04:00
ppa.h
ps3rom.c
ps3rom: Use ps3_system_bus_[gs]et_drvdata() instead of direct access
2009-06-16 14:15:46 +10:00
qla1280.c
[SCSI] qla1280: error recovery rewrite
2009-05-20 17:21:13 -05:00
qla1280.h
[SCSI] qla1280: error recovery rewrite
2009-05-20 17:21:13 -05:00
qlogicfas408.c
[SCSI] Clean up my email address and use a single standard address for everything
2008-12-29 11:24:12 -06:00
qlogicfas408.h
qlogicfas.c
[SCSI] remove use_sg_chaining
2008-01-30 13:14:02 -06:00
qlogicpti.c
[SCSI] qlogicpti: use request_firmware
2009-04-03 09:25:23 -05:00
qlogicpti.h
qlogicpti: Convert to pure OF driver.
2008-08-29 02:14:46 -07:00
raid_class.c
[SCSI] struct device - replace bus_id with dev_name(), dev_set_name()
2009-01-02 10:22:16 -06:00
script_asm.pl
scsi_debug.c
[SCSI] scsi_debug: Implement support for DIF Type 2
2009-10-02 09:47:17 -05:00
scsi_devinfo.c
enhance device info matching for multiple tables
2009-06-21 10:52:45 -05:00
scsi_error.c
[SCSI] Retry ADD_TO_MLQUEUE return value for EH commands
2009-10-02 09:46:11 -05:00
scsi_ioctl.c
[SCSI] struct device - replace bus_id with dev_name(), dev_set_name()
2009-01-02 10:22:16 -06:00
scsi_lib_dma.c
scsi_lib.c
Merge branch 'for-2.6.32' of git://git.kernel.dk/linux-2.6-block
2009-09-14 17:55:15 -07:00
scsi_logging.h
scsi_module.c
scsi_netlink.c
[SCSI] fix netlink kernel-doc
2008-10-23 11:42:17 -05:00
scsi_priv.h
driver model: constify attribute groups
2009-09-15 09:50:47 -07:00
scsi_proc.c
proc 2/2: remove struct proc_dir_entry::owner
2009-03-31 01:14:44 +04:00
scsi_sas_internal.h
SCSI: convert struct class_device to struct device
2008-04-19 19:10:33 -07:00
scsi_scan.c
[SCSI] Increase default timeout for INQUIRY
2009-05-20 17:21:13 -05:00
scsi_sysctl.c
[SCSI] small cleanups
2007-07-18 11:16:32 -05:00
scsi_sysfs.c
driver model: constify attribute groups
2009-09-15 09:50:47 -07:00
scsi_tgt_if.c
scsi-tgt: BKL pushdown
2008-07-02 15:06:25 -06:00
scsi_tgt_lib.c
block: cleanup rq->data_len usages
2009-05-11 09:50:55 +02:00
scsi_tgt_priv.h
[SCSI] replace __FUNCTION__ with __func__
2008-07-27 10:31:49 -04:00
scsi_transport_api.h
scsi_transport_fc_internal.h
[SCSI] fc_transport: add target driver support
2007-10-12 14:46:58 -04:00
scsi_transport_fc.c
[SCSI] scsi_transport_fc: fix missing kernel-doc
2009-10-02 09:47:29 -05:00
scsi_transport_iscsi.c
[SCSI] iscsi class: Add logging to scsi_transport_iscsi.c
2009-09-05 09:42:45 -05:00
scsi_transport_sas.c
[SCSI] scsi_transport_sas: fix incorrect duplicate setup of max_phys
2009-08-22 17:52:01 -05:00
scsi_transport_spi.c
scsi_transport_spi: Blacklist Ultrium-3 tape for IU transfers
2009-06-21 10:52:46 -05:00
scsi_transport_srp_internal.h
[SCSI] scsi_transport_srp: remove tgt dependencies
2007-10-12 14:38:09 -04:00
scsi_transport_srp.c
[SCSI] struct device - replace bus_id with dev_name(), dev_set_name()
2009-01-02 10:22:16 -06:00
scsi_typedefs.h
scsi_wait_scan.c
driver synchronization: make scsi_wait_scan more advanced
2009-04-21 19:40:00 -07:00
scsi.c
[SCSI] Fix protection scsi_data_buffer leak
2009-10-02 09:46:52 -05:00
scsi.h
scsicam.c
[SCSI] Add Documentation and integrate into docbook build
2008-01-11 18:22:40 -06:00
sd_dif.c
[SCSI] sd: Detach DIF from block integrity infrastructure
2009-10-02 09:46:39 -05:00
sd.c
[SCSI] sd: Support disks formatted with DIF Type 2
2009-10-02 09:47:04 -05:00
sd.h
[SCSI] sd: Support disks formatted with DIF Type 2
2009-10-02 09:47:04 -05:00
ses.c
[SCSI] ses: update enclosure data on hot add
2009-08-22 17:52:14 -05:00
sg.c
[SCSI] sg: Free data buffers after calling blk_rq_unmap_user
2009-10-02 09:45:58 -05:00
sgiwd93.c
[SCSI] sgiwd93: Fix compilation warning
2009-01-02 10:58:41 -06:00
sim710.c
[SCSI] struct device - replace bus_id with dev_name(), dev_set_name()
2009-01-02 10:22:16 -06:00
sni_53c710.c
dma-mapping: replace all DMA_32BIT_MASK macro with DMA_BIT_MASK(32)
2009-04-07 08:31:11 -07:00
sr_ioctl.c
[SCSI] sr: report more accurate drive status after closing the tray.
2009-04-27 09:32:30 -05:00
sr_vendor.c
drivers/scsi/sr_vendor.c: use bcd2bin
2008-10-20 08:52:41 -07:00
sr.c
[SCSI] sr: consider the last written sector when determining media size
2009-10-02 09:45:46 -05:00
sr.h
[SCSI] sr: fix test unit ready responses
2008-02-07 18:02:44 -06:00
st_options.h
[SCSI] st: add option to use SILI in variable block reads
2008-04-07 12:15:39 -05:00
st.c
[SCSI] st: fix possible memory use after free after MTSETBLK ioctl
2009-10-02 14:11:58 -05:00
st.h
[SCSI] st: remove unused frp_sg_current
2009-01-02 12:02:25 -06:00
stex.c
[SCSI] stex: Add reset code for st_yel (v2)
2009-09-05 08:50:41 -05:00
sun3_NCR5380.c
Remove multiple KERN_ prefixes from printk formats
2009-07-08 10:30:03 -07:00
sun3_scsi_vme.c
[SCSI] sun3_scsi_vme: add MODULE_LICENSE
2008-04-16 09:28:11 -05:00
sun3_scsi.c
[SCSI] NCR5380: Fix bugs and canonicalize irq handler usage
2007-11-25 12:19:26 +02:00
sun3_scsi.h
sun3x_esp.c
[SCSI] sun3x_esp: Convert && to ||
2008-10-23 11:42:19 -05:00
sun_esp.c
sparc: Annotate of_device_id arrays with const or __initdata.
2008-08-31 01:23:17 -07:00
sym53c416.c
[SCSI] Clean up my email address and use a single standard address for everything
2008-12-29 11:24:12 -06:00
sym53c416.h
t128.c
[SCSI] NCR5380: Fix bugs and canonicalize irq handler usage
2007-11-25 12:19:26 +02:00
t128.h
tmscsim.c
[SCSI] tmscsim: fix indentation and braces disagreement - add braces
2008-12-29 11:24:14 -06:00
tmscsim.h
u14-34f.c
block: convert to pos and nr_sectors accessors
2009-05-11 09:50:54 +02:00
ultrastor.c
scsi: fix integer as NULL pointer warnings
2008-04-28 17:31:13 -07:00
ultrastor.h
wd33c93.c
[SCSI] WD33C93: let platform stub override no_sync/fast/dma_mode
2008-04-07 12:19:01 -05:00
wd33c93.h
Spelling fix: explicitly
2007-10-19 23:22:55 +02:00
wd7000.c
[SCSI] Clean up my email address and use a single standard address for everything
2008-12-29 11:24:12 -06:00
zalon.c
[SCSI] zalon: fix oops on attach failure
2009-06-25 11:37:23 -05:00
zorro7xx.c
m68k: zorro7xx needs <asm/amigahw.h>
2007-11-29 09:24:52 -08:00