1
linux/drivers/ide
Christian Engelmayer e18ed145c7 ide: memory overrun in ide_get_identity_ioctl() on big endian machines using ioctl HDIO_OBSOLETE_IDENTITY
This patch fixes a memory overrun in function ide_get_identity_ioctl() which
chooses the size of a memory buffer depending on the ioctl command that led
to the function call, however, passes that buffer to a function which needs the
buffer size to be always chosen unconditionally.

Due to conditional compilation the memory overrun can only happen on big endian
machines. The error can be triggered using ioctl HDIO_OBSOLETE_IDENTITY. Usage
of ioctl HDIO_GET_IDENTITY is safe.

Signed-off-by: Christian Engelmayer <christian.engelmayer@frequentis.com>
Acked-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2009-06-29 19:31:41 -07:00
..
aec62xx.c
ali14xx.c
alim15x3.c alim15x3: Remove historical hacks, re-enable init_hwif for PowerPC 2009-04-30 18:38:01 +02:00
amd74xx.c
at91_ide.c ide: IORDY handling fixes 2009-06-15 18:52:53 +02:00
atiixp.c
au1xxx-ide.c ide: remove hw_regs_t typedef 2009-05-17 19:12:25 +02:00
buddha.c ide: move ack_intr() method into 'struct ide_port_ops' (take 2) 2009-06-15 18:52:58 +02:00
cmd64x.c ide cmd64x: Remove serialize setting. 2009-06-21 22:48:03 -07:00
cmd640.c cmd640: implement test_irq() method 2009-06-15 18:52:58 +02:00
cs5520.c ide cs5520: Initialize second port's interrupt number. 2009-06-24 02:36:17 -07:00
cs5530.c
cs5535.c
cs5536.c ide: do not access ide_drive_t 'drive_data' field directly 2009-06-15 22:13:44 +02:00
cy82c693.c
delkin_cb.c ide: remove hw_regs_t typedef 2009-05-17 19:12:25 +02:00
dtc2278.c
falconide.c ide: move ack_intr() method into 'struct ide_port_ops' (take 2) 2009-06-15 18:52:58 +02:00
gayle.c ide: move ack_intr() method into 'struct ide_port_ops' (take 2) 2009-06-15 18:52:58 +02:00
hpt366.c ide: add IDE_DFLAG_NIEN_QUIRK device flag 2009-06-07 15:37:10 +02:00
ht6560b.c ide: do not access ide_drive_t 'drive_data' field directly 2009-06-15 22:13:44 +02:00
icside.c ide: do not access ide_drive_t 'drive_data' field directly 2009-06-15 22:13:44 +02:00
ide_platform.c ide: remove driver_data direct access of struct device 2009-06-15 21:30:26 -07:00
ide-4drives.c ide: remove hw_regs_t typedef 2009-05-17 19:12:25 +02:00
ide-acpi.c ide: fix resume for CONFIG_BLK_DEV_IDEACPI=y 2009-06-29 19:20:42 -07:00
ide-atapi.c Merge branch 'for-2.6.31' of git://git.kernel.org/pub/scm/linux/kernel/git/bart/ide-2.6 2009-06-20 10:11:11 -07:00
ide-cd_ioctl.c
ide-cd_verbose.c
ide-cd.c ide-cd: handle fragmented packet commands gracefully 2009-06-26 11:22:37 -07:00
ide-cd.h ide-cd: convert to using generic sense request 2009-04-28 07:37:30 +02:00
ide-cs.c ide: remove hw_regs_t typedef 2009-05-17 19:12:25 +02:00
ide-devsets.c ide: always kill the whole request on error 2009-06-25 23:57:16 -07:00
ide-disk_ioctl.c
ide-disk_proc.c
ide-disk.c ide: BUG() on unknown requests 2009-06-15 22:16:10 +02:00
ide-disk.h
ide-dma-sff.c
ide-dma.c ide: relax DMA info validity checking 2009-06-24 00:32:32 -07:00
ide-eh.c ide: always kill the whole request on error 2009-06-25 23:57:16 -07:00
ide-floppy_ioctl.c ide-atapi: remove pc->buf 2009-05-15 06:44:38 +02:00
ide-floppy_proc.c
ide-floppy.c ide: always kill the whole request on error 2009-06-25 23:57:16 -07:00
ide-floppy.h
ide-gd.c ide-gd: implement block device ->set_capacity method (v2) 2009-06-07 13:52:52 +02:00
ide-gd.h
ide-generic.c ide: remove hw_regs_t typedef 2009-05-17 19:12:25 +02:00
ide-h8300.c ide: remove hw_regs_t typedef 2009-05-17 19:12:25 +02:00
ide-io-std.c
ide-io.c ide: always kill the whole request on error 2009-06-25 23:57:16 -07:00
ide-ioctls.c ide: memory overrun in ide_get_identity_ioctl() on big endian machines using ioctl HDIO_OBSOLETE_IDENTITY 2009-06-29 19:31:41 -07:00
ide-iops.c ide: add QUANTUM FIREBALLct20 30 with firmware APL.090 to ivb_list[] 2009-06-24 00:32:32 -07:00
ide-legacy.c ide: remove hw_regs_t typedef 2009-05-17 19:12:25 +02:00
ide-lib.c Merge branch 'master' into for-2.6.31 2009-05-22 20:28:35 +02:00
ide-park.c ide: use blk_run_queue() instead of blk_start_queueing() 2009-04-28 07:37:28 +02:00
ide-pci-generic.c ide_pci_generic: add quirk for Netcell ATA RAID 2009-05-30 20:06:54 +02:00
ide-pio-blacklist.c
ide-pm.c ide: fix resume for CONFIG_BLK_DEV_IDEACPI=y 2009-06-29 19:20:42 -07:00
ide-pnp.c ide: remove hw_regs_t typedef 2009-05-17 19:12:25 +02:00
ide-probe.c ide: fix handling of unexpected IRQs vs request_irq() 2009-06-24 00:32:30 -07:00
ide-proc.c
ide-scan-pci.c
ide-sysfs.c
ide-tape.c ide: BUG() on unknown requests 2009-06-15 22:16:10 +02:00
ide-taskfile.c Merge branch 'for-2.6.31' of git://git.kernel.org/pub/scm/linux/kernel/git/bart/ide-2.6 2009-06-12 09:29:42 -07:00
ide-timings.c
ide-xfer-mode.c ide: don't enable IORDY at a probe time 2009-06-15 18:52:54 +02:00
ide.c ide: preserve Host Protected Area by default (v2) 2009-06-07 13:52:52 +02:00
it821x.c
it8172.c ide: IORDY handling fixes 2009-06-15 18:52:53 +02:00
it8213.c ide: IORDY handling fixes 2009-06-15 18:52:53 +02:00
jmicron.c
Kconfig trivial: Kconfig: .ko is normally not included in module names 2009-06-12 18:01:50 +02:00
macide.c ide: move ack_intr() method into 'struct ide_port_ops' (take 2) 2009-06-15 18:52:58 +02:00
Makefile
ns87415.c
opti621.c ide: do not access ide_drive_t 'drive_data' field directly 2009-06-15 22:13:44 +02:00
palm_bk3710.c ide: remove hw_regs_t typedef 2009-05-17 19:12:25 +02:00
pdc202xx_new.c ide: respect quirk_drives[] list on all controllers 2009-06-07 15:37:09 +02:00
pdc202xx_old.c pdc202xx_old: implement test_irq() method (take 2) 2009-06-15 18:52:59 +02:00
piix.c ide: IORDY handling fixes 2009-06-15 18:52:53 +02:00
pmac.c ide: remove hw_regs_t typedef 2009-05-17 19:12:25 +02:00
q40ide.c ide: move ack_intr() method into 'struct ide_port_ops' (take 2) 2009-06-15 18:52:58 +02:00
qd65xx.c ide: do not access ide_drive_t 'drive_data' field directly 2009-06-15 22:13:44 +02:00
qd65xx.h ide: do not access ide_drive_t 'drive_data' field directly 2009-06-15 22:13:44 +02:00
rapide.c ide: remove hw_regs_t typedef 2009-05-17 19:12:25 +02:00
rz1000.c
sc1200.c
scc_pata.c ide: remove hw_regs_t typedef 2009-05-17 19:12:25 +02:00
serverworks.c
setup-pci.c ide: re-implement ide_pci_init_one() on top of ide_pci_init_two() 2009-06-10 14:37:21 +02:00
sgiioc4.c sgiioc4: coding style cleanup 2009-06-15 18:52:55 +02:00
siimage.c siimage: implement test_irq() method 2009-06-15 18:53:00 +02:00
sis5513.c
sl82c105.c ide: do not access ide_drive_t 'drive_data' field directly 2009-06-15 22:13:44 +02:00
slc90e66.c ide: IORDY handling fixes 2009-06-15 18:52:53 +02:00
tc86c001.c ide: convert to rq pos and nr_sectors accessors 2009-05-11 09:50:54 +02:00
triflex.c
trm290.c
tx4938ide.c ide: remove hw_regs_t typedef 2009-05-17 19:12:25 +02:00
tx4939ide.c Merge branch 'for-2.6.31' of git://git.kernel.org/pub/scm/linux/kernel/git/bart/ide-2.6 2009-06-12 09:29:42 -07:00
umc8672.c
via82cxxx.c via82cxxx: Add VIA VX855 PCI Device ID 2009-05-22 16:23:39 +02:00