1
linux/arch/arm/kernel
Dan Rosenberg 0f22072ab5 ARM: 6891/1: prevent heap corruption in OABI semtimedop
When CONFIG_OABI_COMPAT is set, the wrapper for semtimedop does not
bound the nsops argument.  A sufficiently large value will cause an
integer overflow in allocation size, followed by copying too much data
into the allocated buffer.  Fix this by restricting nsops to SEMOPM.
Untested.

Cc: stable@kernel.org
Signed-off-by: Dan Rosenberg <drosenberg@vsecurity.com>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
2011-04-29 15:53:14 +01:00
..
.gitignore
armksyms.c Merge branch 'p2v' into devel 2011-03-16 23:35:27 +00:00
arthur.c
asm-offsets.c ARM: pm: add generic CPU suspend/resume support 2011-02-22 17:11:23 +00:00
atags.c
atags.h
bios32.c arm: bios32: Remove non exisiting machine code 2011-03-29 14:47:50 +02:00
calls.S ARM: Add new syscalls 2011-04-15 13:26:40 +01:00
compat.c ARM: deprecate support for old way to pass kernel parameters 2010-07-07 16:38:36 +02:00
compat.h ARM: deprecate support for old way to pass kernel parameters 2010-07-07 16:38:36 +02:00
crash_dump.c crash_dump: export is_kdump_kernel to modules, consolidate elfcorehdr_addr, setup_elfcorehdr and saved_max_pfn 2011-03-23 19:47:19 -07:00
crunch-bits.S
crunch.c ARM: Convert VFP/Crunch/XscaleCP thread_release() to exit_thread() 2009-12-18 14:53:41 +00:00
debug.S ARM: 6826/1: Merge v6 and v7 DEBUG_LL DCC support 2011-03-28 19:01:43 +01:00
dma-isa.c ARM: dma-isa: request cascade channel after registering it 2009-12-24 18:34:08 +00:00
dma.c ARM: dma: add /proc/dma support to arch/arm/kernel/dma.c 2010-04-14 13:13:30 +01:00
early_printk.c ARM: Add an earlyprintk debug console 2009-12-09 10:02:18 +00:00
ecard.c arm: Fold irq_set_chip/irq_set_handler 2011-03-29 14:47:58 +02:00
ecard.h
elf.c ARM: 6878/1: fix personality flag propagation across an exec 2011-04-14 09:15:24 +01:00
entry-armv.S ARM: move cache/processor/fault glue to separate include files 2011-02-12 11:52:21 +00:00
entry-common.S Merge branch 'clksrc' into devel 2011-01-05 18:09:03 +00:00
entry-header.S ARM: v6k: select clear exclusive code seqences according to V6 variants 2011-02-02 21:23:28 +00:00
etm.c ARM: 6838/1: etm: fix section mismatch warning 2011-03-28 19:01:17 +01:00
fiq.c Merge branch 'smp' into misc 2011-01-06 22:32:03 +00:00
ftrace.c ARM: ftrace: graph tracer + dynamic ftrace 2010-11-19 21:43:27 +05:30
head-common.S ARM: Defer lookup of machine_type to setup.c 2011-02-15 16:36:44 +00:00
head-nommu.S ARM: Defer lookup of machine_type to setup.c 2011-02-15 16:36:44 +00:00
head.S Merge branch 'p2v' into devel 2011-03-16 23:35:27 +00:00
hw_breakpoint.c ARM: 6864/1: hw_breakpoint: clear DBGVCR out of reset 2011-04-10 21:13:35 +01:00
init_task.c
io.c
irq.c arm: Use generic show_interrupts() 2011-03-29 14:47:57 +02:00
isa.c
iwmmxt.S ARM: pxa: add iwmmx support for PJ4 2010-12-20 23:07:36 +08:00
kgdb.c kgdb,arm: fix register dump 2010-10-29 13:14:40 -05:00
kprobes-decode.c ARM: kprobes: Tidy-up kprobes-decode.c 2011-04-28 23:41:01 -04:00
kprobes.c ARM: kprobes: Fix probing of conditionally executed instructions 2011-04-28 23:40:54 -04:00
leds.c ARM: move LED support code out of arch/arm/kernel/time.c 2010-02-15 21:39:12 +00:00
machine_kexec.c [ARM] add machine-specific hook to machine_kexec 2011-03-03 16:26:55 -05:00
Makefile ARM: Make consolidated PM sleep code depend on PM_SLEEP 2011-04-02 10:08:55 +01:00
module.c Merge branch 'p2v' into devel 2011-03-16 23:35:27 +00:00
perf_event_v6.c ARM: 6835/1: perf: ensure overflows aren't missed due to IRQ latency 2011-03-26 10:06:09 +00:00
perf_event_v7.c ARM: 6835/1: perf: ensure overflows aren't missed due to IRQ latency 2011-03-26 10:06:09 +00:00
perf_event_xscale.c ARM: 6835/1: perf: ensure overflows aren't missed due to IRQ latency 2011-03-26 10:06:09 +00:00
perf_event.c ARM: 6884/1: Fix infinite loop in ARM user perf_event backtrace code 2011-04-27 22:02:46 +01:00
pj4-cp0.c ARM: pxa: add iwmmx support for PJ4 2010-12-20 23:07:36 +08:00
pmu.c ARM: 6742/1: pmu: avoid setting IRQ affinity on UP systems 2011-02-19 11:24:05 +00:00
process.c ARM: 6867/1: Introduce THREAD_NOTIFY_COPY for copy_thread() hooks 2011-04-10 21:13:36 +01:00
ptrace.c Merge branch 'misc' into devel 2011-03-16 23:35:25 +00:00
relocate_kernel.S ARM: 6497/1: kexec: Correct data alignment for CONFIG_THUMB2_KERNEL 2010-11-30 13:44:23 +00:00
return_address.c ARM: fix some sparse errors in generic ARM code 2011-02-23 17:24:12 +00:00
sched_clock.c ARM: sched_clock: make minsec argument to clocks_calc_mult_shift() zero 2011-01-11 16:44:02 +00:00
setup.c Merge branch 'devel' of master.kernel.org:/home/rmk/linux-2.6-arm 2011-03-23 20:37:26 -07:00
signal.c Merge branch 'misc' into devel 2011-03-16 23:35:25 +00:00
signal.h
sleep.S ARM: 6825/1: kernel/sleep.S: fix Thumb2 compilation issues 2011-03-26 10:06:08 +00:00
smp_scu.c ARM: pm: add function to set WFI low-power mode for SMP CPUs 2011-02-11 12:29:18 +00:00
smp_tlb.c ARM: SMP: split out software TLB maintainence broadcasting 2010-12-20 15:09:17 +00:00
smp_twd.c ARM: twd: ensure timer reload is reprogrammed on entry to periodic mode 2011-01-25 21:17:58 +00:00
smp.c ARM: 6887/1: Mark broadcast_timer_setup() __cpuinit 2011-04-27 22:02:47 +01:00
stacktrace.c ARM: fix /proc/$PID/stack on SMP 2011-01-15 09:27:04 +00:00
swp_emulate.c Fix common misspellings 2011-03-31 11:26:23 -03:00
sys_arm.c Make do_execve() take a const filename pointer 2010-08-17 18:07:43 -07:00
sys_oabi-compat.c ARM: 6891/1: prevent heap corruption in OABI semtimedop 2011-04-29 15:53:14 +01:00
tcm.c ARM: P2V: separate PHYS_OFFSET from platform definitions 2011-02-17 23:26:55 +00:00
tcm.h
thumbee.c
time.c arm: Switch from do_timer() to xtime_update() 2011-01-31 14:55:43 +01:00
traps.c ARM: 6879/1: fix personality test wrt usage of domain handlers 2011-04-14 09:15:25 +01:00
unwind.c ARM: 6468/1: backtrace: fix calculation of thread stack base 2010-11-07 16:12:37 +00:00
vmlinux.lds.S Merge branch 'for-linus' of master.kernel.org:/home/rmk/linux-2.6-arm 2011-03-16 19:03:06 -07:00
xscale-cp0.c ARM: Convert VFP/Crunch/XscaleCP thread_release() to exit_thread() 2009-12-18 14:53:41 +00:00