linux-hardened/drivers/md
NeilBrown e0ee778528 md/raid10: fix problem with on-stack allocation of r10bio structure.
A 'struct r10bio' has an array of per-copy information at the end.
This array is declared with size [0] and r10bio_pool_alloc allocates
enough extra space to store the per-copy information depending on the
number of copies needed.

So declaring a 'struct r10bio on the stack isn't going to work.  It
won't allocate enough space, and memory corruption will ensue.

So in the two places where this is done, declare a sufficiently large
structure and use that instead.

The two call-sites of this bug were introduced in 3.4 and 3.5
so this is suitable for both those kernels.  The patch will have to
be modified for 3.4 as it only has one bug.

Cc: stable@vger.kernel.org
Reported-by: Ivan Vasilyev <ivan.vasilyev@gmail.com>
Tested-by: Ivan Vasilyev <ivan.vasilyev@gmail.com>
Signed-off-by: NeilBrown <neilb@suse.de>
2012-08-18 09:51:42 +10:00
..
persistent-data dm persistent data: introduce dm_bm_set_read_only 2012-07-27 15:08:15 +01:00
bitmap.c md/raid1: submit IO from originating thread instead of md thread. 2012-08-02 08:33:20 +10:00
bitmap.h md/bitmap: record the space available for the bitmap in the superblock. 2012-05-22 13:55:34 +10:00
dm-bio-record.h dm: preserve bi_io_vec when resubmitting bios 2009-04-02 19:55:23 +01:00
dm-bufio.c dm bufio: prefetch 2012-03-28 18:41:29 +01:00
dm-bufio.h dm bufio: prefetch 2012-03-28 18:41:29 +01:00
dm-crypt.c dm thin: commit before gathering status 2012-07-27 15:08:16 +01:00
dm-delay.c dm thin: commit before gathering status 2012-07-27 15:08:16 +01:00
dm-exception-store.c dm: replace simple_strtoul 2012-07-27 15:07:59 +01:00
dm-exception-store.h dm snapshot: test chunk size against both origin and snapshot 2010-08-12 04:13:51 +01:00
dm-flakey.c dm thin: commit before gathering status 2012-07-27 15:08:16 +01:00
dm-io.c dm io: fix discard support 2012-03-07 19:09:37 +00:00
dm-ioctl.c dm thin: commit before gathering status 2012-07-27 15:08:16 +01:00
dm-kcopyd.c dm kcopyd: add dm_kcopyd_zero to zero an area 2011-10-31 20:18:58 +00:00
dm-linear.c dm thin: commit before gathering status 2012-07-27 15:08:16 +01:00
dm-log-userspace-base.c Merge branch 'modsplit-Oct31_2011' of git://git.kernel.org/pub/scm/linux/kernel/git/paulg/linux 2011-11-06 19:44:47 -08:00
dm-log-userspace-transfer.c connector/userns: replace netlink uses of cap_raised() with capable() 2012-05-10 23:21:39 -04:00
dm-log-userspace-transfer.h dm log: userspace add luid to distinguish between concurrent log instances 2009-09-04 20:40:34 +01:00
dm-log.c dm: use memweight() 2012-07-30 17:25:16 -07:00
dm-mpath.c dm thin: commit before gathering status 2012-07-27 15:08:16 +01:00
dm-mpath.h dm mpath: remove is_active from struct dm_path 2008-10-10 13:36:58 +01:00
dm-path-selector.c md: Add module.h to all files using it implicitly 2011-10-31 19:31:18 -04:00
dm-path-selector.h dm mpath: add start_io and nr_bytes to path selectors 2009-06-22 10:12:27 +01:00
dm-queue-length.c dm: reject trailing characters in sccanf input 2012-03-28 18:41:26 +01:00
dm-raid.c Merge branch 'for-next' of git://neil.brown.name/md 2012-08-01 09:02:01 -07:00
dm-raid1.c dm thin: commit before gathering status 2012-07-27 15:08:16 +01:00
dm-region-hash.c dm raid1: fix crash with mirror recovery and discard 2012-07-20 14:25:03 +01:00
dm-round-robin.c dm: reject trailing characters in sccanf input 2012-03-28 18:41:26 +01:00
dm-service-time.c dm: reject trailing characters in sccanf input 2012-03-28 18:41:26 +01:00
dm-snap-persistent.c md: Add in export.h for files using EXPORT_SYMBOL 2011-10-31 19:31:19 -04:00
dm-snap-transient.c md: Add in export.h for files using EXPORT_SYMBOL 2011-10-31 19:31:19 -04:00
dm-snap.c dm thin: commit before gathering status 2012-07-27 15:08:16 +01:00
dm-stripe.c dm thin: commit before gathering status 2012-07-27 15:08:16 +01:00
dm-sysfs.c Driver core: Constify struct sysfs_ops in struct kobj_type 2010-03-07 17:04:49 -08:00
dm-table.c dm: allow targets to request flushes regardless of underlying device support 2012-07-27 15:08:07 +01:00
dm-target.c dm: error return error for discards 2010-08-12 04:14:14 +01:00
dm-thin-metadata.c dm thin metadata: introduce dm_pool_abort_metadata 2012-07-27 15:08:15 +01:00
dm-thin-metadata.h dm thin metadata: introduce dm_pool_abort_metadata 2012-07-27 15:08:15 +01:00
dm-thin.c dm thin: commit before gathering status 2012-07-27 15:08:16 +01:00
dm-uevent.c md: Add in export.h for files using EXPORT_SYMBOL 2011-10-31 19:31:19 -04:00
dm-uevent.h dm: uevent generate events 2007-10-20 02:01:26 +01:00
dm-verity.c dm thin: commit before gathering status 2012-07-27 15:08:16 +01:00
dm-zero.c dm: zero silently drop discards 2010-08-12 04:14:12 +01:00
dm.c dm: introduce split_discard_requests 2012-07-27 15:08:03 +01:00
dm.h dm thin: commit before gathering status 2012-07-27 15:08:16 +01:00
faulty.c md: tidy up rdev_for_each usage. 2012-03-19 12:46:39 +11:00
Kconfig Additional md update for 3.6 2012-08-02 11:34:40 -07:00
linear.c md/linear: If md_integrity_register() fails, linear_run() must free the mem. 2012-04-02 09:48:37 +10:00
linear.h md/linear: typedef removal: linear_conf_t -> struct linear_conf 2011-10-11 16:48:54 +11:00
Makefile dm: add verity target 2012-03-28 18:43:38 +01:00
md.c md: Don't truncate size at 4TB for RAID0 and Linear 2012-08-16 16:46:12 +10:00
md.h blk: pass from_schedule to non-request unplug functions. 2012-07-31 09:08:15 +02:00
multipath.c md: make 'name' arg to md_register_thread non-optional. 2012-07-03 15:56:52 +10:00
multipath.h md/multipath: typedef removal: multipath_conf_t -> struct mpconf 2011-10-11 16:48:57 +11:00
raid0.c md: Avoid OOPS when reshaping raid1 to raid0 2012-04-03 15:37:26 +10:00
raid0.h md: add proper merge_bvec handling to RAID0 and Linear. 2012-03-19 12:46:39 +11:00
raid1.c Additional md update for 3.6 2012-08-02 11:34:40 -07:00
raid1.h md/raid1: prevent merging too large request 2012-07-31 10:03:53 +10:00
raid5.c Additional md update for 3.6 2012-08-02 11:34:40 -07:00
raid5.h Additional md update for 3.6 2012-08-02 11:34:40 -07:00
raid10.c md/raid10: fix problem with on-stack allocation of r10bio structure. 2012-08-18 09:51:42 +10:00
raid10.h md/raid10: fix problem with on-stack allocation of r10bio structure. 2012-08-18 09:51:42 +10:00