OpenCloudOS-Kernel/drivers/misc/mic/host
Sudeep Dutt 3b1cc9b962 misc: mic: fix possible signed underflow (undefined behavior) in userspace API
iovcnt is declared as a signed integer in both the userspace API and
as a local variable in mic_virtio.c. The while() loop in mic_virtio.c
iterates until the local variable iovcnt reaches the value 0. If
userspace passes e.g. INT_MIN as iovcnt field, this loop then appears
to depend on an undefined behavior (signed underflow) to complete.
The fix is to use unsigned integers in both the userspace API and
the local variable.

This issue was reported @ https://lkml.org/lkml/2014/1/10/10

Reported-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Reviewed-by: Ashutosh Dixit <ashutosh.dixit@intel.com>
Signed-off-by: Sudeep Dutt <sudeep.dutt@intel.com>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2014-02-07 15:30:34 -08:00
..
Makefile
mic_boot.c misc: mic: Fix endianness issues. 2013-11-27 11:03:38 -08:00
mic_debugfs.c
mic_device.h Driver core / sysfs patches for 3.14-rc1 2014-01-20 15:49:44 -08:00
mic_fops.c
mic_fops.h
mic_intr.c
mic_intr.h
mic_main.c misc: mic: bug fix for interrupt acknowledgement in MSI/INTx case. 2013-12-10 23:05:52 -08:00
mic_smpt.c
mic_smpt.h
mic_sysfs.c
mic_virtio.c misc: mic: fix possible signed underflow (undefined behavior) in userspace API 2014-02-07 15:30:34 -08:00
mic_virtio.h
mic_x100.c Merge 3.13-rc4 into char-misc-next 2013-12-16 16:11:28 -08:00
mic_x100.h