linux

mirror of https://github.com/torvalds/linux synced 2024-10-27 21:59:21 +00:00

History

Vasant Hegde a94a14720e powerpc/rtas_flash: Fix validate_flash buffer overflow issue ibm,validate-flash-image RTAS call output buffer contains 150 - 200 bytes of data on latest system. Presently we have output buffer size as 64 bytes and we use sprintf to copy data from RTAS buffer to local buffer. This causes kernel oops (see below call trace). This patch increases local buffer size to 256 and also uses snprintf instead of sprintf to copy data from RTAS buffer. Kernel call trace : ------------------- Oops: Kernel access of bad area, sig: 11 [#1] SMP NR_CPUS=1024 NUMA pSeries Modules linked in: nfs fscache lockd auth_rpcgss nfs_acl sunrpc fuse loop dm_mod ipv6 ipv6_lib usb_storage ehea(X) sr_mod qlge ses cdrom enclosure st be2net sg ext3 jbd mbcache usbhid hid ohci_hcd ehci_hcd usbcore qla2xxx usb_common sd_mod crc_t10dif scsi_dh_hp_sw scsi_dh_rdac scsi_dh_alua scsi_dh_emc scsi_dh lpfc scsi_transport_fc scsi_tgt ipr(X) libata scsi_mod Supported: Yes NIP: 4520323031333130 LR: 4520323031333130 CTR: 0000000000000000 REGS: c0000001b91779b0 TRAP: 0400 Tainted: G X (3.0.13-0.27-ppc64) MSR: 8000000040009032 <EE,ME,IR,DR> CR: 44022488 XER: 20000018 TASK = c0000001bca1aba0[4736] 'cat' THREAD: c0000001b9174000 CPU: 36 GPR00: 4520323031333130 c0000001b9177c30 c000000000f87c98 000000000000009b GPR04: c0000001b9177c4a 000000000000000b 3520323031333130 2032303133313031 GPR08: 3133313031350a4d 000000000000009b 0000000000000000 c0000000003664a4 GPR12: 0000000022022448 c000000003ee6c00 0000000000000002 00000000100e8a90 GPR16: 00000000100cb9d8 0000000010093370 000000001001d310 0000000000000000 GPR20: 0000000000008000 00000000100fae60 000000000000005e 0000000000000000 GPR24: 0000000010129350 46573738302e3030 2046573738302e30 300a4d4720323031 GPR28: 333130313520554e 4b4e4f574e0a4d47 2032303133313031 3520323031333130 NIP [4520323031333130] 0x4520323031333130 LR [4520323031333130] 0x4520323031333130 Call Trace: [c0000001b9177c30] [4520323031333130] 0x4520323031333130 (unreliable) Instruction dump: XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX Signed-off-by: Vasant Hegde <hegdevasant@linux.vnet.ibm.com> Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>		2013-05-14 14:36:26 +10:00
..
alpha	Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs	2013-05-01 17:51:54 -07:00
arc	arc, print-fatal-signals: reduce duplicated information	2013-04-30 17:04:02 -07:00
arm	Merge tag 'kvm-3.10-1' of git://git.kernel.org/pub/scm/virt/kvm/kvm	2013-05-05 14:47:31 -07:00
arm64	Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/signal	2013-05-01 07:21:43 -07:00
avr32	MMC highlights for 3.10:	2013-05-04 13:45:17 -07:00
blackfin	We get rid of the general module prefix confusion with a binary config option,	2013-05-05 10:58:06 -07:00
c6x	dump_stack: unify debug information printed by show_regs()	2013-04-30 17:04:02 -07:00
cris	cris: single_open() leaks	2013-05-05 00:07:52 -04:00
frv	Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next	2013-05-01 14:08:52 -07:00
h8300	We get rid of the general module prefix confusion with a binary config option,	2013-05-05 10:58:06 -07:00
hexagon	Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rkuo/linux-hexagon-kernel	2013-05-01 07:43:05 -07:00
ia64	Merge tag 'kvm-3.10-1' of git://git.kernel.org/pub/scm/virt/kvm/kvm	2013-05-05 14:47:31 -07:00
m32r	Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next	2013-05-01 14:08:52 -07:00
m68k	Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/signal	2013-05-01 07:21:43 -07:00
metag	We get rid of the general module prefix confusion with a binary config option,	2013-05-05 10:58:06 -07:00
microblaze	Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/signal	2013-05-01 07:21:43 -07:00
mips	mips: single_open() leaks	2013-05-05 00:10:21 -04:00
mn10300	Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next	2013-05-01 14:08:52 -07:00
openrisc	Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rkuo/linux-hexagon-kernel	2013-05-01 07:43:05 -07:00
parisc	parisc: single_open() leaks	2013-05-05 00:10:41 -04:00
powerpc	powerpc/rtas_flash: Fix validate_flash buffer overflow issue	2013-05-14 14:36:26 +10:00
s390	Merge tag 'kvm-3.10-1' of git://git.kernel.org/pub/scm/virt/kvm/kvm	2013-05-05 14:47:31 -07:00
score	Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs	2013-05-01 17:51:54 -07:00
sh	sh: single_open() leaks	2013-05-05 00:11:01 -04:00
sparc	Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc	2013-05-04 18:34:13 -07:00
tile	Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs	2013-05-01 17:51:54 -07:00
um	Merge branch 'timers-nohz-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip	2013-05-05 13:23:27 -07:00
unicore32	Merge branch 'akpm' (incoming from Andrew)	2013-04-30 17:37:43 -07:00
x86	Merge tag 'kvm-3.10-1' of git://git.kernel.org/pub/scm/virt/kvm/kvm	2013-05-05 14:47:31 -07:00
xtensa	xtensa simdisk: fix braino in "xtensa simdisk: switch to proc_create_data()"	2013-05-04 16:02:42 -04:00
.gitignore
Kconfig	We get rid of the general module prefix confusion with a binary config option,	2013-05-05 10:58:06 -07:00