[kernel] r18844 - in dists/squeeze-security/linux-2.6/debian: . patches/bugfix/all patches/series

[Ben Hutchings]

Author: benh
Date: Wed Mar 14 05:22:01 2012
New Revision: 18844

Log:
cdrom: use copy_to_user() without the underscores (another from 2.6.32.58)

Added:
   dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/cdrom-use-copy_to_user-without-the-underscores.patch
Modified:
   dists/squeeze-security/linux-2.6/debian/changelog
   dists/squeeze-security/linux-2.6/debian/patches/series/41squeeze1

Modified: dists/squeeze-security/linux-2.6/debian/changelog
==============================================================================
--- dists/squeeze-security/linux-2.6/debian/changelog	Wed Mar 14 05:16:49 2012	(r18843)
+++ dists/squeeze-security/linux-2.6/debian/changelog	Wed Mar 14 05:22:01 2012	(r18844)
@@ -17,6 +17,7 @@
   * regset: Prevent null pointer reference on readonly regsets (CVE-2012-1097)
   * eCryptfs: Make truncate path killable
   * eCryptfs: Infinite loop due to overflow in ecryptfs_write()
+  * cdrom: use copy_to_user() without the underscores
 
  -- dann frazier <dannf at debian.org>  Tue, 13 Mar 2012 19:04:18 -0600
 

Added: dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/cdrom-use-copy_to_user-without-the-underscores.patch
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/cdrom-use-copy_to_user-without-the-underscores.patch	Wed Mar 14 05:22:01 2012	(r18844)
@@ -0,0 +1,56 @@
+From 3e9d6c33830beee43dc1b94bdbff41109455fa58 Mon Sep 17 00:00:00 2001
+From: Dan Carpenter <dan.carpenter at oracle.com>
+Date: Mon, 6 Feb 2012 10:20:45 +0100
+Subject: [PATCH] cdrom: use copy_to_user() without the underscores
+
+commit 822bfa51ce44f2c63c300fdb76dc99c4d5a5ca9f upstream.
+
+"nframes" comes from the user and "nframes * CD_FRAMESIZE_RAW" can wrap
+on 32 bit systems.  That would have been ok if we used the same wrapped
+value for the copy, but we use a shifted value.  We should just use the
+checked version of copy_to_user() because it's not going to make a
+difference to the speed.
+
+Signed-off-by: Dan Carpenter <dan.carpenter at oracle.com>
+Signed-off-by: Jens Axboe <axboe at kernel.dk>
+Signed-off-by: Greg Kroah-Hartman <gregkh at linuxfoundation.org>
+---
+ drivers/cdrom/cdrom.c |    8 +-------
+ 1 files changed, 1 insertions(+), 7 deletions(-)
+
+diff --git a/drivers/cdrom/cdrom.c b/drivers/cdrom/cdrom.c
+index 59cccc9..a4592ec 100644
+--- a/drivers/cdrom/cdrom.c
++++ b/drivers/cdrom/cdrom.c
+@@ -2057,11 +2057,6 @@ static int cdrom_read_cdda_old(struct cdrom_device_info *cdi, __u8 __user *ubuf,
+ 	if (!nr)
+ 		return -ENOMEM;
+ 
+-	if (!access_ok(VERIFY_WRITE, ubuf, nframes * CD_FRAMESIZE_RAW)) {
+-		ret = -EFAULT;
+-		goto out;
+-	}
+-
+ 	cgc.data_direction = CGC_DATA_READ;
+ 	while (nframes > 0) {
+ 		if (nr > nframes)
+@@ -2070,7 +2065,7 @@ static int cdrom_read_cdda_old(struct cdrom_device_info *cdi, __u8 __user *ubuf,
+ 		ret = cdrom_read_block(cdi, &cgc, lba, nr, 1, CD_FRAMESIZE_RAW);
+ 		if (ret)
+ 			break;
+-		if (__copy_to_user(ubuf, cgc.buffer, CD_FRAMESIZE_RAW * nr)) {
++		if (copy_to_user(ubuf, cgc.buffer, CD_FRAMESIZE_RAW * nr)) {
+ 			ret = -EFAULT;
+ 			break;
+ 		}
+@@ -2078,7 +2073,6 @@ static int cdrom_read_cdda_old(struct cdrom_device_info *cdi, __u8 __user *ubuf,
+ 		nframes -= nr;
+ 		lba += nr;
+ 	}
+-out:
+ 	kfree(cgc.buffer);
+ 	return ret;
+ }
+-- 
+1.7.9.1
+

Modified: dists/squeeze-security/linux-2.6/debian/patches/series/41squeeze1
==============================================================================
--- dists/squeeze-security/linux-2.6/debian/patches/series/41squeeze1	Wed Mar 14 05:16:49 2012	(r18843)
+++ dists/squeeze-security/linux-2.6/debian/patches/series/41squeeze1	Wed Mar 14 05:22:01 2012	(r18844)
@@ -11,3 +11,4 @@
 + bugfix/all/regset-Prevent-null-pointer-reference-on-readonly-re.patch
 + bugfix/all/eCryptfs-Make-truncate-path-killable.patch
 + bugfix/all/eCryptfs-Infinite-loop-due-to-overflow-in-ecryptfs_w.patch
++ bugfix/all/cdrom-use-copy_to_user-without-the-underscores.patch