[kernel] r18844 - in dists/squeeze-security/linux-2.6/debian: . patches/bugfix/all patches/series
Ben Hutchings
benh at alioth.debian.org
Wed Mar 14 05:22:08 UTC 2012
Author: benh
Date: Wed Mar 14 05:22:01 2012
New Revision: 18844
Log:
cdrom: use copy_to_user() without the underscores (another from 2.6.32.58)
Added:
dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/cdrom-use-copy_to_user-without-the-underscores.patch
Modified:
dists/squeeze-security/linux-2.6/debian/changelog
dists/squeeze-security/linux-2.6/debian/patches/series/41squeeze1
Modified: dists/squeeze-security/linux-2.6/debian/changelog
==============================================================================
--- dists/squeeze-security/linux-2.6/debian/changelog Wed Mar 14 05:16:49 2012 (r18843)
+++ dists/squeeze-security/linux-2.6/debian/changelog Wed Mar 14 05:22:01 2012 (r18844)
@@ -17,6 +17,7 @@
* regset: Prevent null pointer reference on readonly regsets (CVE-2012-1097)
* eCryptfs: Make truncate path killable
* eCryptfs: Infinite loop due to overflow in ecryptfs_write()
+ * cdrom: use copy_to_user() without the underscores
-- dann frazier <dannf at debian.org> Tue, 13 Mar 2012 19:04:18 -0600
Added: dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/cdrom-use-copy_to_user-without-the-underscores.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/cdrom-use-copy_to_user-without-the-underscores.patch Wed Mar 14 05:22:01 2012 (r18844)
@@ -0,0 +1,56 @@
+From 3e9d6c33830beee43dc1b94bdbff41109455fa58 Mon Sep 17 00:00:00 2001
+From: Dan Carpenter <dan.carpenter at oracle.com>
+Date: Mon, 6 Feb 2012 10:20:45 +0100
+Subject: [PATCH] cdrom: use copy_to_user() without the underscores
+
+commit 822bfa51ce44f2c63c300fdb76dc99c4d5a5ca9f upstream.
+
+"nframes" comes from the user and "nframes * CD_FRAMESIZE_RAW" can wrap
+on 32 bit systems. That would have been ok if we used the same wrapped
+value for the copy, but we use a shifted value. We should just use the
+checked version of copy_to_user() because it's not going to make a
+difference to the speed.
+
+Signed-off-by: Dan Carpenter <dan.carpenter at oracle.com>
+Signed-off-by: Jens Axboe <axboe at kernel.dk>
+Signed-off-by: Greg Kroah-Hartman <gregkh at linuxfoundation.org>
+---
+ drivers/cdrom/cdrom.c | 8 +-------
+ 1 files changed, 1 insertions(+), 7 deletions(-)
+
+diff --git a/drivers/cdrom/cdrom.c b/drivers/cdrom/cdrom.c
+index 59cccc9..a4592ec 100644
+--- a/drivers/cdrom/cdrom.c
++++ b/drivers/cdrom/cdrom.c
+@@ -2057,11 +2057,6 @@ static int cdrom_read_cdda_old(struct cdrom_device_info *cdi, __u8 __user *ubuf,
+ if (!nr)
+ return -ENOMEM;
+
+- if (!access_ok(VERIFY_WRITE, ubuf, nframes * CD_FRAMESIZE_RAW)) {
+- ret = -EFAULT;
+- goto out;
+- }
+-
+ cgc.data_direction = CGC_DATA_READ;
+ while (nframes > 0) {
+ if (nr > nframes)
+@@ -2070,7 +2065,7 @@ static int cdrom_read_cdda_old(struct cdrom_device_info *cdi, __u8 __user *ubuf,
+ ret = cdrom_read_block(cdi, &cgc, lba, nr, 1, CD_FRAMESIZE_RAW);
+ if (ret)
+ break;
+- if (__copy_to_user(ubuf, cgc.buffer, CD_FRAMESIZE_RAW * nr)) {
++ if (copy_to_user(ubuf, cgc.buffer, CD_FRAMESIZE_RAW * nr)) {
+ ret = -EFAULT;
+ break;
+ }
+@@ -2078,7 +2073,6 @@ static int cdrom_read_cdda_old(struct cdrom_device_info *cdi, __u8 __user *ubuf,
+ nframes -= nr;
+ lba += nr;
+ }
+-out:
+ kfree(cgc.buffer);
+ return ret;
+ }
+--
+1.7.9.1
+
Modified: dists/squeeze-security/linux-2.6/debian/patches/series/41squeeze1
==============================================================================
--- dists/squeeze-security/linux-2.6/debian/patches/series/41squeeze1 Wed Mar 14 05:16:49 2012 (r18843)
+++ dists/squeeze-security/linux-2.6/debian/patches/series/41squeeze1 Wed Mar 14 05:22:01 2012 (r18844)
@@ -11,3 +11,4 @@
+ bugfix/all/regset-Prevent-null-pointer-reference-on-readonly-re.patch
+ bugfix/all/eCryptfs-Make-truncate-path-killable.patch
+ bugfix/all/eCryptfs-Infinite-loop-due-to-overflow-in-ecryptfs_w.patch
++ bugfix/all/cdrom-use-copy_to_user-without-the-underscores.patch
More information about the Kernel-svn-changes
mailing list