armbian/linux
0
0
Fork 0
mirror of https://github.com/armbian/linux.git synced 2026-01-06 10:13:00 -08:00
Code Issues Packages Projects Releases Wiki Activity
Files
fb247af4ccc4b082dbba85d90a42d31fd48affb2
linux/drivers
History
Xi Wang fb247af4cc drm/i915: fix integer overflow in i915_gem_execbuffer2() 
commit ed8cd3b2cd upstream.

On 32-bit systems, a large args->buffer_count from userspace via ioctl
may overflow the allocation size, leading to out-of-bounds access.

This vulnerability was introduced in commit 8408c282 ("drm/i915:
First try a normal large kmalloc for the temporary exec buffers").

Signed-off-by: Xi Wang <xi.wang@gmail.com>
Reviewed-by: Chris Wilson <chris@chris-wilson.co.uk>
Signed-off-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2012-05-07 08:56:33 -07:00
..
accessibility
acpi
ACPICA: Fix to allow region arguments to reference other scopes
2012-04-22 16:21:43 -07:00
amba
ata
pata_legacy: correctly mask recovery field for HT6560B
2012-04-02 09:27:13 -07:00
atm
auxdisplay
base
PM / Driver core: leave runtime PM enabled during system shutdown
2012-03-19 08:57:44 -07:00
bcma
block
cciss: Fix scsi tape io with more than 255 scatter gather elements
2012-04-22 16:21:24 -07:00
bluetooth
Bluetooth: Add support for Atheros [04ca:3005]
2012-04-27 09:51:09 -07:00
cdrom
cdrom: use copy_to_user() without the underscores
2012-02-29 16:34:35 -08:00
char
TPM: Zero buffer after copying to userspace
2011-10-03 11:40:58 -07:00
clk
clocksource
connector
cpufreq
powernow-k8: Fix indexing issue
2012-02-13 11:06:13 -08:00
cpuidle
crypto
crypto: mv_cesa - fix final callback not ignoring input data
2012-03-12 10:32:56 -07:00
dca
dio
dma
dmaengine: at_hdmac: remove clear-on-read in atc_dostart()
2012-05-07 08:56:33 -07:00
edac
i7core_edac: fixed typo in error count calculation
2011-08-29 13:29:06 -07:00
eisa
firewire
firewire: ohci: fix too-early completion of IR multichannel buffers
2012-04-02 09:27:13 -07:00
firmware
ibft: Fix finding IBFT ACPI table on UEFI
2011-12-21 12:57:45 -08:00
gpio
gpio/pca953x: Fix warning of enabled interrupts in handler
2012-02-20 12:48:11 -08:00
gpu
drm/i915: fix integer overflow in i915_gem_execbuffer2()
2012-05-07 08:56:33 -07:00
hid
HID: add more hotkeys in Asus AIO keyboards
2012-04-02 09:27:12 -07:00
hwmon
hwmon: (fam15h_power) Fix pci_device_id array
2012-05-07 08:56:33 -07:00
hwspinlock
hwspinlock/core: use a mutex to protect the radix tree
2011-11-11 09:36:31 -08:00
i2c
i2c-algo-bit: Fix spurious SCL timeouts under heavy load
2012-03-19 08:57:59 -07:00
ide
block: add and use scsi_blk_cmd_ioctl
2012-01-25 17:24:54 -08:00
idle
intel_idle: fix API misuse
2012-01-25 17:24:56 -08:00
ieee802154
infiniband
IB/iser: Post initial receive buffers before sending the final login request
2012-04-02 09:27:10 -07:00
input
Input: ALPS - fix touchpad detection when buttons are pressed
2012-03-12 10:33:00 -07:00
isdn
net: Audit drivers to identify those needing IFF_TX_SKB_SHARING cleared
2011-08-15 18:31:38 -07:00
leds
Revert "leds: save the delay values after a successful call to blink_set()"
2011-11-21 14:31:19 -08:00
lguest
macintosh
mca
md
md/bitmap: prevent bitmap_daemon_work running while initialising bitmap
2012-04-22 16:21:44 -07:00
media
media: rc-core: set mode for winbond-cir
2012-04-27 09:51:06 -07:00
memstick
message
mfd
mfd: Clear twl6030 IRQ status register only once
2012-04-13 08:14:08 -07:00
misc
pch_phub: Improve ADE(Address Decode Enable) control
2012-04-22 16:21:42 -07:00
mmc
mmc: atmel-mci: correct data timeout computation
2012-04-13 08:14:07 -07:00
mtd
mtd: m25p80: set writebufsize
2012-04-13 08:14:05 -07:00
net
ksz884x: don't copy too much in netdev_set_mac_address()
2012-04-27 09:51:21 -07:00
nfc
nubus
of
oprofile
oprofile: Fix uninitialized memory access when writing to writing to oprofilefs
2012-01-06 14:13:51 -08:00
parisc
parport
pci
PCI: Add quirk for still enabled interrupts on Intel Sandy Bridge GPUs
2012-04-27 09:51:08 -07:00
pcmcia
pcmcia: fix socket refcount decrementing on each resume
2012-02-13 11:06:10 -08:00
platform
acer-wmi: No wifi rfkill on Sony machines
2012-04-13 08:14:08 -07:00
pnp
PNPACPI: Fix device ref leaking in acpi_pnp_match
2012-04-13 08:14:05 -07:00
power
drivers/power/ds2780_battery.c: fix deadlock upon insertion and removal
2011-11-11 09:36:32 -08:00
pps
ps3
ptp
ptp: Fix clock_getres() implementation
2011-12-21 12:57:36 -08:00
rapidio
rapidio: fix use of non-compatible registers
2011-10-03 11:39:46 -07:00
regulator
regulator: Fix setting selector in tps6524x set_voltage function
2012-03-19 08:57:58 -07:00
rtc
drivers/rtc/rtc-pl031.c: enable clock on all ST variants
2012-04-22 16:21:23 -07:00
s390
compat: Re-add missing asm/compat.h include to fix compile breakage on s390
2012-03-19 08:57:59 -07:00
sbus
scsi
osd_uld: Bump MAX_OSD_DEVICES from 64 to 1,048,576
2012-03-12 10:32:57 -07:00
sfi
sh
sn
spi
spi: Fix device unregistration when unregistering the bus master
2012-04-27 09:51:09 -07:00
ssb
ssb: fix init regression with SoCs
2012-01-06 14:13:48 -08:00
staging
staging: iio: hmc5843: Fix crash in probe function.
2012-04-22 16:21:23 -07:00
target
target: Fix 16-bit target ports for SET TARGET PORT GROUPS emulation
2012-04-02 09:27:12 -07:00
tc
telephony
thermal
tty
drivers/tty/amiserial.c: add missing tty_unlock
2012-04-27 09:51:07 -07:00
uio
usb
usb: musb: omap: fix the error check for pm_runtime_get_sync
2012-04-27 09:51:08 -07:00
uwb
uwb: fix error handling
2012-04-27 09:51:06 -07:00
vhost
video
video:uvesafb: Fix oops that uvesafb try to execute NX-protected page
2012-04-22 16:21:24 -07:00
virtio
virtio-pci: fix use after free
2011-11-21 14:31:14 -08:00
vlynq
w1
drivers/power/ds2780_battery.c: add a nolock function to w1 interface
2011-11-11 09:36:32 -08:00
watchdog
watchdog: hpwdt: clean up set_memory_x call for 32 bit
2012-03-12 10:32:40 -07:00
xen
xen/xenbus: Add quirk to deal with misconfigured backends.
2012-04-27 09:51:05 -07:00
zorro
zorro: Defer device_register() until all devices have been identified
2011-10-03 11:40:57 -07:00
Kconfig
Makefile