1. 17 May, 2005 4 commits
    • Peter Osterlund's avatar
      [PATCH] Fix root hole in pktcdvd · 118326e9
      Peter Osterlund authored
      ioctl_by_bdev may only be used INSIDE the kernel.  If the "arg" argument
      refers to memory that is accessed by put_user/get_user in the ioctl
      function, the memory needs to be in the kernel address space (that's the
      set_fs(KERNEL_DS) doing in the ioctl_by_bdev).  This works on i386 because
      even with set_fs(KERNEL_DS) the user space memory is still accessible with
      put_user/get_user.  That is not true for s390.  In short the ioctl
      implementation of the pktcdvd device driver is horribly broken.
      Signed-off-by: default avatarPeter Osterlund <petero2@telia.com>
      Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
      118326e9
    • Stephen Tweedie's avatar
      [PATCH] Fix root hole in raw device · 68f66feb
      Stephen Tweedie authored
      [Patch] Fix raw device ioctl pass-through
      
      Raw character devices are supposed to pass ioctls through to the block
      devices they are bound to.  Unfortunately, they are using the wrong
      function for this: ioctl_by_bdev(), instead of blkdev_ioctl().
      
      ioctl_by_bdev() performs a set_fs(KERNEL_DS) before calling the ioctl,
      redirecting the user-space buffer access to the kernel address space.
      This is, needless to say, a bad thing.
      
      This was noticed first on s390, where raw IO was non-functioning.  The
      s390 driver config does not actually allow raw IO to be enabled, which
      was the first part of the problem.  Secondly, the s390 kernel address
      space is distinct from user, causing legal raw ioctls to fail.  I've
      reproduced this on a kernel built with 4G:4G split on x86, which fails
      in the same way (-EFAULT if the address does not exist kernel-side;
      returns success without actually populating the user buffer if it does.)
      
      The patch below fixes both the config and address-space problems.  It's
      based closely on a patch by Jan Glauber <jang@de.ibm.com>, which has
      been tested on s390 at IBM.  I've tested it on x86 4G:4G (split address
      space) and x86_64 (common address space).
      
      Kernel-address-space access has been assigned CAN-2005-1264.
      Signed-off-by: default avatarStephen Tweedie <sct@redhat.com>
      Signed-off-by: default avatarDave Jones <davej@redhat.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
      68f66feb
    • Greg Kroah-Hartman's avatar
      [PATCH] fix Linux kernel ELF core dump privilege elevation · a84a5059
      Greg Kroah-Hartman authored
      As reported by Paul Starzetz <ihaquer@isec.pl>
      
      Reference: CAN-2005-1263
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
      a84a5059
    • Linus Torvalds's avatar
  2. 16 May, 2005 7 commits
  3. 12 May, 2005 4 commits
  4. 10 May, 2005 6 commits
  5. 09 May, 2005 2 commits
  6. 08 May, 2005 1 commit
    • Pierre Ossman's avatar
      [PATCH] MMC: wbsd update · 85bcc130
      Pierre Ossman authored
      Updates to the wbsd driver.
                                                                                      
      * Fix to handle DAT3 card detection.
      * Fixed bug which could cause large writes to stall in FIFO mode.
      * Plug 'n Play support. In most cases you need ACPI PNP for this to work.
      * Uses generic DMA API (ISA dependency removed).
      85bcc130
  7. 07 May, 2005 16 commits